Background, followed as per instructions, but when i submit the .req from BCM server, i dont see any pending request in CA Server nor available from the http://<CASERVERHOSTNAME/certsrv/

Any idea..?

Attached doc with screenshot: http://www.scribd.com/doc/111774777/BCM-Generating-Connection-Server-Cert

1. Followed the e.g as found in Examples and Templates in installation media.

2. COS.INF

[NewRequest]

Subject = "CN=COS.DOMAINAME.COM,O=DOMAIN,OU=SAP,L=EASTEND,S=ENGLAND,C=GB"

Exportable = TRUE

KeySpec = 1

KeyLength = 2048

MachineKeySet = TRUE

[EnhancedKeyUsageExtension]

OID = 1.3.6.1.5.5.7.3.1

Note: there wasn’t any extra space after the OID .1 as above.

3. In BCM Server,logged in as <sid>adm open up cmd as administrator

locate COS.INF and run the below command which created cos.req file

certreq –new cos.inf cos.req

4. In BCM Server performed the below steps, open up the link: http://<CASERVERHOSTNAME/certsrv/

Click on Request a certificate

5. Click on Advanced certificate request

6. Click on Submit a certificate request by using a base-64-encoded CMC......

7. Copy and paste the cos.req encrypted key into saved request box. Ensure there wasn’t any extra space after the ----

hit submit when youre done.

8. As per the instruction, i Hit on Home

9. I asked my IT Admin to login into CA directly and check if there is any pending request. As below screenshot taken from the CA server, there wasn’t any pending request though.

Below instruction, taken from BMC_7_Example_SP3.pdf

Well i don’t see anything on CA Server though. Why is this so?

But when i go back to BCM Server and access http://<CASERVERHOSTNAME/certsrv/

then View the status of a pending certificate.....

I don’t see any pending request, so where the cert request has gone...? why this is not working as i followed the same as per instruction....?

Well i manage to solve the .cer certificate generatiion by doing a good clean up. as below steps, but still cant bring up the IA, not sure the errors are related to Cert but it does look like it as thought BCM trying to connect to CA server to verify the authentication and its fail probably the user is just a <sidadm> in BCM server and required Admin access in CA server? Will try to perform as Admin of the CA server to generate the .cer? Next trail and error session...

Error

ERR> Peer/00D28540 [BCM00]: Connection server SSL open failed to [this.bcm.server.ip.address:21012] IssuedTo: COS.DOMAIN.COM IssuedBy: <sidadm> Store: HKLM/My

ERR> PeerManager/00D27F98: Error occurred while peer is going online: protocol error: TLS server open failed

ALW> Using working directory <C:\SAP\BCM\VU\BCM00\bin\>

WRN> Failed to initialize statistics : Error = [-4]

I perform this in BCM

1. delete 2 old COS/BCM .cer in mmc > Certificate > Personal > Certificate

2. delete .p7b cert in mmc > Certificate > Trusted Root Certification Authority > Certificate

3. reboot server

4. upload .p7b cert in mmc > Certificate > Trusted Root Certification Authority > Certificate

5. start submitting the .req for COS/BCM via http://CAHOSTNAME/certsrv

6. the last time around, when i submit i dont see it under "pending request via IE" nor in the CA server also i dont see the private key symbol which is required, so this time around download once submit, download directly as Base 64.still i dont see the private key symbol though. follow step 6 below.

7. open up cmd as administrator, certreq -accept cos.cer then you would be able to see the cos.cer automatically installed in mmc > Certificate > Personal > Certificate > cos.cer and you would see the private key symbol.

8. Hope this is correct.

I perform this in BCM IA

Infra Admin (IA)

9. added HAC node, named as BCM00, entered this BCM server ip address, ok, then set as local HAC Node click ok on home dir.

10. select base installation, ok, contain complete media file.

11. expand the block Deployment Variables for High Availability Controller.

Edit the properties:

 HAC Administration Users DOMAIN\<sid>adm

 Internal Server Certificate Common Name BCM.DOMAIN.COM

 Internal Server Certificate Issuer <sid>adm

 Client Certificate Common Name COS.DOMAIN.COM

 Client Certificate Issuer <sid>adm

 HAC Service Logon User Account DOMAIN\<sid>adm

 Password for HAC Service Logon User Account ********

12. save, apply all the changes and saved Model.wim at C:\SAP\BCM\VU\BCM00\etc

13. SAP BCM services created, and the log as user is domain\<sidamd>, service started fine. no issue.

14. connection > connect to

Username DOMAIN\<sid>adm auto populated, Certname: COS.DOMAIN.COM auto populated, entered password and ok.

