Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

HPsim is not starting any more after password change

SOLVED
Go to solution

HPsim is not starting any more after password change

Dear HPSIM community,

We installed the Virtual Management Pack on our HPSIM server (Windows 2000 SP4 english, Standard Edition).
Unfortunately the password was set to my domain account which I used for installing the software (with local administrator rights).

I changed the services to run in the context of a domain service account I created and which has local administrative rights on the server HPSIM is running on.
The "HP Systems Insight Manager" was running via this account for months without problems.

Now i have the problem that the HP Systems Insight service is not starting any more. It even doesn't bind to port 50000.

The eventlog shows three errors which all three appear in one second:

1st)
Type: Error, EventId: 3, Description: mxdtf(error):Received a ssh exception: Invalid Passphrase for dtf private key.

2nd)
Type: Warning, EventId: 2, Description: Restarting MxDTF

3rd)
Type: Error, EventID: 1, Description: Restart was Successful.

All Events have the source: HP Systems Insight


I checked the stored passwords via mxpasswd and they seem to be fine.

If it is just the SSH part of HPSIM: Can I recreate the key and the corresponding passphrase?

Many thanks in advance.

Andi
14 REPLIES
Ed Cox
Respected Contributor

Re: HPsim is not starting any more after password change

Hi Andi,
I'll take a guess at this one...I'm not positive that this will fix it but it might be worth a shot.

I found the following Forum message and copied a portion of the information from Joel Rubinstein:

"User changes the password on the account used to run the "HP Systems Insight Manager" service and modifies the password configured in the service definition. He then restarts the service but can not longer login to SIM.

Cause

Database access is now configured using the database.props configuration file. The database access password is configured / modified by the mxpassword command.

Resolution/Workaround

The database.props file is used to specify the username configured for database access and will contain an entry like the following.

hp.Database.username=AETSIM\\Administrator

The are 3 formats for this information.

\\ for domain accounts

\\ for local accounts

for SQL server accounts

The mxpassword command is used to configure the password used for database access with the following syntax

mxpassword -m -x MxDBUserPassword="password" the password can contain special characters but not the double-quote character. This command is case sensitive.

Re: HPsim is not starting any more after password change

Hi Ed,

Many thanks for you hint but the database access seems to be configured properly. I tried it by logging in manually via this account.

The password for the service account not changed. Sorry if I did not mentioned this clearly.

The situation was like this:

The VMS setup configured the service "HP Virtual Machine Management Service" to log on as my administrator account I used for the installation (DOMAIN\myname).

I changed the service to start as DOMAIN\HPsimServiceAccount.

Afterwards I set all passwords via mxpasswd to the password of the service account because I feared this was also changed by the VMS setup program.

I think the main problem is caused by the Public/Private keypair created by HPSIM for the SSH communication.
The passphrase for the private key is somehow incorrect but I don't know where it is stored.



Ed Cox
Respected Contributor

Re: HPsim is not starting any more after password change

Andi,
Sorry...I should have read your post a little more closely.
I have had SSH problems on my SIM server before (v4.2) but I was able to recreate the SSH key by using the mxagentconfig command and pointing to my own local SIM server as the target. Do a -? on the command line after the mxagentconfig, but I believe the command is followed by -a (add) and -n (node) plus credentials. I have some SSH white papers if you need them, but they are also on the hp.com/servers/manage site under the SIM section.
Hope that helps...
Ed

Re: HPsim is not starting any more after password change

Hi Ed,

Thanks to your tip with mxagentconfig. Unfortunately the service was in some state where the mxagentconfig utility was not able to communicate with it.

I tried the following:

1.) open folder C:\Program Files\HP\Systems Insight Manager\config\sshtools
2.) rename .dtfSshKey to _.dtfSshKey
3.) reanme .dtfSshKey to _.dtfSshKey.pub

Now Mxdtf is complaining about the missing key files but the service is at least starting to a phase where the webinterface and alerting functions are available.

I think the most easiest way is to simply recreate the key pair and to redistribute it to all systems managed via SSH but I have not found any utility which is capable of doing this.

Do you know some way how to do this?
Elliott Young
Occasional Visitor

Re: HPsim is not starting any more after password change

Did you ever get resolution on this? I have the same problem and it's filling up my app log every day.

