Highlighted
Acclaimed Contributor.. FrankMortensen Acclaimed Contributor..
Acclaimed Contributor..
203 views

Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi,

We have very recently carried out an in-place upgrade of OBM 10.63 to 10.80 (2019.05) classic version on Windows  in a test environment. The environment consists of one primary DPS, one secondary DPS and two GWS' that are behind a BigIP load balancer.

We use TLS for the consoles. After the upgrade we are still able to log on to OBM if we go directly towards the GW-servers, i.e. https://<GW_server_name>/omi. If we try via BigIP, however, i.e. https://<big_ip_name>/omi we get a "Secure Connection Failed" error (in Firefox, with a similar error message in IE). The exact same URL worked fine before the OBM-upgrade...

The load balancers are configured to balance at layer 1-3 only. The TLS-sessions are i.e. terminated on the OBM-servers.

Any idea what what could be the cause of this?

BR,
Frank Mortensen
Managon AB

0 Likes
9 Replies
Micro Focus Expert
Micro Focus Expert

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi,

I haven't done this upgrade, but I'm wondering if new certs were generated during the upgrade, and maybe they have something missing?  Do the certs have subject alternative names for the VIP addresses?

Regards,

Tim

Acclaimed Contributor.. FrankMortensen Acclaimed Contributor..
Acclaimed Contributor..

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi,

Thanks for your reply.

During the upgrade phase we did choose to use TLS and we then installed the same server certificate files that we used when installing previous OBM version. And these do have SAN's matching the load balancer name, yes 😞

Good tip, though!

Anything else that we should check?

Cheers,
Frank

 

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi Frank,

I haven't done this upgrade.  Did it involve an uninstall/reinstall?  If so, it's possible that Apache config for the load balancer VIP was lost.  Can you check the virtual host settings in Apache?

Also, check the URL settings in Platform / Infrastructure Settings in case they were changed or lost.

Regards,

Tim

Outstanding Contributor.. andreask Outstanding Contributor..
Outstanding Contributor..

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hello Frank,

i am sure you tried already to run the config wizard one time? this fixed for me sometimes strange issues after an upgrade.

 

I dont have LBs in my small test environment. so i didnt come over this issue.

 

0 Likes
Acclaimed Contributor.. FrankMortensen Acclaimed Contributor..
Acclaimed Contributor..

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi,

Thanks for the tip. Yes, we have run it once more. At least on DPS2, GW1 & GW2, and the reason why we did that was that the wanted to upload the Certificate files for each individual server once more, as we experienced during the initial upgrade that the certificate field names were pre-filled with filenames, although we had only provided those filenames on the DPS that we configured first.

Furthermore, the upgrade guide is very confusing on some points. At one stage it for instance mention that we have to at upgrade at least one GW before starting the DPS, but at another stage it mentions that that the DPS should be started before continuing... Or something like that. I don't recall the exact detail now, but it was impossible to fullfil both those requirements... We chose to upgrade one (actually both) Gateways and even the DPS2 before starting anything.

Cheers,
Frank

0 Likes
Acclaimed Contributor.. FrankMortensen Acclaimed Contributor..
Acclaimed Contributor..

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi Tim,

Yes, this involved an uninstall and reinstall.

I have looked through the httpd.conf file, as well as a few files in the conf\extra subdirectory, and I have compared it all to the equivalent files on another test OBM-environment that still runs 10.63. I do not find the VIP anywhere in those config files. I do not really see any other big differences between those files in the two OBM-environments either (except for a few changes that would be expected due to the fact that RTSM/UCMDB has been decoupled from OBM and is now based on a Local Client rather than a traditional web UI).

I have also had a look into the I/S settings. I see correct entries for both the "Default Virtual Gateway Server for Application User URL" and the "Frontend URL" settings. Both these show the correct URL of the LB.

Any other ideas? Anything more specific that I should look for in the Apache-files or elsewhere?

Cheers,
Frank

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi Frank,

I don't have a load balanced environment to play with righ tnow, but I found some instructions for a BSM 9.2x environment I worked on where the virtual host needed to be added to <HPBSM>\WebServer\conf\extra\httpd-ssl.conf.

Find this in the httpd-ssl.conf file:

<VirtualHost gateway.fqdn:443>

Then add below it:

   ServerName gateway.fqdn

   ServerAlias vip.fqdn

 

Also check that <HPBSM>\WebServer\conf\httpd.conf does call extra\httpd-ssl.conf:

Include conf/extra/httpd-ssl.conf

But I expect that is already set if using TLS anyway.

I can't think of anything else at the moment, other than any changes to client requirements in the support matrix for the new version.  Can you share a screen shot of the exact error in the browser?

Regards,

Tim

 

0 Likes
Acclaimed Contributor.. FrankMortensen Acclaimed Contributor..
Acclaimed Contributor..

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Thanks again, Tim.

The get a message simply stating "Could not establish a secure connection". No certs are associated with that web page or anything, and we are not presented with an option to trust the site or similar.

I had a look at the httpd-ssl.conf file yesterday, actually. It contained no specific setting for the load balancer. But neither do the equivalent file at the other OBM installations that are in fact available even via the load balancer. So there must be something else...

We have opened a support case on this one now. And, furthermore, I have now left this customer for the summer... So my colleague with follow up the support case. 

I will update this case with any relevant info in August, when returning to the customer... 🙂

Cheers,
Frank

 

0 Likes
Acclaimed Contributor.. FrankMortensen Acclaimed Contributor..
Acclaimed Contributor..

Re: Problems reaching OBM through Load Balancer after upgrading to 2019.05

Hi

A short update regarding this problem, now that I am back at the customer's site. The info. is not going to help anyone, though...

Because now it works fine to access OBM via the LB, despite that fact that none of my OBM colleagues are aware of any changes being done during the summer... I have talked to the LB guys as well, and they claim that the LB's have not been reconfigured or restarted during the summer either.

MF Support was to no help this time, unfortunately. But I requested them to close the case, considering the fact that it works now.

Cheers,
Frank

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.