|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
News | HP Operations Manager | Recommended Links | Changing OVcoreid of the node due to mismatch | Undefined certificate state |
Policies | Default Policy Groups | node groups | Humor | Etc |
|
This situation is visible both on the node and from the admin GUI.
The first approach is to trigger new certificate request:
|
Now the agent is running and triggered the certificate request...
The second path is to install it manually
Try re-adding the node to management server with manual certificate
opcnode -del_node node_name=<nodename> net_type=NETWORK_IP
ovc -stopremove all certificates using /opt/OV/bin/ovcert -remove
/opt/OV/bin/ovcoreid -create -force
rm -f /var/opt/OV/tmp/OpC/*
ovc -start
opcnode -chg_id node_name=<nodename> id=<newcoreid from node>
/opt/OV/bin/OpC/opccsacm -issue -name <Managed node name> -coreid <coreid of node> -file/tmp/cert_test -pass <password>
Note: Donot forget the password.
6. Copy the certificate file /tmp/cert_test to the same location in the managed
node.
/opt/OV/bin/ovcert -import -file /tmp/cert_test -pass <password>.Now excecute
/opt/OV/bin/ovcert -updatetrusted
|
Switchboard | ||||
Latest | |||||
Past week | |||||
Past month |
1.Delete the node from management server
opcnode -del_node node_name=<nodename> net_type=NETWORK_IP2.On the node
ovc -stop
remove all certificates using /opt/OV/bin/ovcert -remove
create new coreid
/opt/OV/bin/ovcoreid -create -force
Remove old queues
rm -f /var/opt/OV/tmp/OpC/*
ovc -start3.Add the node in management server using FQDN
4.Change the id of nodein management server
opcnode -chg_id node_name=<nodename> id=<newcoreid from node>5.manually issue certificate
/opt/OV/bin/OpC/opccsacm -issue -name <Managed node name> -coreid <coreid of node> -file/tmp/cert_test -pass <password>
Note: Donot forget the password.6.Copy the certificate file /tmp/cert_test to the same location in the managed node.
7.On the node , import the certificate by executing the below command in the managed node,
/opt/OV/bin/ovcert -import -file /tmp/cert_test -pass <password>.
Now excecute "/opt/OV/bin/ovcert -updatetrusted"
saravanaa Aug 6, 2009 10:58:04 GMT
-------------------------------------------------------------------------------- Hi Experts,
Am facing a critical issue on the communication between the agent and the server.. As work around I just removed the certificates from the OV agent managed node. After this I tried to issue a cert request but it failed. also am not able to start the agent on the managed node.
here is the error in system.txt file...
WRN: Thu Aug 06 04:08:18 2009: ovbbccb (3828/2364): (bbc-90) The incoming HTTPS client connection from host 127.0.0.1 failed due to the SSL error: 1: WRN: Thu Aug 06 04:08:18 2009: ovbbccb (3828/2364): (sec.core-106) Could not get certificate for alias 'dacd7482-ad0e-7530-0c0d-f3391572d6de'. 2: WRN: Thu Aug 06 04:08:18 2009: ovbbccb (3828/2364): (sec.core-25) No certificate for alias 'dacd7482-ad0e-7530-0c0d-f3391572d6de' is installed.
C:\>ovcert -certreq ERROR: (sec.cm.client-133) Could not trigger certificate request. (bbc-71) There is no server process active for address: http:// localhost/com.hp.ov.sec.cm.certificateclient/rpc2/.
C:\>ovc -start
gives no output... the agent version is 8.14
Any help appreciated
Thanks, Sarav
Sort Answers By: Date or Points
rareman Aug 6, 2009 11:15:47 GMT 2 pts
-------------------------------------------------------------------------------- re-install agent
saravanaa Aug 6, 2009 11:41:56 GMT N/A: Question Author
-------------------------------------------------------------------------------- I would like to know what is the issue behind this.... Also looking for any other solution other than Re-install agent.
Thanks, Sarav
Larry Klasmier Aug 6, 2009 11:47:23 GMT 3 pts
-------------------------------------------------------------------------------- What is the output from the following: managed node: ovcoreid ovcert -list ovcert -status
Management node: opcnode -list_id node_list=<managed node>
Larry
saravanaa Aug 6, 2009 11:54:26 GMT N/A: Question Author
-------------------------------------------------------------------------------- C:\>ovcert -status Status: Undefined (Certificate Client could not be contacted).
C:\>ovcoreid dacd7482-ad0e-7530-0c0d-f3391572d6de
C:\>ovcert -list +---------------------------------------------------------+ | Keystore Content | +---------------------------------------------------------+ | Certificates: | +---------------------------------------------------------+ | Trusted Certificates: | +---------------------------------------------------------+
John von Gunten Aug 6, 2009 14:20:55 GMT 6 pts
-------------------------------------------------------------------------------- Make sure that the node can see the certificate server and port 383 is open. Also, do "ovconfchg -edit" to look at the configuration file and make sure that the correct certificate server and coreid are entered. If they aren't, add them (look for proper syntax on other nodes) and restart the agent.
Pat Campbell Aug 6, 2009 18:03:41 GMT 1 pts
-------------------------------------------------------------------------------- what error was returned when you ran "ovcert -certreq" on the managed node?
AsHiSh JoHaRi Aug 6, 2009 19:20:39 GMT 2 pts
-------------------------------------------------------------------------------- /opt/OV/contrib/OpC/opcsystst -a > /tmp/hpout 2>&1
Run this command & Send us the o/p...
AsHiSh JoHaRi Aug 6, 2009 19:22:15 GMT 4 pts
-------------------------------------------------------------------------------- Also analyse the o/p of:--
bash-3.00# /opt/OV/bin/bbcutil -reg
NOTE: Sending query to OV Communication Broker at path: 'https://localhost:383/'
BasePath=/Hewlett-Packard/OpenView/Coda/ Protocol=HTTPS BindAddress=localhost Port=38018 Authentication=NONE BasePath=/com.hp.ov.conf.core/bbcrpcserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=REMOTE BasePath=/com.hp.ov.conf.core/checkpolicy/bbcrpcserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=REMOTE BasePath=/com.hp.ov.ctrl.ovcd/ Protocol=HTTPS BindAddress=localhost Port=37935 Authentication=REMOTE BasePath=/com.hp.ov.depl/bbcfxserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=ALL BasePath=/com.hp.ov.depl/bbcrpcserver/ Protocol=HTTPS BindAddress=localhost Port=37947 Authentication=ALL BasePath=/com.hp.ov.eaagt.actr/ Protocol=HTTPS BindAddress=localhost Port=38020 Authentication=ALL BasePath=/com.hp.ov.eaagt.msga.hbp/ Protocol=HTTPS BindAddress=localhost Port=38023 Authentication=NONE BasePath=/com.hp.ov.sec.cm.certificateclient/msg/ Protocol=HTTPS BindAddress=localhost Port=37931 Authentication=NONE BasePath=/com.hp.ov.sec.cm.certificateclient/rpc1/ Protocol=HTTPS BindAddress=localhost Port=37931 Authentication=ALL BasePath=/com.hp.ov.sec.cm.certificateclient/rpc2/ Protocol=HTTPS BindAddress=localhost Port=37931 Authentication=REMOTE
saravanaa Aug 7, 2009 04:56:28 GMT N/A: Question Author
-------------------------------------------------------------------------------- The problem got resolved...
Here is the steps I did to resolve it...
1. I have removed the line CERT_INSTALLED=TRUE from the configuration file.
2. Started the ovbbccb service... Now the agent is running and triggered the certificate request...
Thank you for all your efforts!
Thanks, Sarav