Adding more some spice to work, my second agent deployment failed with the following error!
Agent verification failed. Error detail: The server certificate on the destination computer (redhatfs.mydomain.local:1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate contains a common name (CN) that does not match the hostname.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: redhatfs.mydomain.local.
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
The server certificate on the destination computer (redhatfs.mydomain.local:1270) has the following errors:
The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
The SSL certificate contains a common name (CN) that does not match the hostname.
It is possible that:
1. The destination certificate is signed by another certificate authority not trusted by the management server.
2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection. The FQDN used for the connection is: redhatfs.mydomain.local.
3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
The common name in the certificate received from my redhat server was not correct. why??
due to my carelessness, in my first attempt, I had tried to deploy the agents BEFORE creating the DNS host record! When this happens, the agent on Redhat Server sends a certificate with localhost as the CN for the Management Server to sign and verify. Correcting myself, I created a DNS record for the Redhat server and tried redeploying the agent but no luck while the same error kept coming up.
I removed the Opsmanager agent in Redhat but still no luck.
command: rpm –e scx
trying to solve the issue, I came across the following article on how to change the CN of the certificate presented to the management server.
http://technet.microsoft.com/en-us/library/dd891009.aspX
Eventhough you remove the scom agent on linux, it will not delete the old certificates. you need to change the values of CN to the FQDN of the redhat server. Deleting the files deployed by the agent will work. These files are located in /etc/opt/microsoft/scx folder.
agent deployment for linux servers are not as straight forward as windows servers. Check you covered up your prerequisites! click here for the steps.
I changed the CN to the hostname of the redhat server and tried agent deployment again. and it did succeed!!
Called it a day!
No comments:
Post a Comment