- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- vca and use certificate to connect to vcrm
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2012 09:14 AM
04-06-2012 09:14 AM
vca and use certificate to connect to vcrm
hello,
i just installed a new hp sim 7 server to replace my old 6.3 system. so far everything went fine, but i also want to use the new feature from vca 7 "by certificate".
on the hp sim server locally it is working, but from all remote systems not. when i enter the credentials of my domain admin i get the support packs. so the basic config should be ok.
what do i miss to enable all my servers to authenticate via certificate for vca?
thank´s a lot for your help!
brgds Andreas
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2012 06:52 AM
04-10-2012 06:52 AM
Re: vca and use certificate to connect to vcrm
I have the exact same issue. Works on the HPSim server but nothing else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2012 07:42 AM - edited 04-12-2012 07:35 AM
04-11-2012 07:42 AM - edited 04-12-2012 07:35 AM
Re: vca and use certificate to connect to vcrm
I have the exact same problem. Did a lot of fiddling around over the last day.
on the SMH I imported all the HPsim management certs and clicing from hpsim to agent HPSMH works without logging in.
In HPSIM for version control and I assigned the baseline and it actually check the software on the agent and showed the differences GREAT!!
but from the agent SMH home page clicking USING CERTIFICATE fails, but using userid and password works.
The specified repository, cmtcfcpwprmgt01.ibg.adroot.bmogc.net, is invalid or not reachable.
Connection: close
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 11 Apr 2012 14:31:56 GMT
Location: /cpqlogin.htm?RedirectUrl=/vcrepository&RedirectQueryString=
Server: CompaqHTTPServer/9.9 HP System Management Homepage/7.0.0.24
Set-Cookie: Compaq-HMMD=0001-708914d6-02bb-f343-b7be-17e211b5c0c0-1334154716745077; path=/; Secure
Status: 302
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2012 04:12 AM
04-16-2012 04:12 AM
Re: vca and use certificate to connect to vcrm
sorry, but is nobody from HP here that can explain how this feature works and what is needed?!? did anybody find the documentation for the latest vca? unfortunately i only find one from 2003...
brgds Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2012 02:39 PM
04-20-2012 02:39 PM
Re: vca and use certificate to connect to vcrm
The documentation is all right here
http://h18013.www1.hp.com/products/servers/management/unified/infolibraryfm.html
"HP Version Control supports Single Sign On (SSO) system that allows a trusted HP
VCA the ability to connect to the HP VCRM without providing authentication details to
login to HP VCRM's HP SMH. When the Using Certificate option is selected, HP
SMH processes the SSO request depending on the Trust Mode selected. HP SMH
obtains the HP VCA 's HP SMH public certificate and uses it to validate the trust
relationship. If HP SMH is unable to establish the trust relationship or cannot verify the
security token, then HP VCA displays the following error message:The specified
repository, VCRM IP, is invalid or not reachable."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2012 06:13 AM
04-23-2012 06:13 AM
Re: vca and use certificate to connect to vcrm
hello,
at least we have now the attention by someone from hp! :) thank´s a lot!
the trust mode from the smh is by certificate. the certificate i use is the self-signed created by the hp sim setup.
can you explain detailed what i should do/check to get this working? are there any firewall ports we must take care of except 2301 and 2381?
thank´s a lot for your help!
brgds Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2012 06:25 PM
04-23-2012 06:25 PM
Re: vca and use certificate to connect to vcrm
I replicated what you all are reporting.
The VCA "Use Certificate" failed for me as well with the error "The specified repository, is invalid or not reachable" yet if I use Username and Password it connects fine so my thinking is certificate itself.
In dinking around SMH Settings --> Security --> Local Server Certificate under Current Certificate I added the IP address of the vcrm for giggles in the Alternate Names box.
Went back to VCA and it was connected so I don't know if that was the ticket or not but went to change agent settings to set a baseline and it passed Use Certificate for the login.
Tomorrow I am going to try and get some clarity on a few details that aren't real clear in both the VCA and SMH documentation. As soon as I find out I'll post back unless someone beats me to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2012 07:29 AM
04-25-2012 07:29 AM
Re: vca and use certificate to connect to vcrm
I am having the same issue as Deas.h. I tried your solution by adding the IP under the Alternate Names box. No joy. I tried several servers with various info in the Alternate Names box as well as tried different certificates and no luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2012 07:45 AM
04-25-2012 07:45 AM
Re: vca and use certificate to connect to vcrm
I didn't figure it would be that simple, I cleared my out and SSO is still working. I have the question into engineering so we'll see what I can ascetain - whenever I can replicate an item like this internally usually they like to look at it otherwise the only avenue is a support case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2012 01:09 PM
05-15-2012 01:09 PM
Re: vca and use certificate to connect to vcrm
I did hear back - Basically it is kinda backwards from what I think it should be
The SSO is a SMH hosting the VCA to SMH hosting the VCRM
The SMH hosting the VCRM needs to have the SMH Certificate of the SMH hosting the VCA
So for every VCA you want to have SSO to VCRM, you have to add the certificate of the SMH hosting the VCA
It is a manual process so if you have 3000 VCA's you want to have SSO with the VCRM you will need to install each certificate for each SMH hosting VCA one at a time.
I suggested they flip the order so there was only 1 certificate to push out via HPSIM or if not using SIM can be installed pre-configured into the VCA.
Not sure if there will be much of a demand for it. What do you all think, is SSO for VCA to VCRM something you'd think important to have? I am not really sure I see the benefit of it beyond a simple convenience, but then again I don't have to deal with it everyday like you fine folks.