HPsim is not starting any more after password change
Dear HPSIM community,
We installed the Virtual Management Pack on our HPSIM server (Windows 2000 SP4 english, Standard Edition). Unfortunately the password was set to my domain account which I used for installing the software (with local administrator rights).
I changed the services to run in the context of a domain service account I created and which has local administrative rights on the server HPSIM is running on. The "HP Systems Insight Manager" was running via this account for months without problems.
Now i have the problem that the HP Systems Insight service is not starting any more. It even doesn't bind to port 50000.
The eventlog shows three errors which all three appear in one second:
1st) Type: Error, EventId: 3, Description: mxdtf(error):Received a ssh exception: Invalid Passphrase for dtf private key.
Re: HPsim is not starting any more after password change
Hi Andi, I'll take a guess at this one...I'm not positive that this will fix it but it might be worth a shot.
I found the following Forum message and copied a portion of the information from Joel Rubinstein:
"User changes the password on the account used to run the "HP Systems Insight Manager" service and modifies the password configured in the service definition. He then restarts the service but can not longer login to SIM.
Cause
Database access is now configured using the database.props configuration file. The database access password is configured / modified by the mxpassword command.
Resolution/Workaround
The database.props file is used to specify the username configured for database access and will contain an entry like the following.
hp.Database.username=AETSIM\\Administrator
The are 3 formats for this information.
\\ for domain accounts
\\ for local accounts
for SQL server accounts
The mxpassword command is used to configure the password used for database access with the following syntax
mxpassword -m -x MxDBUserPassword="password" the password can contain special characters but not the double-quote character. This command is case sensitive.
Re: HPsim is not starting any more after password change
Hi Ed,
Many thanks for you hint but the database access seems to be configured properly. I tried it by logging in manually via this account.
The password for the service account not changed. Sorry if I did not mentioned this clearly.
The situation was like this:
The VMS setup configured the service "HP Virtual Machine Management Service" to log on as my administrator account I used for the installation (DOMAIN\myname).
I changed the service to start as DOMAIN\HPsimServiceAccount.
Afterwards I set all passwords via mxpasswd to the password of the service account because I feared this was also changed by the VMS setup program.
I think the main problem is caused by the Public/Private keypair created by HPSIM for the SSH communication. The passphrase for the private key is somehow incorrect but I don't know where it is stored.
Re: HPsim is not starting any more after password change
Andi, Sorry...I should have read your post a little more closely. I have had SSH problems on my SIM server before (v4.2) but I was able to recreate the SSH key by using the mxagentconfig command and pointing to my own local SIM server as the target. Do a -? on the command line after the mxagentconfig, but I believe the command is followed by -a (add) and -n (node) plus credentials. I have some SSH white papers if you need them, but they are also on the hp.com/servers/manage site under the SIM section. Hope that helps... Ed
Re: HPsim is not starting any more after password change
Hi Ed,
Thanks to your tip with mxagentconfig. Unfortunately the service was in some state where the mxagentconfig utility was not able to communicate with it.
I tried the following:
1.) open folder C:\Program Files\HP\Systems Insight Manager\config\sshtools 2.) rename .dtfSshKey to _.dtfSshKey 3.) reanme .dtfSshKey to _.dtfSshKey.pub
Now Mxdtf is complaining about the missing key files but the service is at least starting to a phase where the webinterface and alerting functions are available.
I think the most easiest way is to simply recreate the key pair and to redistribute it to all systems managed via SSH but I have not found any utility which is capable of doing this.
Re: HPsim is not starting any more after password change
Hi Elliot,
unfortunately the problem is not really resolved yet. After renaming the keys the mass of events were gone but the HPSIM crashed from time to time, mostly after a cold start of the server. A few weeks ago I installed HPSIM SP4 on our server and the keys have been recreated. Unfortunately the password stored somewhere in HPSIM is not matching the password used for the servers private key. I really dont (sorry, for some reason my single quote key is not working at the moment) know, which passphrase was used for the key generation.
Re: HPsim is not starting any more after password change
I had the same problems after changing the password for the administrator on which account the HP SIM was installed. I even had problems deploying agents like the OpenSSH agent to other servers. I got this problem solved by moving the key-files (.dtfSshKey and .dtfSshKey.pub) to a backup directory and creating a new key pair. You must have OpenSSH installed. Change to the bin directory of OpenSSH (..\Program Files\OpenSSH\bin) and use the ssh-keygen.exe with following syntax : ssh-keygen -b 1024 -f .dtfSshKey -t rsa. You'll then be asked for a new passphrase where I chose the new password of the administrator. After that a new key pair will be generated in the current directory. Then you have to move these files to the directory where the old files where located (..\program files\hp\systems insight manager\conf\sshtools) and restart the mxdtf.exe. This worked fine for me and since then I haven't had any problems deploying agents to other servers and no error entries in the eventlog.
Re: HPsim is not starting any more after password change
I tried to recover from a situation where I was getting "Login Failed Authentication" on the CMS, found an ITRC thread on that which led me here. I completed the key-regeneration sequence listed. After this a problem occured, similar to the one Andreas describes in this thread. However, the error message is different:
mxdtf(error):Received a ssh exception:Cannot found dtf private key at location:C:\Program Files\HP\Systems Insight Manager\config\sshtools/ .dtfSshKey
("Cannot found" ?? Well it says so.. :)) I immediately replaced the newly generated keys with the originals from the backup I created, but the errormessage prevails.
I noticed that the NTFS permissions on the files were set to READ for my account ONLY, which is my currently logged in user. I suspect this happened because I replaced the files instead of deleting and restoring. The backup of the files has the correct permissions of SYSTEM and Administrators Full Control.
But even now after restoring permissions the same three errors in sequence. After a restart, the messages disappeared, while the "Login Failed Authentication" messages are still flooding the HP SIM Event log...
Re: HPsim is not starting any more after password change
Andi, thanks for you reply!
I tried your suggestion and recreated a new key-pair logged on as the HP SIM service account, but now I get the "Invalid Passphrase" error you had to begin with! :)
I did use a Passphrase matching the service account's password as suggested.
