Installed agent in a linux server and ran the opcactivate utility to set the manager and certificate server. It ran successfully, but certificate request didnt show up in OMi console.
Triggered it manually via cmdline, ovcert -certreq, still it didnt show up.
when checked the pending certificate list in management server, it didnt show up there as well.
PING and Telnet to port 383 is fine bi directionally.
But one thing noticed is bbcutil -ping is throwing SSL error and didnt show the core id of the node when ran from OMi GW server.
Kindly help on this.
Thanks much for your help.
The issue has been resolved. There was a mismatch in the host file entry on the managed nodes. Once it has been corrected, certificate reached the Management server.
Thanks again for your help.
SSL error is expected, because certifict is not granted and no SSL communicaiton possible.
Is communication from node to DP server woerking. Cetifites are prcessed by DP. Try from manegd node
bbcutil -ping http://<dp server>:383
and from DP to managed node
bbcutil -ping http://<managed node>:383
my 2 cents,
Thanks for the quick response.
Checked the commands,it is workig fine from both the ends. Returned results successfully from node and DP server.
But still certificate is not showing up.
Ours is a standalone environment.
Go and check the opeartion agent configuration file properties on the server from where you have triggered the certifcate request.
Verify the primary manager name and the core id with management server.Also verify the license manager of the node.
If values are not correct then please change and regenerate the cert req from node and then grant the cert from cosole or command line.
You specified the GW as manager and cert server, right? You checked the pending certificates on the DPS right?
If the configuration is ok, try to restart the WDE on the GW and trigger a cert request again. Are there more than one DPS?
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of Micro Focus.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution.
I have seen an issue twice where certificate were received successfully but now shown in GUI. Do you see certificate request when running "ovcm -listpending -l" ? -KAKA-
yeah checked in the command line, but the certificate is not showing there as well.
@gun339 Ours is a standalone environment, both GW and DPS in a single server. Yeah checked the ovconfget in the node, it is showing manager and certificate servers as the OMi management server.
@Rosen_K The certificates are coming from other servers, only from these 2 servers it is not coming.
I guess there is some problem on the server where the agent is installed.
Please try below steps to fix the issue.
1. Remove the agent from the server,
2. Reboot the server after deinstallation.
3. Install the agent agent
4. Generate the certificate request.<ovcert -certreq>
5. Grant either through command line or OMI GUI. <ovcm -listpending> copy the certificate and then grant <ovcm -grant "reqid">.
Tried all the given steps except server reboot, because it is not quite easy to get approval for reboot.
So without that tried all the steps, still it didnt show up.
First try this command from the agent node.
cscript oainstall.vbs -srv <management_server_host_name> -cert_srv <certificate_server_host_name>
Second, certificate server cannot be resolved (could be due to a DNS issue or typo mistake) by Agent node.
1.Check configured OMi server name for Agent using ‘ovconfget sec.cm.client’
2. If required then change OMi server name for Agent using ‘ovconfchg –edit’ and Check that the correct certificate server (FQDN) is in the following namespace:
3.After making correction, retrigger the certificate request from the Agent "ovcert –certreq"
4.On the OMi system, the certificate request also needs to be granted. Use below given commands to view arrived certificate request and to grant request for Agent. "ovcm -listpending" and "ovcm -grant <requestid>"
5. To verify that the certificate request and grant was successful, execute the following command on Agent node "ovcert -list"
@Arunhclite - as you mentioned that this issue is seen only for few nodes i believe cert request is not even reaching to server. in such case it would be nice to see a trace of ovcert, while running 'ovcert -certreq' command.
I ran a normal traceroute to the OMI server from the managed server. It didnt completed successfully.
But it is the same case with a NO CERIFICATE issue server as well. So I hope this wont be the issue. Also let me know the command to run a traceroute for a specific command like ovcert -certreq
Please go through the below links.
Hello @Arunhclite ,
Can you check if your server (monitored node) have more than 1 NIC cards? A few days back I did an RCA for a similar issue where the server had 2 NIC Cards. During Telnet and ping request was going from Secondary (Internal) NIC and results were successful However, Certificate request was going out via primary (External) NIC which was blocking the traffic. (Modifying Server routes did not help)
Try to import certificate manually. Reference Link
1) On primary DPS Server: ovcm –issue –file “<output location where the certificate would be saved and name of the file>” –name <FQDN of the OA> -pass <password of your choice> -coreid <Core ID of the OA>
2) On monitored Node: ovcert –importcert –file <path to the certificate> -pass <pass>
#If the monitored node is in a different domain to that of your OMi servers, go to "Monitored Nodes" of OMi and select the server. Check if you see only "server name" or "server FQDN". If it's only server name, EDIT it to "Server FQDN" and validate the IP address(s).
Also, follow this link if you have issues with Core ID, click here.
I've sen this happen if the server is multihomed meaning cert req goes out an interface that doesnt match the ip address thats in dns and mgmt server cant resolve. make sure if its multihomed you set the ip address in the agent config, restart the agent, and send the cert request see if that helps if this scenario exists for you