I had a similar problem where everything would run fine for a week or so and then single sign-on wouldn't work. The other thing I noticed was that the trust to the VCRM, which was running on the same server, had failed.
While investigating and troubleshooting, I found the following error in C:\hp\hpsmh\logs\smh.log:
This certificate has a Common Name (CN) that doesn't match the server's name
This error would occur when restarting the HP SIM server's SMH service while all of the SIM related services (SIM, PMP, VCRM, etc.) were stopped, so I was pretty sure it wasn't completely an HP SIM problem.
I tried creating new certificates via HP SIM using just the HP SIM server's host name and its FQDN. Neither fixed the problem. Since the trust to the VCRM (running on the same server) had failed, I tried uninstall/reinstall. Single sign-on worked once after the uninstall, but eventually failed again, even before the reinstall.
Finally, I ran Sysinternals RegMon and FileMon while restarting the SMH service, and found several registry reads to the following registry values:
HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\Computername
HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\Computername
HKLM\SYSTEM\CurrentControlSet001\Control\ComputerName\ComputerName\Computername
HKLM\SYSTEM\CurrentControlSet001\Control\ComputerName\ActiveComputerName\Computername
The timing of these reads was just before the entry above to smh.log.
It turned out that all of the registry vales were the SIM server's host name, but were ALL CAPS! Given the HP SIM certificate has the server's FQDN in all lowercase, and the error I found in smh.log, I thought this might be a problem (not 100% sure if SSL is case sensitive or not - any comments?). Once I changed these registry values to all lowercase, I stopped getting the errors in smh.log. I reset the HP SIM certificate one last time and uninstalled/reinstalled VCRM for good measure.
Everything (single sign-on and trust to VCRM) has been working for a few days now. Since it initially worked for a few days before the problem began, I don't know if this is a long-term fix or not. Also, since the registry values were always ALL CAPS, why did the problem only occur after about a week?
I tried correlating the timing of the problem to some event on the server, either OS or HP SIM related. I cannot remember the exact sequence of events, but I think it may have happened just after the first reboot after the initial install of HP SIM (not including the required reboots during the install process), which was about one week after the install of HP SIM.
Again, don't know if this is a long-term solution or if it would help any one else. It would be interesting to hear what HP has to say and find out what their fix fixes.
Pete
