HPE Community
Server Management - Systems Insight Manager
1833159 Members
3143 Online
110051 Solutions
New Discussion

Re: Trust Relationship

 
Dennis Kanbier
Occasional Advisor

‎07-17-2006 03:59 AM

‎07-17-2006 03:59 AM

Trust Relationship

Hi,

I'm trying to configure a trust-relationship between my HPSIM server and a Linux server. The manual for installing PSP's states that you can add certificates during installation. However, this doesn't seem to work for me with either an install using the GUI, or a silent inputfile.

SIM server:
HP SIM version C.05.00.01.01
Windows 2003

Linux server:
Bl20p G3 server with a previous version of the Proliant Support Pack installed. Also not configured for communication with the SIM server through SNMP or a trust relation.
Linux RHES 3.0

Steps I took to try to make it work:

On the SIM server: Options --> Security --> Certificates --> Server Certificate. Then I used "Export", and copied the file that has been generated (servcert.cer) to the "to monitor server", in the directory in wich I unpacked the PSP.

On the Linux server: unpacked the PSP, and made an inputfile of wich I think these lines should create the trust relationship:

TRUSTMODE=TrustByCert
CERTLIST=servcert.cer

After installing the PSP I don't have a trust relation with the SIM server. I don't really understand why, could somebody explain what I'm doing wrong or might be overlooking?
0 Kudos
Reply
7 REPLIES 7
Albert Austin
Esteemed Contributor

‎07-17-2006 07:06 AM

‎07-17-2006 07:06 AM

Re: Trust Relationship

Hi,

You say "Also not configured for communication with the SIM server through SNMP or a trust relation."

Do you mean SNMP is not configured and running on host server?

An easier option to install SIM security server would be to access host servers System Management Homepage and under Security tab choose Trusted Management Servers link and type SIM name or IP address and save configuration.

Once this is done it is important to have SNMP configured and running for it to update this info to SIM server.

Rgds,

Albert
0 Kudos
Reply
Dennis Kanbier
Occasional Advisor

‎07-17-2006 07:43 AM

‎07-17-2006 07:43 AM

Re: Trust Relationship

Thanks for the reply!

And yes, doing it manually using the SIM Homepage will work but I don't want to do that for 100+ servers.

I'm looking for a way to to automaticly deploy the new PSP, including setting up the trust relation with the management server. I was hoping the options I've posted in my openings thread would do the trick, or should do the trick but apperently not.

Sorry for not making clear that I've to do this on more then 1 server in the first place.
0 Kudos
Reply
Rich Purvis
Honored Contributor

‎07-17-2006 03:31 PM

‎07-17-2006 03:31 PM

Re: Trust Relationship

Well, the preconfiguration of the SMH component with the security trust should work - I am not a Linux guy so I don't have any real experience in doing this in Linux.

This document here:
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00293371/c00293371.pdf

Talks about how to preconfigure and install the Linux based SMH - directions for this are on page 37. If you have already looked at this I apologize.

Another option is seeing if your HPSIM installation has the "Configure or Repair Agent Settings" feature. This feature was originally designed for Windows but recent releases were supposed to have support for Linux - you might check it out - I have only used this feature with Windows. It has the ability to setup a trust on a list of servers.

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
Dennis Kanbier
Occasional Advisor

‎07-17-2006 07:54 PM

‎07-17-2006 07:54 PM

Re: Trust Relationship

Thank you for your reply.

I've looked at the documents you're referring too. In these documents they are referring to a filename.pem instead of a filename.cer wich I get when I exports the certificate.

Any idea's on where to get the *.pem file?
0 Kudos
Reply
Dennis Kanbier
Occasional Advisor

‎07-26-2006 11:13 PM

‎07-26-2006 11:13 PM

Re: Trust Relationship

I've solved the issue this way:

I've greated a PERL script to just copy over the certificate-file manually to /opt/hp/hpsmh/certs and this works on RedHat Enterprise Linux 3. It fails on RedHat 2.1, I'm not sure why but I'm still working on that.

Little off-topic question:

Is the PSP for RedHat 2.1 out of development? Since the PSP for RedHat 3 is on 7.5, but for RedHat 2.1 it's still on 7.30...
0 Kudos
Reply
Rich Garcia_1
Occasional Contributor

‎01-07-2009 02:33 PM

‎01-07-2009 02:33 PM

Re: Trust Relationship

I am currently using PSP815 for HPSIM on Linux 4, with an input file and regardless of putting the following , I get a certificate which I need to accept when logging into the smh for the first time.

TRUSTMODE=TrustByCert
CERTLIST=servcert.cer

Does anyone know also why when creating an --inputfile ford the install, why the following parameters work:

HPVCAVCRMSERVER="153.2.1.75"
#vcrauser
HPVCAVCRMLOGINID=hpsimlaa

But the password does not get put in during the configuration of the VCA.

#vcapass
HPVCAVCRMLOGINPASSWD=HPSIMlaa

??
0 Kudos
Reply
Rob A
New Member

‎03-25-2009 03:34 AM

‎03-25-2009 03:34 AM

Re: Trust Relationship

We are having the same problem. The linux VCA agent seems to lose the password to connect to the VCRM using Systems Insight Manager 5.2 with SP2 - Windows and RHEL clients using PSP 8.10 and PSP 8.15.

The only solution I have is to go into the VCAgent web GUI and re-enter the password. Once that is done delete the machine in HPSIM and re-discover. Simply copying the /opt/hp/vcagent/etc/vcagent.conf doesn't work

I have over 400 linux servers and don't fancy doing this to all the clients so I am looking for a better solution.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.