Re: HPsim is not starting any more after password change

Hi Elliot,

unfortunately the problem is not really resolved yet. After renaming the keys the mass of events were gone but the HPSIM crashed from time to time, mostly after a cold start of the server.
A few weeks ago I installed HPSIM SP4 on our server and the keys have been recreated. Unfortunately the password stored somewhere in HPSIM is not matching the password used for the servers private key. I really dont (sorry, for some reason my single quote key is not working at the moment) know, which passphrase was used for the key generation.

With best regards.

Andi
Elliott Young
Occasional Visitor

Re: HPsim is not starting any more after password change

OK. I've logged a call with the lovely Katie at HP. I'll post something here when I get a resolution.

Elliott
RSHULTZ
Occasional Visitor

Re: HPsim is not starting any more after password change

Did anybody get resolution to this issue? I have a throng of invalid passphrase messages and I cannot seem to get it squared away. Thanks.
Solution

Re: HPsim is not starting any more after password change

I had the same problems after changing the password for the administrator on which account the HP SIM was installed. I even had problems deploying agents like the OpenSSH agent to other servers.
I got this problem solved by moving the key-files (.dtfSshKey and .dtfSshKey.pub) to a backup directory and creating a new key pair.
You must have OpenSSH installed. Change to the bin directory of OpenSSH (..\Program Files\OpenSSH\bin) and use the ssh-keygen.exe with following syntax : ssh-keygen -b 1024 -f .dtfSshKey -t rsa. You'll then be asked for a new passphrase where I chose the new password of the administrator. After that a new key pair will be generated in the current directory. Then you have to move these files to the directory where the old files where located (..\program files\hp\systems insight manager\conf\sshtools) and restart the mxdtf.exe. This worked fine for me and since then I haven't had any problems deploying agents to other servers and no error entries in the eventlog.

Re: HPsim is not starting any more after password change

Hello Thorsten,

thank you very much for your hint. This approach worked absolutely perfect. The logon failure issues are gone now.

Best regards

Andi
Thomas Paulsen
Occasional Advisor

Re: HPsim is not starting any more after password change

I tried to recover from a situation where I was getting "Login Failed Authentication" on the CMS, found an ITRC thread on that which led me here. I completed the key-regeneration sequence listed. After this a problem occured, similar to the one Andreas describes in this thread. However, the error message is different:

mxdtf(error):Received a ssh exception:Cannot found dtf private key at location:C:\Program Files\HP\Systems Insight Manager\config\sshtools/ .dtfSshKey

("Cannot found" ?? Well it says so.. :))
I immediately replaced the newly generated keys with the originals from the backup I created, but the errormessage prevails.

I noticed that the NTFS permissions on the files were set to READ for my account ONLY, which is my currently logged in user. I suspect this happened because I replaced the files instead of deleting and restoring. The backup of the files has the correct permissions of SYSTEM and Administrators Full Control.

But even now after restoring permissions the same three errors in sequence.
After a restart, the messages disappeared, while the "Login Failed Authentication" messages are still flooding the HP SIM Event log...

Re: HPsim is not starting any more after password change

Hello Thomas,

I had the same problem first. The ssh-keygen utility creates the SSH key for the currently logged on user.

I was logged with Domain\Andi but the account used by the SIM service for the system log on was Domain\Service-Account.

As Domain\Service-Account was member of the local admin group I simply logged on locally with this account and executed the ssh-keygen utility.

After a restart the service worked.

You can also found the account name for which the SSH key was created clear text in the key files.


With best regards

Andi
Thomas Paulsen
Occasional Advisor

Re: HPsim is not starting any more after password change

Andi, thanks for you reply!

I tried your suggestion and recreated a new key-pair logged on as the HP SIM service account, but now I get the "Invalid Passphrase" error you had to begin with! :)

I did use a Passphrase matching the service account's password as suggested.

Any idea where I stepped wrong?

Re: HPsim is not starting any more after password change

Hi Thomas,

execute the command mxpassword on your SIM Server to set the MxSshKeyPassword.

If you type in mxpassword -g a GUI will be displayed.

With best regards