HPE Community
Server Management - Systems Insight Manager
1752795 Members
6080 Online
108789 Solutions
New Discussion юеВ

Hardware status polling locked out a domain user

 
WilliamCH
Occasional Advisor

тАО12-16-2010 09:57 AM

тАО12-16-2010 09:57 AM

Hardware status polling locked out a domain user

For some reason, Hardware status polling for servers locked out a domain user account. He just changed his password. His domain account was a user of SIM. We removed his domain account from SIM but no help. We checked his credential is not used for any discovery tasks and his account is not used for global sign-in credential.

The only way to stop the lockout situation for now is to disable Hardware status polling for hardware. But we need this task to run.

Please help. thanks,
0 Kudos
Reply
2 REPLIES 2
Ali
HPE Pro

тАО12-17-2010 02:31 PM - last edited on тАО06-29-2021 12:04 AM by

тАО12-17-2010 02:31 PM - last edited on тАО06-29-2021 12:04 AM by

Re: Hardware status polling locked out a domain user

Hi William,

To resolve this issue, restart Systems Insight Manager to remove any extraneous database records, and re-run
the discovery or identification task.

If still does not work, remove user from HP SIM database using mxnodesecurity command

To quickly find out the systems against which HP SIM is trying to authenticate using the specific account, from a command propmt run the following command:

mxnodesecurity -l

Output from this command has fixed width and can easily be imported in a spreadsheet to be filtered. You will be looking for something similar to the following:

NODENAME PROTOCOL USERNAME PASSWORD TRYOTHERS
simserver wbem domain\user ******** Yes

OPTION 1
Open HP SIM
For each one of the systems having the wrong credentials, do the following:

- In the "All Systems" view, select the system
- From the "Options" menu, select "Security", "Credentials", "System Credentials"
- From the table, select the wrong credentials and click on "Edit system credentials..."
- In the "Edit System Credentials" panel, click on "Show advanced protocol credentials"
- Click on the tab(s) related to the wrong credentials, amend them and click on "OK"

OPTION 2
The following procedure should be run using SQL Server Management Studio to connect to the server hosting HP SIM's database. The database used to host HP SIM's data is assumed to be Microsoft SQL Server 2005.

Use the following procedure:

- Open SQL Server Management Studio and connect to the server hosting SIM's database
- In the left pane, expand "Databases", "Insight_v50_0_xxxx" (where "Insight_v50_0_xxxx" is HP SIM's database), "Tables"
- Right-click "dbo.NodeCredentialMap" and select "Script Table as", "DELETE To", "New Query Editor Window"
- The query will be similar to the following: DELETE FROM [Insight_v50_0_14203480].[dbo].[NodeCredentialMap] WHERE protocol = 'wbem'
(change "wbem" with the relevant protocol if needed)
- Click on "run" and check the result
- Running mxnodesecurity -l on the CMS should produce no results for the wbem protocol (or the alternative one used in the above query)

thanks,
Aftab

I work for HPE
Looking for a quick resolution to a technical issue for your HPE products? HPE Support Center Knowledge-base тАУ Just a Click Away!
See Self Help Post for more details

Accept or Kudo

0 Kudos
Reply
WilliamCH
Occasional Advisor

тАО12-20-2010 07:48 AM

тАО12-20-2010 07:48 AM

Re: Hardware status polling locked out a domain user

Thanks Aftab for your reply. much appreciated.

I have unchecked WBEM protocol in the "Hardware status polling for servers" settings and it seems good. I suspected the specific user used his domain account credential to subscribe the WBEM event for some servers. But this is just a guess and workaround. I am still wondering why.

What I did before for troubleshooting was to remove the user account in SIM and reboot the server but didn't help.

I have run "mxnodesecurity -l" on the CMS. The user whose account has been locked is not on the list.

I followed the option 1 you mentioned. As I don't know which server caused trouble, I can't specify which system I should look into it for system credential.

I didn't run the option 2 yet as the SQL studio management hasn't been installed. I think this should be the same result as "mxnodesecurity -l -p wbem". I will give a try once I get SQL studio installed.


Thanks,

William



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.