- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Win2k3 SP1 + SIM4.2 SP1 + active directory = u...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2005 11:04 PM
04-05-2005 11:04 PM
1) you *have* to install SIM server while logged in as a *local* administrator. installing as a anything else (domain admin/user/whatever) will screw up HP's OpenSSH.
2) if your home folder for said local administrator is anything other than c:\documents and settings\Administrator, you have to shut down the openssh service and edit the /home/Administrator chunk in \Program Files\OpenSSH\etc\passwd to match the directory name.
3) if you installed SIM under a domain login, do yourself a favor and uninstall all of it now including the openssh server via add/remove programs, delete any directory on any managed host or the local host matching c:\documents and settings\*\.ssh, delete all of c:\program files\openssh, log out of windows and back in as that machine's local administrator, and re-install. Verify that SSH is working after the install by opening a command prompt, cd to c:\program files\openssh\bin, and run ssh localhost. If you can't fully log in as Administrator using the local admin password, to the point where you see a shell prompt, something went wrong. Check the event log to see why.
4) If you are deploying agents, I highly recommend you use a local administrator account on each end host, especially if you want to use OpenSSH on a windows 2003 server.
5) You have to have forward and reverse DNS lookups working for the SIM server and all managed objects, period. If you can't do an nslookup from a command prompt at the SIM server on both the full hostname and the IP you intend to manage from, SIM will freak out.
6) If you can't authenticate to remote machines already running SSH, they are likely running the OpenSSH daemon as a domain user. De-install OpenSSH on those managed hosts, nuke any .ssh directories on them as above, and remove the cached host key from the SIM server by using from a command prompt:
mxagentconfig -r -n hostname.or.ip.here
you can get an idea of what to use after -n by checking inside c:\program files\hp\systems insight manager\config\ssltools\known_hosts. If you get lazy you can just stop the SIM service, delete that file, and restart without much incident instead.
7) You can't use any service that requires SSH to install (including installing SSH itself) if your account username or password has any special shell characters in it, i.e. & < > or |. HP passes the password directly on a command line (how silly) and the shell interprets the characters directly. I'm not sure if the situation is improved by enclosing the password/userid in quotes from the GUI. FYI.
That's all for now, folks. Hope my 8 hours of hell helps someone else out there. Honestly it would be nice if HP would at least present a dialog on 2k3 systems warning of the domain admin problem w/ ssh during install and remote deployment. The resulting headscratching has wasted many more individuals' time than mine I'm certain.
cheers and good luck,
-tom
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2005 04:15 AM
04-06-2005 04:15 AM
SolutionHowever, know that we are aware there are issues and we're working hard on fixing them. We did put out a white paper on getting SSH setup on Windows 2003, but we now know there are more scenarios than we first thought that make this less than perfect.
So, we're doing a few things here to resolve the situation. First, we're going to update our white paper to include all the information we have to date. Second, we're going to release a set of scripts that help folks make sure any precondition and postconditions are set.
But most importantly, we're going to release HPSIM 4.2 SP2 that addresses these issues in many ways. We're going straight to the OS for local tool launches. This will mean that SSH isn't required locally to run tools like Repair Agent Settings, Initial PSP Deployment, and Deploy SSH. We're also improving the SSH component so that it handles lots of Win2K3 install issues.
All these things will help - but nothing will get you back your 8 hours though, so again let me apologize. I promise we're working hard to make sure this sort of thing doesn't happen again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2005 05:47 AM
04-06-2005 05:47 AM
Re: Win2k3 SP1 + SIM4.2 SP1 + active directory = ugh
all *excellent* ideas. don't get me wrong i'm excessively happy with HP (save a lack of IMA for Freebsd 5 and Fedora...), especially when we consider the state of the union over at the other bladeserver camps.
thanks for the pep talk and glimpse of goodness to come!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2005 08:27 AM
04-06-2005 08:27 AM
Re: Win2k3 SP1 + SIM4.2 SP1 + active directory = ugh
Good news. For non-supported OS versions, you can build the pack for installation. Go to http://www.hp.com/go/proliantlinux --> 'Managing ProLiant Servers with Linux' and check the custom builds instructions starting on page 27.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2005 10:21 AM
04-06-2005 10:21 AM
Re: Win2k3 SP1 + SIM4.2 SP1 + active directory = ugh
Perhaps it's up to me to port these puppies over to fbsd and make a port out of the shebang.
Great job, guys. Keep it up!