cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SMD Agent verifies server identity not working

bully
Explorer

on ‎10-16-2017 8:44 AM

0 Kudos

Hello,

we installed new Solution Manager 7.2 SP5. The installation was succesfull and all steps System preparation, Basis Configuration and Infrasructur Preparation are green. Now we connect the Managed Systems and facing problems with security settings. We connect via MS/P4S that works fine but the "Agent verifies Server identity" doesen't work. In the logs I can see the error, that the Message Server certificate seems to be not in the Trusted CA. Usualy push the button "Update list of trusted CA" in the Agent security should be the solution. I read a lot of Wiki's and Notes but nothing help.

What is wrong?

Any help are welcome

Best regards

Markus

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

patelyogesh
Active Contributor
‎10-18-2017 3:48 PM
0 Kudos

Hello,

As far I know there was a bug in connectivity with P4S port. as per SAP note:

2426821 - Activity 'Generate System-Level Metrics' fails with error: The remote Call for the generation of system-metrics templates failed - Solution Manager 7.1 & 7.2

Please look ar notes below...

2322555 - Connect the Diagnostics Agent to Solution Manager 7.2 using SSL

Let me know if you still facing this issue.

Regards,

Yogesh

Show replies
Show replies
bully
Explorer
‎11-30-2017 9:15 AM
0 Kudos

Hello Yogesh,

sorry for the delay, I do something other things in the Project. Thanks for your quick answer, but unfortunately the problem still exist. The note 2483117 describe exactly my problem but doesen't help too. We configured the connection via MS Server with https. If we start the Message Server I can see some errors like this in the ms server log dev_ms:

*** ERROR => MsSSLThread: SapSSLRead (rc=-10) SSSLERR_CONN_CLOSED [msxxhttp.c 6913].

Additionally logfiles were checked: defaulttrace.trc from the cluster notes show for every connected agent:

[DCCAgentStatusPush.register] Error to push agent event xxxxxcc

Caused by: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

For Server:

Sending CA certificate to agent xxxxxxxxxxxxxxxxxxxx failed.

Caused by: java.rmi.RemoteException: Request rejected; nested exception is:
com.sap.smd.server.manager.SMDException: Message server certificate not in TrustedCAs


In my opinion when we try to push the new ca list to the agent we get the error described above. Where ist the CA List saved for the agents and where i can check the content of the list. I maintain the certificates in the NWA "certificates and keys) and try lot of but nothing helps.

Have you an idea?

Thanks in advance

Markus

Ask a Question