HPE Community
Server Management - Systems Insight Manager
1833051 Members
2187 Online
110049 Solutions
New Discussion

Re: Trust Relationship Problem

 
Daniel Mosmeyer
New Member

‎12-29-2003 12:26 AM

‎12-29-2003 12:26 AM

Trust Relationship Problem

Been running CIM7 for a LONG time with great success. We have installed SIM and are have a probelm with trusts. Servers are set for Trust by Certificate. Cert from SIM server has been imported to the servers. Insight link from SIM page is still requiring manual login. Also, software status states there is a trust error. Any ideas? We have looked over all of the usual things we found using CIM7 with trusts...
One test is worth a thousand expert opinions.
0 Kudos
Reply
6 REPLIES 6
FRANK PRUSS
Advisor

‎12-29-2003 08:22 AM

‎12-29-2003 08:22 AM

Re: Trust Relationship Problem

I have come here with a somewhat different trust relationship question.

We will eventually be using certificates for trust relationships, but for now we are using trust by (management serverP) name.

The managed systems' "trust by name" feature is working fine for IM7 with just hostnames but for HPSIM it failed. It was quickly realized we now needed to add the FQDN of the HPSIM system into the "trusted names" list of managed system's Web Browser settings!

However, this is painful.

It appears the HPSIM developers were considering this as a possible issue, as in "Options->Security->System Links Configuration" it appears you should be able to choose between sending the system name, IP address or FQDN.

The settings here are of no help in resolving the "Trust by Name" issue I'm having. No matter which setting is chosen here, the Web Browser on the managed system logs a single logon request from the FQDN of the HPSIM system and from just the hostname of the IM7SP2 system. (These are two physically seperate servers, both W2003).

However these settings may affect "trust by certificate" of the original poster?
0 Kudos
Reply
Daniel Mosmeyer
New Member

‎12-30-2003 11:52 PM

‎12-30-2003 11:52 PM

Re: Trust Relationship Problem

Sorry Frank.....no help.
One test is worth a thousand expert opinions.
0 Kudos
Reply
Jadrice Toussaint
Honored Contributor

‎12-31-2003 01:48 AM

‎12-31-2003 01:48 AM

Re: Trust Relationship Problem

Daniel -

Have you tried restart the management agents on the clients that are having trust issues?

Try restarting the snmp service.
0 Kudos
Reply
Jadrice Toussaint
Honored Contributor

‎12-31-2003 02:27 AM

‎12-31-2003 02:27 AM

Re: Trust Relationship Problem

Frank -

SIM now switches from using short names to FQDN names. That explains why you need to use FQDN for trust by name. The same holds true for certificate trust. SIM has change the default name format in its certificate from short name to FQDN names.
0 Kudos
Reply
Jadrice Toussaint
Honored Contributor

‎12-31-2003 02:31 AM

‎12-31-2003 02:31 AM

Re: Trust Relationship Problem

Daniel that goes for you too. Your cert trust relationship is not working because the name in the certificate does not match the name configured in the Management agents.

to solve this issue, Regenerate a new server certificate in HP systems Insight Manager using the short name instead of the fully-qualified name by clicking Options > Security > Certificates > Server Certificate. This will require you to restart HP Systems Insight Manager.

Let me know how you make out.
0 Kudos
Reply
Daniel Mosmeyer
New Member

‎01-04-2004 10:59 PM

‎01-04-2004 10:59 PM

Re: Trust Relationship Problem

Jadrice -
Restarted agents as well as the entire server's OS (clients). Looked at existing cert...it is using the host name only, not the FQDN. Just to be safe, I created a new server cert, restarted SIM then imported the cert to the client servers. Still no go. Presently, this is in a testing environment but would like to take this live as soon as we can reliably use it. BTW, the version control link from SIM to the clients throws up a trust error as well. Anyone else got a clue????
One test is worth a thousand expert opinions.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.