Super Contributor.. LuiR Super Contributor..
Super Contributor..
547 views

Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Hi

I am getting an error while trying to deploy Policies and Assignments to nodes i have migrated to OMi. The error is: com.hp.ov.sec.core.SecCoreCertificateException (see screenshot)

I am in the process of testing the Agent migration from OMW to OMi, currently i am trying this on 3x testnodes. I am getting the same error on all 3. I have followed these steps from the evolution and admin guide:

Establised trust between OMW and OMi using "BBCTrustServer". And by exporting certificates from OMW to OMi.
Created the OMi GW in OMW as a node and entered the "ovcoreid -ovrg server" from OMi GW.
Updated trusted certificates on test nodes. with ovcert -updatetrusted
Tested SSL conenction between OMW-OMi and to and from both of those from some test nodes using bbcutil -ping https://
Deployed a Flexible Management template that allowed both OMW and OMi.
Tested the connection by listing policies on the testnode from OMi:

E:\HPBSM\opr\bin>ovpolicy -list -host hp-test-2.int.stofa.dk -ovrg server
* List installed policies for host 'hp-test-2.int.stofa.dk'.

Type Name Status Version
--------------------------------------------------------------------
mgrconf "ManagementResponsibilitySwitch-OpsB" enabled 0001.0002
msgi "opcmsg" enabled 0011.0000


Ran the "opr-agt.bat -switch_manager" on the OMi GW to set OMi as primary manager:

E:\HPBSM\opr\bin>opr-agt.bat -username xxx -password xxx -switch_manager -node_list hp-test-2.int.stofa.dk -dont_check_database
hp-test-2.int.stofa.dk:383: OK
Value for CERTIFICATE_SERVER changed from: omw-hors-1.int.stofa.dk to: hp-opsbgw-1.int.stofa.dk
Value for MANAGER changed from: omw-hors-1.int.stofa.dk to: hp-opsbgw-1.int.stofa.dk
Value for MANAGER_ID changed from: 6520c692-111f-756d-0295-ff76077770c0 to: b3fdef38-9888-4402-8857-20f20cd9c572


Afterwards the testnode got created in RTSM and my automatic assignment rule tried to deploy a management template to the testnode. This failed with the mentioned error: com.hp.ov.sec.core.SecCoreCertificateException

I am able to send opcmsg events from the testnode to OMi, i am also still able to deploy policies to the testnode from OMW.

0 Likes
1 Solution

Accepted Solutions
Highlighted
Super Contributor.. LuiR Super Contributor..
Super Contributor..

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Issue is resolved after reboot of OMi GW and DPS. Thanks for your time and suggestions.

0 Likes
6 Replies
David_Padilla Absent Member.
Absent Member.

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Hello,

 

I hope you are having a great day.

 

Could you please try to restart the agent in the node:

 

  • ovc –kill
  • opcagt –kill
  • ovc –start
  • opcagt –cleanstart

 

We checked some related issues and the configuration will be taken after a restart of the Operation Agent. Also, please check in ovconfget:

  • MANAGER_ID à should be the ovrg id of OMi ( to know this run ovcoreid –ovrg server)
  • MANAGER à should be the FQDN of the Gateway server.
  • Also please check the variable LAST_TRUSTED_CERT_UPDATE .

Regards,

David E. Padilla Morales | SW Technical Support Consultant.

Operation Manager i

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

0 Likes
Super Contributor.. LuiR Super Contributor..
Super Contributor..

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Hi David

Thanks for your suggestions, unfortunally that did not work. I did try killing all and doing a cleanstart. The ManagerID and Manager hostname is correctly set to ovcoreid –ovrg server and hostname of OMi GW.

I have tried to workaround it by manually deleting the node certificate on the test server (not the trusted ones) and doing a new cert request, after i grant this on OMi it works. But i would hate to have to do this on all 500 of my servers manually.

0 Likes
Contributor.. Franky_V Contributor..
Contributor..

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Hi,

When you did delete manually the certificate and tried to redeploy the certificate, did it work afterward.  We need to pinpoint where the problem is.  If after the new certificate is installed it is still not working, there might be something else.

Let us know.

0 Likes
Super Contributor.. LuiR Super Contributor..
Super Contributor..

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Hi Franky

After manually deleting the certificate, requesting a new certificate, granting that on OMi, it worked.

But i was kind of hoping to not have to do this manually on all my servers.

0 Likes
Mukesh Patel_2 Trusted Contributor.
Trusted Contributor.

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Did you made both OVW and OMi as trusted servers? There is a tool script available to do that. Need to use ovrg server coreid of OMi server. 

0 Likes
Highlighted
Super Contributor.. LuiR Super Contributor..
Super Contributor..

Re: Unable to deploy Policies in OMi to nodes after migration from OMW (SecCoreCertificateException)

Jump to solution

Issue is resolved after reboot of OMi GW and DPS. Thanks for your time and suggestions.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.