Highlighted
Contributor.
Contributor.
1465 views

Install fails on credentials to master domain

Greetings all,

I attempted an update on a working SLES 12 Mobility 2014R2 SP2 system over the weekend - all appeared to be going swimmingly until asked for the master domain credentials..

Entered the master domain server - check
Default port was used - check
GW superuser name & password - check & check..

Response from install - host name does not match

At a point in the past, the master domain server had to be rebuilt due to BtrFS corruption, and the original hostname/domain was changed to match current business branding - new self signed certs were generated.. the install to 2018 was calling for the host/domain name of the previous server configuration and would not accept anything else entered at that point.

tried re-issuing the master domain certs - as a next step of the rebranding we installed a trusted wildcard cert - no joy. Keeps looking for a hostname that this particular server installation never had seen. Can't find any reference of this in a configuration file or in GW admin console.

Any direction would be greatly appreciated as without it - we are stuck at Mobility 14.2.2

Best regards

Mike Giovaninni
NetWerks Strategic Services, LLC
Agawam, MA USA
Labels (1)
0 Likes
7 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Mike,

Were you entering the DNS name of the server hosting the primary domain's admin service? Apologies if I misunderstand what you have already done.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Contributor.
Contributor.

laurabuckley;2477564 wrote:
Hi Mike,

Were you entering the DNS name of the server hosting the primary domain's admin service? Apologies if I misunderstand what you have already done.

Cheers,


Laura,

Again thanks for the gift of your expertise.

I have tried the following:


  • Using both short and long DNS of the master domain server, as well as its IP address - from the Mobility system, DNS resolves properly to both short and long hostnames of the master domain server.
  • I've verified that /etc/hosts matches what it should be looking for
  • I've tried resetting the hostname of the master domain server to what GW Mobility install was showing as the expected value.
  • Searched for and was unsuccessful in finding that old hostname stored in any text/config file in either /etc/datasync, opt/novell/datasync or anywhere in /var on the old mobility server, and nowhere on the master domain server. (The search for which caused the boot volume of the master domain server to corrupt BtrFS into a read only doorstop)
  • I looked through enumerations on the master domain to see if it might be stored in the domain databases, but did not see anything that jumped out (I did not look at *every* enumeration as that undertaking was not happening at the early morning hour when I was working on the problem)
  • Rebuilt the master domain server from the ground up (fresh SLES 12 / GW domain install / restore domain from backup)
  • Tried upgrade from 14.2.2 to 2018 as well as clean install directly to 2018


As I said, I have them running on Mobility 14.2.2 for the time being, and that is working fine.. Just not the desired end result..

My next test step is to run up a new VM with a clean install of SLES 12, add an entry for the old hostname for the master domain and its current IP address in the Mobility servers hosts file and try loading Mobility 2018 again... If that doesn't work, change the master domain servers hostname back to that old hostname and try again.. It would be nice to know where it is drawing that information from.

The big question is - once the connection is established, does Mobility 2018 require that information again? Obviously would like to keep things consistent and have all GW servers using the same DNS domain naming

Thanks!

Mike
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Mike

Please just double check something for me as I can't find this piece of information in your posts above... please tell me you are using the 18.0.1 version of GMS?

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Absent Member.
Absent Member.

GMS install is trying to validate your domains admin certificate. Check what host name to use:

1. on domain server to to /opt/novell/groupwise/certificates/<longhashdir>
2. find your domains admin cert admin.domname.crt.
3. run openssl x509 -text -in admin.domname.crt | grep DNS This shows the subject alternative names in the cert. Example output:

DNS:grpwise.acme.com IP Address:10.10.10.10

Use the DNS name from this output.

--Morris
0 Likes
Highlighted
Contributor.
Contributor.

mblackham;2477602 wrote:
GMS install is trying to validate your domains admin certificate. Check what host name to use:

1. on domain server to to /opt/novell/groupwise/certificates/<longhashdir>
2. find your domains admin cert admin.domname.crt.
3. run openssl x509 -text -in admin.domname.crt | grep DNS This shows the subject alternative names in the cert. Example output:

DNS:grpwise.acme.com IP Address:10.10.10.10

Use the DNS name from this output.

--Morris


Morris,

Thanks - this got me information I did not previously have. This verified that the admin certificate currently matches what I would have expected it to show (i.e. the *new* hostname).. which got me thinking - at some point in my sleep deprived state, I vaguely recall forcing it to generate a new self-signed certificate on the master domain server, then installed the public wildcard certificate/key pair - but may not have tested the installation of Mobility 2018.0.1 after that point. I suspected it had something to do with the admin certificate getting updated, just didn't know the openssl command to verify. You sir, are a Godsend! (and tells me I need to get more familiar with the openssl commands)

To verify, I just built a new VM and tested a clean install of Mobility 18.0.1 after checking the domain admin certificate - and for good measure, added the dns info for the master domain server in the mobility servers etc/hosts file... End result is - we are the proud parents of a working Mobility 18.0.1 server..

Many thanks!

Mike
0 Likes
Highlighted
Contributor.
Contributor.

Yes - was using 18.0.1 - see reply to mblackham below..

must have been storing the info in the original master domain admin certificate, which somewhere along the line got updated with the new server host/domain name

Thanks for the assist!

Mike
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Mike,

Very happy that you are up and running 🙂

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.