HPE Community
HPE OneView
1751933 Members
4841 Online
108783 Solutions
New Discussion

Re: SCOM Integration Kit 9.0 - Cannot add OneView appliance - Certificate import is failed

 
SOLVED
Go to solution
dunksha
Occasional Visitor

‎04-27-2018 08:41 AM

‎04-27-2018 08:41 AM

SCOM Integration Kit 9.0 - Cannot add OneView appliance - Certificate import is failed

I have an issue where I can't add an appliance to the HP OneView Configuration Dashboard in SCOM.  Neither FQDN nor IP address work.  I've validated the login works and has the correct permissions, and that port 80 is open.

The error in the Configuration Dashboard is:
"Unable to add appliance <applianceFQDNHere>
Error Code : 118. Certificate import is failed."

I inspected the OneView appliance's https certificate, and it's a certificate issued by our internal CA.  I opened it on the server with the Event Management Service installed and it's trusted by the server. 

I'm not sure how to troubleshoot further.  Has anybody else come across this issue and gotten it resolved?  Any pointers would be greatly appreciated.

0 Kudos
Reply
1 REPLY 1
dunksha
Occasional Visitor

‎04-30-2018 02:14 PM

‎04-30-2018 02:14 PM

Solution

Re: SCOM Integration Kit 9.0 - Cannot add OneView appliance - Certificate import is failed

Turns out that the OneView configuration dashboard in SCOM attempts to import the entire certificate chain from the OneView Appliance's certificate store (/rest/certificates/ca/CertificateAlias) to the windows cert store that is running the console, even if those certificates are already imported.  Not convenient because this job is already done, but sure, make it easier for most people so they don't have to manage a bunch of certificates.


However, the web page (https://applianceNameHere/#/settings/security/managecertificates/certificate) used to import certificates into OneView provides a field to use as an alias for the certificate.  if the value in this field doesn't match the "Issued By" of the https certificate used for the OneView web server, SCOM won't be able to find it and will throw a 404 about not finding the cert.  See Log below:

2018-04-30 15:14:08.7431 Microsoft.EnterpriseManagement.Monitoring.Console 30472:14 ERROR HPOVConfigurator.OneViewInteraction.GetHTTPRequest Web-exception occurred during Get Request for Appliance: <applianceName>. Error Message:The remote server returned an error: (404) Not Found.
2018-04-30 15:14:08.7431 Microsoft.EnterpriseManagement.Monitoring.Console 30472:14 ERROR HPOVConfigurator.OneViewInteraction.GetRootCertificate external root certificate is not found for Appliance:<applianceName>. Error Message:rest/certificates/ca/<CertificateAlias>
2018-04-30 15:47:29.3541 Microsoft.EnterpriseManagement.Monitoring.Console 30472:29 INFO HPOVConfigurator.OneViewInteraction.GetRootCertificate external root certificate found for Appliance:<applianceName>

To resolve this issue, review the logs and determine what alias SCOM is requesting, then reimport a 2nd set of any intermediary and root certificates in the chain, making sure that the alias matches the request from SCOM.

I hope this helps somebody, because this was a serious pain to figure out.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.