Re: Cant grant certificate request from managed node (776 Views)
Reply
Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 1 of 8 (854 Views)
Accepted Solution

Cant grant certificate request from managed node

HI all,

 

Im using OMU 8.35

 

Im facing problem with tow servers while Im trying to grant the certificate,the garnting is taking too much time,and i got below error message :

 

Signed certificate could not be delivered to node. Could not send response after 120 retries (OpC40-2063)

 

anybody faced this problem & how to solve it ??

Trusted Contributor
Aleherma
Posts: 123
Registered: ‎05-18-2012
Message 2 of 8 (842 Views)

Re: Can´t grant certificate request from managed node

[ Edited ]

Hello Wael,

 

Is bbc communication working fine between node and manager?

 

From the node:

 

#bbcutil ping <fqdn_ms>

#bbcutil ping <ip_ms>

 

 

From the management server:

 

#bbcutil ping <fqdn_node>

#bbcutil ping <ip_node>

 

If those outputs show any errors, please verify if there is a firewall between the agent and the server. Also, check if port 383 is open (you can try to telnet to the port to verify)

 

Once you verify this, an easy way to reissue certs is this:

 

On node:

 

ovcert -list
ovcert -remove <output of previous command>
ovcoreid -create -force
ovcert -certreq

 

Finally, keep in mind that OMU 8 is currently out of support. I recommend you to move to version 9 at your earliest convenience.

 

 

Best regards,

 

Alex.

 

 

 

 

Alex Herrera
OMU support
TSIA Certified Support Professional (Chris Reed)
aleherma@hp.com

HP Software values your feedback regarding your overall Support experience. Contact us at software.satisfaction@hp.com or my manager directly.



Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 3 of 8 (821 Views)

Re: Can´t grant certificate request from managed node

Hi Alex,

 

the port 383 is enabled !!

 

i got below error on my browser for the managment server :

 

Certificate Server Adapter can not handle certificate requests
because it could not connect to the OV Certificate Server process on the node.
Check whether the process is running. (OpC40-2112)

 

is it releated to my issue ?

Honored Contributor
Goran Koruga
Posts: 1,298
Registered: ‎12-05-2002
Message 4 of 8 (819 Views)

Re: Can´t grant certificate request from managed node

Hello.

 

Most likely it is - it's the 'ovcs' process which does part of the job so without it it's not going to work.

 

Try to start it (using ovc) and also verify you have the latest HPOvSecCS patch installed for OMU 8.x

 

Regards,

     Goran

Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 5 of 8 (815 Views)

Re: Can´t grant certificate request from managed node

Hi Goran,
many thanks for your reply,

how to check the ovcs process installed patch ?

what is the command to check the installed patch for ovcs please ?
Honored Contributor
Goran Koruga
Posts: 1,298
Registered: ‎12-05-2002
Message 6 of 8 (798 Views)

Re: Can´t grant certificate request from managed node

Hello.

 

You should specify your platform first.

 

For platform independent way look at this output:

 

ovconfget -ovrg server opc.patches

 

And for this patch only:

 

/opt/OV/contrib/OpC/HPOvSecCS/HPOvSecCS.readme

 

Regards,

     Goran

Trusted Contributor
Aleherma
Posts: 123
Registered: ‎05-18-2012
Message 7 of 8 (792 Views)

Re: Cant grant certificate request from managed node

Wael,

 

Use the ovc -status command on the managment server and let us have the output.

 

If you see the ovcs process stoped, run this command:

 

more  /var/opt/OV/log/System.txt | grep ovcs

 

That should give us some clues on how to proceed.

 

Also, check if the agent processes are running as well, from the managment server:

 

ovdeploy -cmd "opcagt -status" -node <node_with_issues>

 

Regards,

 

Alex.

 

 

Alex Herrera
OMU support
TSIA Certified Support Professional (Chris Reed)
aleherma@hp.com

HP Software values your feedback regarding your overall Support experience. Contact us at software.satisfaction@hp.com or my manager directly.



Frequent Advisor
Wael_shayeb
Posts: 75
Registered: ‎06-27-2012
Message 8 of 8 (776 Views)

Re: Cant grant certificate request from managed node

many thanks all,

 

problem solved,the telnet was disabled from managment server to target node.

 

 

 

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.