15. Well within 20 sec it goes down,to health status failed.

Alarm.log

<ALARM NAME="INIT" SEVERITY="NOTIFY" TIME="2012-11-02 08:51:50">

    <PROCESS>HAC</PROCESS>

    <INSTANCE>BCM00</INSTANCE>

    <HOST>DOMAIN</HOST>

    <REASON>INIT OK</REASON>

</ALARM>

<ALARM NAME="PROCESS" SEVERITY="NOTIFY" TIME="2012-11-02 08:51:50">

    <PROCESS>HAC</PROCESS>

    <INSTANCE>BCM00</INSTANCE>

    <HOST>DOMAIN</HOST>

    <REASON>PROCESS OK</REASON>

    <DESC>Main thread restarted</DESC>

</ALARM>

<ALARM NAME="ELEMENT0" SEVERITY="MINOR" TIME="2012-11-02 08:52:11">

    <PROCESS>HAC</PROCESS>

    <INSTANCE>BCM00</INSTANCE>

    <HOST>DOMAIN</HOST>

    <RELATES>Admin node [Remote IA]</RELATES>

    <REASON>element failed</REASON>

    <DESC>A system model element has failed due to reason in additional data</DESC>

    <DATA>No connection to node within silent loss time</DATA>

</ALARM>

HAC_DOMAIN_BCM00.log

08:51:50.161 (03028/ServiceMain) INF> *** Service main thread started <SAP BCM HAC BCM00> ***

08:51:50.161 (03028/ServiceMain) INF> Set service status [2=START PENDING]: ExitCode=[0], WaitHint=[3000]

08:51:50.162 (03028/ServiceMain) INF> Service initialization started

08:51:50.162 (03028/ServiceMain) ALW> Start HAC Service <SAP BCM HAC BCM00>

08:5150.162 (03028/ServiceMain) ALW> HAC version: 7.0.3.100

08:51:50.162 (03028/ServiceMain) ALW> Using working directory <C:\SAP\BCM\VU\BCM00\bin\>

08:51:50.163 (03028/ServiceMain) WRN> Failed to initialize statistics : Error = [-4]

08:51:50.163 (03028/ServiceMain) INF> Instance parameters read from registry.

08:51:50.163 (03028/ServiceMain) INF> Using the system configuration data from file <C:\SAP\BCM\VU\BCM00\etc\hacmodel_BCM00.xml>.

08:51:50.163 (03028/ServiceMain) INF> ELEMENT [New system] ID [1]: Role set to [ACTIVE]

08:51:50.164 (03028/ServiceMain) INF> ELEMENT [BCM00] ID [3]: Role set to [ACTIVE]

08:51:50.164 (03028/ServiceMain) INF> ELEMENT [BCM00] ID [3]: Status set to [INACTIVE] due to Detected power off

08:51:50.164 (03028/ServiceMain) INF> ELEMENT [BCM00] ID [3]: Status set to [UNKNOWN] due to went offline

08:51:50.164 (03028/ServiceMain) INF> Admin node [Remote IA]: Role set to [ACTIVE]

08:51:50.164 (03028/ServiceMain) INF> Admin node [Remote IA]: Status set to [INACTIVE] due to Detected power off

08:51:50.164 (03028/ServiceMain) INF> Admin node [Remote IA]: Status set to [UNKNOWN] due to went offline

08:51:50.164 (03028/ServiceMain) INF> System model created and ready.

08:51:50.164 (03028/ServiceMain) INF> Successfully copied the system configuration data to registry.

08:51:50.164 (03028/ServiceMain) ALW> Running as node [BCM00] of system [New system] version 15

08:51:50.171 (03028/ServiceMain) INF> Service initialization completed

08:51:50.171 (03028/ServiceMain) INF> Set service status [4=RUNNING]: ExitCode=[0], WaitHint=[0]

08:51:50.172 (03396/SystemManager) ALW> HAC System Management Process started

08:51:50.176 (00972/PeerManager  ) ERR> Peer/00D28540 [BCM00]: Connection server SSL open failed to [this.bcm.server.ip.address:21012] IssuedTo: COS.DOMAIN.COM IssuedBy: <sidadm> Store: HKLM/My

08:51:50.177 (00972/PeerManager  ) ERR> PeerManager/00D27F98: Error occurred while peer is going online: protocol error: TLS server open failed

08:51:50.178 (03396/SystemManager) INF> ELEMENT [New system] ID [1]: Status set to [ACTIVE]

