Re: Can´t grant certificate request from managed node (640 Views)
Reply
Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 1 of 8 (652 Views)
Accepted Solution

Cant grant certificate request from managed node

HI all,

 

Im using OMU 8.35

 

Im facing problem with tow servers while Im trying to grant the certificate,the garnting is taking too much time,and i got below error message :

 

Signed certificate could not be delivered to node. Could not send response after 120 retries (OpC40-2063)

 

anybody faced this problem & how to solve it ??

Please use plain text.
Trusted Contributor
Aleherma
Posts: 123
Registered: ‎05-18-2012
Message 2 of 8 (640 Views)

Re: Can´t grant certificate request from managed node

[ Edited ]

Hello Wael,

 

Is bbc communication working fine between node and manager?

 

From the node:

 

#bbcutil ping <fqdn_ms>

#bbcutil ping <ip_ms>

 

 

From the management server:

 

#bbcutil ping <fqdn_node>

#bbcutil ping <ip_node>

 

If those outputs show any errors, please verify if there is a firewall between the agent and the server. Also, check if port 383 is open (you can try to telnet to the port to verify)

 

Once you verify this, an easy way to reissue certs is this:

 

On node:

 

ovcert -list
ovcert -remove <output of previous command>
ovcoreid -create -force
ovcert -certreq

 

Finally, keep in mind that OMU 8 is currently out of support. I recommend you to move to version 9 at your earliest convenience.

 

 

Best regards,

 

Alex.

 

 

 

 

Alex Herrera
OMU support
TSIA Certified Support Professional (Chris Reed)
aleherma@hp.com

HP Software values your feedback regarding your overall Support experience. Contact us at software.satisfaction@hp.com or my manager directly.



Please use plain text.
Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 3 of 8 (619 Views)

Re: Can´t grant certificate request from managed node

Hi Alex,

 

the port 383 is enabled !!

 

i got below error on my browser for the managment server :

 

Certificate Server Adapter can not handle certificate requests
because it could not connect to the OV Certificate Server process on the node.
Check whether the process is running. (OpC40-2112)

 

is it releated to my issue ?

Please use plain text.
Honored Contributor
Goran Koruga
Posts: 1,271
Registered: ‎12-05-2002
Message 4 of 8 (617 Views)

Re: Can´t grant certificate request from managed node

Hello.

 

Most likely it is - it's the 'ovcs' process which does part of the job so without it it's not going to work.

 

Try to start it (using ovc) and also verify you have the latest HPOvSecCS patch installed for OMU 8.x

 

Regards,

     Goran

Please use plain text.
Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 5 of 8 (613 Views)

Re: Can´t grant certificate request from managed node

Hi Goran,
many thanks for your reply,

how to check the ovcs process installed patch ?

what is the command to check the installed patch for ovcs please ?
Please use plain text.
Honored Contributor
Goran Koruga
Posts: 1,271
Registered: ‎12-05-2002
Message 6 of 8 (596 Views)

Re: Can´t grant certificate request from managed node

Hello.

 

You should specify your platform first.

 

For platform independent way look at this output:

 

ovconfget -ovrg server opc.patches

 

And for this patch only:

 

/opt/OV/contrib/OpC/HPOvSecCS/HPOvSecCS.readme

 

Regards,

     Goran

Please use plain text.
Trusted Contributor
Aleherma
Posts: 123
Registered: ‎05-18-2012
Message 7 of 8 (590 Views)

Re: Cant grant certificate request from managed node

Wael,

 

Use the ovc -status command on the managment server and let us have the output.

 

If you see the ovcs process stoped, run this command:

 

more  /var/opt/OV/log/System.txt | grep ovcs

 

That should give us some clues on how to proceed.

 

Also, check if the agent processes are running as well, from the managment server:

 

ovdeploy -cmd "opcagt -status" -node <node_with_issues>

 

Regards,

 

Alex.

 

 

Alex Herrera
OMU support
TSIA Certified Support Professional (Chris Reed)
aleherma@hp.com

HP Software values your feedback regarding your overall Support experience. Contact us at software.satisfaction@hp.com or my manager directly.



Please use plain text.
Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 8 of 8 (574 Views)

Re: Cant grant certificate request from managed node

many thanks all,

 

problem solved,the telnet was disabled from managment server to target node.

 

 

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation