We are having problem to grant certificates on OMi.
After deploy an agent version 12.00, We change some agent configuration as below.
ovconfchg -ns eaagt -set OPC_NODENAME <SERVER_NAME>
ovconfchg -ns eaagt -set OPC_IP_ADDRESS <SERVER_IP_ADDRESS>
ovconfchg -ns bbc.cb -set SERVER_BIND_ADDR <SERVER_IP_ADDRESS>
ovconfchg -ns bbc.http -set SERVER_BIND_ADDR <SERVER_IP_ADDRESS>
ovconfchg -ns bbc.http -set CLIENT_BIND_ADDR <SERVER_IP_ADDRESS>
after this, We send another ovcert -certreq, and on OMi Certificate Request page the certificate appears, but after Accept, the status stay in "Granted" and never changes.
We tested route, icmp, name resolution and agent configuration, but any server that I try to certificate this happens.
Have Anyone already seen that?
I tried unninstall and install again, deleted the node first on OMi, but still happening the same.
I Understood what you said, This is information was from our HP architect that is working in this project.
I will ask for the part of documentation that is saying this.
But even I need use GW as certificate server, I got the same problem to granbt the certificate, I think we have a communication problem.
Before start this topic, I was using the gateway server as certificate server, so it's not the root cause.
Do you have some tests to I perform here?
We called the HP support that analyzed and suggested to reinstall all the environment because some problem found probably in the future could impact in other problems.
But after reinstall we faced other certificate problems, so them after many tests I could understand how exactly works in OMi 10 in a distributed environment with multihomed ip address devices.
When you install without configure any custom settings, the agent send the certificate to Gateway using the main interface.
when you grant in console, isn't the gateway that send the certificate back, the DPS that send the certificate back, so your agent needs to communicate with you DPS too.
Our environment doesn't use the main interface (production) to monitor the devices, so we need to set some configurations in the agent to all communication use the administration interface (secondary interface).
After the installation We configured the parameters below and resent the ovcert command.
ovconfchg -ns eaagt -set OPC_IP_ADDRESS <AGENT_IP_ADDRESS>
ovconfchg -ns bbc.cb -set SERVER_BIND_ADDR <AGENT_IP_ADDRESS>