HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

Trust relationships not working

 
Angel Garcia Merino
Occasional Advisor

Trust relationships not working

Platform:

Hardware: HP ProLiant BL40p, with 1 Intel Xeon @1.50 GHz, 2 GB of RAM, 2x18 GBytes SCSI Disks

Software: Operating System Windows Server 2003 R2 Enterprise Edition Service Pack 1, Systems Insight Manager 5.0 with SP5 - Windows, Build version: C.05.00.02.00, Build Date: 2006-05-23 11:07, Hotfixes: none, MSDE

System Management Homepage security configuration: Trust Mode = Trust all, allow anonymous access, local access as Administrator.

The user used to logon on Systems Insight Manager has Administrator privileges.

Whenever I click on the Health Status column I get access to the System Management Homepage as "Current User: hpsmh_anonymous"

Any idea on how to troubleshut this problem?

Thanks in advance for any answer!
6 REPLIES
Daniel Leblanc
Honored Contributor

Re: Trust relationships not working

Try this:
1 All you re server SNMP setting are set for TRAPS>Communite name(correc name),TRAPS>Communite name>traps destination> 1-server Insight & 2-127.0.0.1
#2 All you re server snmp setting are set for SECURITE> Accepted community name>Communite name(correc name),All you re server snmp setting are set for SECURITE> Accepted community name>Communite name> Accepted packet from these host>1-server Insight & 2-127.0.0.1.

3# in youre Home page manegement>Setting>Securite
A_IP Binding-Nothing
B_IP Restricted Login-Nothing
C_Local Server Certificate-Nothing
D_Local/Anonymous Access-Nothing
E_Trust Mode>Secure Trust Modes:Trust by Certificate
F_Trusted Management Servers>Importe you Insight server certificate
G_User Groups-Nothing.

If this doesn't work..we will look at this
Rob Buxton
Honored Contributor

Re: Trust relationships not working

Your not really setting up a Trust here. You'd be better off using the Trust by certificate method.
Also disable anonymous access.
With trust by certificate you can import the certificate from the hpsim server.
You can also configure the agent to include the certificate so that new deployments get the certificate.
Angel Garcia Merino
Occasional Advisor

Re: Trust relationships not working

I tried your configuration and the behaviour is the same after restarting the HP System Management Homepage service.

IP Binding: none
IP Restricted Login: none
Local Server Certificate: none
Local/Anonymous Access: none
Trust Mode: Trust by Certificate
Trusted Management Servers: HP SIM Cert.
Users Groups: none

Accepted community names: public (RO) private (RC)
Accept SNMP packets from these hosts: 127.0.0.1 10.0.0.26
Traps Community name: traps
Trap destinations: 127.0.0.1 10.0.0.26

Now when I click for the first time the health status button I get a new window asking me for the credentials (username and password) to access the System Management Homepage. But when I click for the second time the health status button I get non anonymous access the System Management Homepage without asking me for the credentials.
Angel Garcia Merino
Occasional Advisor

Re: Trust relationships not working

I tried your configuration and the behaviour is the same after restarting the HP System Management Homepage service.

IP Binding: none
IP Restricted Login: none
Local Server Certificate: none
Local/Anonymous Access: none
Trust Mode: Trust by Certificate
Trusted Management Servers: HP SIM Cert.
Users Groups: none

Accepted community names: public (RO) private (RC)
Accept SNMP packets from these hosts: 127.0.0.1 10.0.0.26
Traps Community name: traps
Trap destinations: 127.0.0.1 10.0.0.26

Now when I click for the first time the health status button I get a new window asking me for the credentials (username and password) to access the System Management Homepage. But when I click for the second time the health status button I get non anonymous access the System Management Homepage without asking me for the credentials. But when I click the Sofware Status button I get a message saying: Be sure that a trust relationship exists between the HP Systems Insight Manager and Version Control Agent on the target system.
Angel Garcia Merino
Occasional Advisor

Re: Trust relationships not working

Problem solved!

The problem was the System Management Homepage configuration in CMS. In the SMH log there was an error message saying that the certificate used by SMH was not valid because the CN in the certificate did not match the server name. I installed a certificate issued by a CA and the problem was gone.

It seems that the access to a SMH of a server from SIM first access to the SMH of the CMS and then the CMS redirects the query to the final server adding the trust information. If the first access to the SMH of the CMS does not work fine the redirection does not include the trust information.

Thanks everybody for your help!
Angel Garcia Merino
Occasional Advisor

Re: Trust relationships not working

Closed!