When the Host Name and/or IP address of the Change Guardian server is changed, all the existing agents and CAM would fail to communicate and forward events to Change Guardian server.
Even the new Agents deployment also will fail because of the old certificates i.e., already generated certificate with the older Host Name and/or IP Address
Bug 1144949 - 101235341451 : CG Server IP and domain changed all certs are using the wrong information
The core problem here is CAM and Agents will not have any knowledge about the Change Guardian Server's new Host Name and/or IP Address so they will still try to communicate to the old Host Name and/or IP Address only.
Even after updating the new Host Name and/or IP Address in the CAM's configuration, it will still fail to communicate with the CG Server because all the client certificates are generated with the old Host Name and/or IP Address.
Below steps helps to solve the Host Name and/or IP Address change issue
Edit the following files to update the new Host Name and/or IP Address
CAM's log file should show the following message with the New Host Name or IP Address
Execute configure_cg.sh script from /opt/novell/sentinel/setup folder to reconfigure CG Server with the new Host Name and IP Address
ams-cert.pem, ams-pk.pem, ams-pk.pem.pass
javos-cert.pem, javos-pk.pem, javos-pk.pem.pass
Change directory to /opt/netiq/cgutils/bin and execute the following command
Reconfigure AMS profile
Change directory to /opt/netiq/ams/ams/security/profiles
Take a backup of 'profile_ams' file
Change directory to '/opt/netiq/ams/ams/security/profiles/profile_ams'
Delete ams-cert.pem, ams-pk.pem.pass & ams-pk.pem.pass
Change directory to /opt/netiq/ams/ams/bin
Execute the below command to regenerate the AMS profile
Enable AMS profile by executing the following command
Reconfigure Javos profile
Change directory to /opt/netiq/cg/javos/security/profiles
Take backup of profile_javos
Change directory to /opt/netiq/cg/javos/security/profiles/profile_javos
Detele javos-cert.pem javos-pk.pem javos-pk.pem.pass files
Change direcotory to "/opt/netiq/cg/javos/bin" and execute the below command to regenerate Javos profile
Enable Javos profle by executing the below command
Restart assets service using the below command that regenerates the default agent configurations