HPE Community
Server Management - Systems Insight Manager
1753819 Members
9273 Online
108805 Solutions
New Discussion юеВ

How to replicate Agent Settings (Certificate for SSO)

 
ET_
New Member

тАО05-11-2010 06:00 AM

тАО05-11-2010 06:00 AM

How to replicate Agent Settings (Certificate for SSO)

Hello Folks,

we only want to deploy the Certificate for the agent settings in order to use SSO directly from the HPSIM 6.0. Therefor we want to establish a trust relation ship to reach the SMH. We configured a source machine and tryed to replicate this settings to our other machines, but an error occoured with the following Message:

The agent does not trust the HP Systems Insight Manager server or the agent is not running. Establish a trust relationship or make sure that the agent is started.

This was for about 1400 machines.
There must be the possibility to implement only the trust to the SMH, but we don't know where the mistake is.
Maybe someone could help us.
Thanks in advance T.
0 Kudos
Reply
3 REPLIES 3
NJK-Work
Honored Contributor

тАО05-11-2010 06:15 AM

тАО05-11-2010 06:15 AM

Re: How to replicate Agent Settings (Certificate for SSO)

Kinda of a catch 22 - you need a trust established to deploy certificate which allows you to establish a trust :)

Here is what I would do:

1) Manually configure the trust on one server per your standards (the "golden" box).
2) Grab the certificate files from c:\hp\hpsmh\certs directory on the golden box and store them somewhere for distribution.
3) Write a script that copies the cert files from your location in step 2 above to all your servers c:\hp\hpsmh\certs directories
4) In the same script, stop the SMH and VCAgent services on those server and then start them.

Here is an example - its pretty old, so the name of the HP SMH service might now be different:

'************************************************************
' File: StopWebAgent.vbs
' Author: Nelson J. Kaeppel (Excerpts from MS Script Center)
'
' Purpose: This script stops the various HP WebAgent services so that
' the new certificate will take affect.
'
'************************************************************

On Error Resume Next

'Open a file from reading; provide the file name as the argument to this script
Set objArgs = WScript.Arguments
Const ForReading = 1
Set objDictionary = CreateObject("Scripting.Dictionary")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(objArgs(0), ForReading)
i = 0

'Parse the text file for server names and add to a dictionary object
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
objDictionary.Add i, strNextLine
i = i + 1
Loop

'Loop through all server names in the dictionary object and take action on the "WebAgent" service
For Each objItem in objDictionary
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & objDictionary.Item(objItem) & "\root\cimv2")
Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where name = 'CpqWebMgmt'")
For Each objService in colServiceList
errReturn1 = objService.StopService()
Next
Next

Do similar for VCAgent. Then repeat to "Start" those agents.

I am pretty sure there is a way to do this in SIM - I just personally don't know how and never bothered to find out.

Nelson
0 Kudos
Reply
David Claypool
Honored Contributor

тАО05-11-2010 06:55 AM

тАО05-11-2010 06:55 AM

Re: How to replicate Agent Settings (Certificate for SSO)

...or, use 'Configure or Repair Agents' which will use OS authentication to set up the certificate trust to be used thereafter.
0 Kudos
Reply
TechGuru
Trusted Contributor

тАО05-12-2010 10:10 AM

тАО05-12-2010 10:10 AM

Re: How to replicate Agent Settings (Certificate for SSO)

or pre-configure a SMH component and deploy with force.. using [Deploy software and firmware] task.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.