- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: SCOM Integration Kit 9.0 - Cannot add OneView ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2018 08:41 AM
04-27-2018 08:41 AM
I have an issue where I can't add an appliance to the HP OneView Configuration Dashboard in SCOM. Neither FQDN nor IP address work. I've validated the login works and has the correct permissions, and that port 80 is open.
The error in the Configuration Dashboard is:
"Unable to add appliance <applianceFQDNHere>
Error Code : 118. Certificate import is failed."
I inspected the OneView appliance's https certificate, and it's a certificate issued by our internal CA. I opened it on the server with the Event Management Service installed and it's trusted by the server.
I'm not sure how to troubleshoot further. Has anybody else come across this issue and gotten it resolved? Any pointers would be greatly appreciated.
Solved! Go to Solution.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2018 02:14 PM
04-30-2018 02:14 PM
SolutionTurns out that the OneView configuration dashboard in SCOM attempts to import the entire certificate chain from the OneView Appliance's certificate store (/rest/certificates/ca/CertificateAlias) to the windows cert store that is running the console, even if those certificates are already imported. Not convenient because this job is already done, but sure, make it easier for most people so they don't have to manage a bunch of certificates.
However, the web page (https://applianceNameHere/#/settings/security/managecertificates/certificate) used to import certificates into OneView provides a field to use as an alias for the certificate. if the value in this field doesn't match the "Issued By" of the https certificate used for the OneView web server, SCOM won't be able to find it and will throw a 404 about not finding the cert. See Log below:
2018-04-30 15:14:08.7431 Microsoft.EnterpriseManagement.Monitoring.Console 30472:14 ERROR HPOVConfigurator.OneViewInteraction.GetHTTPRequest Web-exception occurred during Get Request for Appliance: <applianceName>. Error Message:The remote server returned an error: (404) Not Found.
2018-04-30 15:14:08.7431 Microsoft.EnterpriseManagement.Monitoring.Console 30472:14 ERROR HPOVConfigurator.OneViewInteraction.GetRootCertificate external root certificate is not found for Appliance:<applianceName>. Error Message:rest/certificates/ca/<CertificateAlias>
2018-04-30 15:47:29.3541 Microsoft.EnterpriseManagement.Monitoring.Console 30472:29 INFO HPOVConfigurator.OneViewInteraction.GetRootCertificate external root certificate found for Appliance:<applianceName>
To resolve this issue, review the logs and determine what alias SCOM is requesting, then reimport a 2nd set of any intermediary and root certificates in the chain, making sure that the alias matches the request from SCOM.
I hope this helps somebody, because this was a serious pain to figure out.