https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242688#M51936 <!--!*#-->We have been told to use the windows 2008 firewall and have been succesful until someone deleted the VHD my previous version of SIM was running on. I'm rebuilding from scratch with SIM 6.0. When I discover a new system that has the proper settings the first attempt to connect via the SMH I get this at the bottom of the page:<BR /><BR />"Unable to retrieve certificate from management server cmsserver.domain.com"<BR /><BR />(I'm using "trust by certificate" Trust Mode.)<BR /><BR />If I log on to the SMH and attempt to "Get Certificate Information" I get this error message:<BR />"Error: Unable to obtain a certificate from server VBxx0999. Verify if the server is reachable and running Insight Manager."<BR /><BR />If I turn off the firewall, the certificates exchange and then I can turn on the firewall again and everything else works perfectly.<BR /><BR />Current ports open:<BR />2381 TCP any any<BR />2381 UDP any any<BR />161 UDP any any<BR />161 TCP any any<BR />22 TCP any any<BR />22 UDP any any<BR />2301 TCP any any<BR />2301 UDP any any<BR />50000 TCP any any<BR />50000 UDP any any<BR /><BR />What port(s) do I need to open in order for these certificates to be installed into the monitored machines' System Management Homepage???<BR /><BR /><BR /><BR /> Mon, 07 Jun 2010 12:17:12 GMT David Orwig 2010-06-07T12:17:12Z https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242688#M51936 <!--!*#-->We have been told to use the windows 2008 firewall and have been succesful until someone deleted the VHD my previous version of SIM was running on. I'm rebuilding from scratch with SIM 6.0. When I discover a new system that has the proper settings the first attempt to connect via the SMH I get this at the bottom of the page:<BR /><BR />"Unable to retrieve certificate from management server cmsserver.domain.com"<BR /><BR />(I'm using "trust by certificate" Trust Mode.)<BR /><BR />If I log on to the SMH and attempt to "Get Certificate Information" I get this error message:<BR />"Error: Unable to obtain a certificate from server VBxx0999. Verify if the server is reachable and running Insight Manager."<BR /><BR />If I turn off the firewall, the certificates exchange and then I can turn on the firewall again and everything else works perfectly.<BR /><BR />Current ports open:<BR />2381 TCP any any<BR />2381 UDP any any<BR />161 UDP any any<BR />161 TCP any any<BR />22 TCP any any<BR />22 UDP any any<BR />2301 TCP any any<BR />2301 UDP any any<BR />50000 TCP any any<BR />50000 UDP any any<BR /><BR />What port(s) do I need to open in order for these certificates to be installed into the monitored machines' System Management Homepage???<BR /><BR /><BR /><BR /> Mon, 07 Jun 2010 12:17:12 GMT https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242688#M51936 David Orwig 2010-06-07T12:17:12Z https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242689#M51937 P.S. 443 TCP any any is also open Mon, 07 Jun 2010 12:32:44 GMT https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242689#M51937 David Orwig 2010-06-07T12:32:44Z https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242690#M51938 It's port 280 TCP.<BR />I found this documment for SIM 5 that works. And it shows a lot more than the standard port list that you've seen for years:<BR /><A href="http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf" target="_blank">http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf</A> Mon, 07 Jun 2010 12:47:49 GMT https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242690#M51938 David Orwig 2010-06-07T12:47:49Z https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242691#M51939 It's port 280 TCP. Mon, 07 Jun 2010 14:49:43 GMT https://community.hpe.com/t5/server-management-systems/sim-6-0-thru-w2k8-firewall-certificate-xfer/m-p/5242691#M51939 David Orwig 2010-06-07T14:49:43Z