Server Management - Systems Insight Manager
1833845 Members
2419 Online
110063 Solutions
New Discussion

Re: Trust by Certificate Does Not Seem to Work

 
James Yocum
Advisor

Trust by Certificate Does Not Seem to Work

I have followed the instructions on installing the certificate from the HP SIM server into the IM agent on a managed system. I'm still getting prompted for the Administrator password. What gives? I though that this would automatically authenticate me and enable a single login.
5 REPLIES 5
James Yocum
Advisor

Re: Trust by Certificate Does Not Seem to Work

I have found this in a log file on the managed server. I'm not sure if this means that there is something wrong with the certificate.

SECURITY ERROR Severity=1 Wed Nov 10 09:49:33 2004
Invalid Secure Task Execution or Single Login request from 10.40.15.42
Failed opening certificate file.

SECURITY INFORMATION Severity=0 Wed Nov 10 09:49:49 2004
Login Succeeded: as user 'administrator' from 10.40.15.42

SECURITY ERROR Severity=1 Wed Nov 10 10:07:06 2004
Invalid Secure Task Execution or Single Login request from 10.40.15.42
Failed signature validation.

SECURITY INFORMATION Severity=0 Wed Nov 10 10:08:00 2004
Login Succeeded: as user 'administrator' from 10.40.15.42

Rob Buxton
Honored Contributor

Re: Trust by Certificate Does Not Seem to Work

How did you load the Certificate?

From the Client Agent you can delete the Certificates. Maybe try that and redo the Get Certificate request to reload the certificate from the HPSIM Server.
James Yocum
Advisor

Re: Trust by Certificate Does Not Seem to Work

I have tried both the cut and paste and executed the get certificate option.

Anyway, I did delete it and tried the get certificate option again. Still the same results.
Rob Buxton
Honored Contributor

Re: Trust by Certificate Does Not Seem to Work

James,
I've not seen that before. The Get Certificate has always worked for me.

Out of interest, what versions of HPSIM and Agent?
Does the name of the Server show correctly under the Trusted Servers list? with a FQDN or just a name?
It's alsmost like the Certificate for the HPSIM Server itself is corrupt.
I think there are procedures for generating a new one, but I've never done it so I'd suggest you do a bit of work first or log a call to HP.
James Yocum
Advisor

Re: Trust by Certificate Does Not Seem to Work

The original server certificate was generated with the FQDN of the server. This showed up on the client list. So I went and generated a new server certificate specifying just the server name. I also restarted HPSIM as the dialog box indicated. I went and deleted the old certificate from the client and imported the new certificate. No difference. I'm running HPSIM 4.1 and here is the info from VCA:

Foundation Agents Service 7.0.0.0

HP ProLiant System Management Interface Driver 5.30.2195.0

Hewlett-Packard Survey Service 2.56.8.0

Compaq System Configuration Utility

Compaq Remote Monitor Service 5.0.2.0

Version Control Agent Service 2.0.1.30