on 10-16-2017 8:44 AM
Hello,
we installed new Solution Manager 7.2 SP5. The installation was succesfull and all steps System preparation, Basis Configuration and Infrasructur Preparation are green. Now we connect the Managed Systems and facing problems with security settings. We connect via MS/P4S that works fine but the "Agent verifies Server identity" doesen't work. In the logs I can see the error, that the Message Server certificate seems to be not in the Trusted CA. Usualy push the button "Update list of trusted CA" in the Agent security should be the solution. I read a lot of Wiki's and Notes but nothing help.
What is wrong?
Any help are welcome
Best regards
Markus
Hello,
As far I know there was a bug in connectivity with P4S port. as per SAP note:
2426821 - Activity 'Generate System-Level Metrics' fails with error: The remote Call for the generation of system-metrics templates failed - Solution Manager 7.1 & 7.2
Please look ar notes below...
2322555 - Connect the Diagnostics Agent to Solution Manager 7.2 using SSL
Let me know if you still facing this issue.
Regards,
Yogesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Yogesh,
sorry for the delay, I do something other things in the Project. Thanks for your quick answer, but unfortunately the problem still exist. The note 2483117 describe exactly my problem but doesen't help too. We configured the connection via MS Server with https. If we start the Message Server I can see some errors like this in the ms server log dev_ms:
*** ERROR => MsSSLThread: SapSSLRead (rc=-10) SSSLERR_CONN_CLOSED [msxxhttp.c 6913].
Additionally logfiles were checked: defaulttrace.trc from the cluster notes show for every connected agent:
[DCCAgentStatusPush.register] Error to push agent event xxxxxcc
Caused by: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
For Server:
Sending CA certificate to agent xxxxxxxxxxxxxxxxxxxx failed.
Caused by: java.rmi.RemoteException: Request rejected; nested exception is:
com.sap.smd.server.manager.SMDException: Message server certificate not in TrustedCAs
In my opinion when we try to push the new ca list to the agent we get the error described above. Where ist the CA List saved for the agents and where i can check the content of the list. I maintain the certificates in the NWA "certificates and keys) and try lot of but nothing helps.
Have you an idea?
Thanks in advance
Markus
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.