08:51:50.179 (03396/SystemManager) INF> ELEMENT [New system] ID [1]: Health set to [NORMAL]

08:51:50.179 (03396/SystemManager) INF> ELEMENT [New system] ID [1]: Reached the desired status [ACTIVE]

08:51:50.179 (03396/SystemManager) INF> ELEMENT [BCM00] ID [3]: Status set to [ACTIVE] due to Detected power on

08:51:50.179 (03396/SystemManager) INF> ELEMENT [BCM00] ID [3]: Health set to [NORMAL] due to Default health

08:51:50.179 (03396/SystemManager) INF> ELEMENT [BCM00] ID [3]: Reached the desired status [ACTIVE]

08:51:50.182 (03396/SystemManager) INF> Admin node [Remote IA]: Status set to [INACTIVE] due to Detected power off

08:52:11.112 (03396/SystemManager) INF> Admin node [Remote IA]: Health set to [FAILED] due to No connection to node within silent loss time

08:52:11.112 (03396/SystemManager) INF> Admin node [Remote IA]: Reached the desired status [INACTIVE]

Hi Ramesh

If Virtual services are going down in 20 seconds of time then you must check your certificates, If certificates are generated by local CA then they must have key symbol on them. if that is there then only your virtual services will run.

Regards,

Deepak

Hi Ramesh,

If you are now able to log into the IA then that is good. 

If the local HAC node is failing within 20seconds with a big RED X this is more likely due to the account that is running the BCM HAC service on the server.

The first thing you should check is to make sure in your services your SAP BCM HAC service has actually started and is running:

Next you need to make sure the service is running using the EXACT SAME ACCOUNT as the account you are using to log into your IA with.  If this account is not the same or if you are having trouble reset the user logon properties on the SAP BCM HAC node to be the same, apply and restart the service.

If all this is correct and you are still seeing a red X through the HAC node see if at the bottom status bar of your IA it says (view only) if the bottom status bar says (view only) and in the activity log you have several red messages then your certificate is not playing nice with the IA. 

If that is the case when you log into the IA untick the box that says "Authenicate User Locally before going online"

If none of those options work then you still have a certicate problem.  Make sure the CA is also in your trusted roots of the local computer as well as the server certificate you generated is in the local computer account for personal certificates.

Thanks,

Marcus McCutchen

Hi Marcus,

I have stuck on the same issue...

I have checked all three areas you mentioned with no luck...

could you inform where else should I dig??

kindly find attached screenshot of the configs and event log...

Dear Ahmed,

Are you still facing the issue? If yes, then please check whether your certificates have key symbol on it?

Regards,

Deepak

Hi Deepak,

I passed this issue. The problem was in the certificate. I issued a new Internal certificate (no connection certificate required to communicate with HAC node)

I left certificate name blank in connect...

my issue now is that when I added database virtual unit and edited some variables as per installation example document then added instance BCM00 as per the below snapshot, Databases haven't been created in SQL server management console

kindly find logs below

12:29:03.493 (02312/IpcWorker    ) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50152]: Connection lost

12:29:03.493 (02312/IpcWorker    ) INF> ELEMENT [BCM00] ID [3]: Failed to receive new system model data as requested from node [192.168.1.226:50152]

12:47:11.367 (00684/IpcWorker    ) INF> Admin node [192.168.1.226:50158]: Role set to [ACTIVE]

12:47:11.368 (00684/IpcWorker    ) INF> ELEMENT [BCM00] ID [3]: User [BCM\BCM Admin] logged in from node [192.168.1.226:50158] with admin rights

12:47:11.368 (00684/IpcWorker    ) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50158]: Connection established

12:47:11.368 (00684/IpcWorker    ) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50158]: Status set to [ACTIVE] due to Detected power on

12:47:11.368 (00684/IpcWorker    ) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50158]: Health set to [NORMAL] due to All problems cleared

12:47:11.368 (00684/IpcWorker    ) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50158]: Reached the desired status [ACTIVE]

12:47:11.368 (00684/IpcWorker    ) INF> ELEMENT [BCM00] ID [3]: Requesting new HAC model data from node [192.168.1.226:50158]

12:47:11.390 (03844/SystemManager) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50158]: Raised minor problem [25]: [Mismatching system model versions]

12:47:11.390 (03844/SystemManager) INF> Admin user [BCM\BCM Admin] from [192.168.1.226:50158]: Health set to [NEAR_FAILURE] due to Mismatching system model versions

12:48:12.039 (03844/SystemManager) INF> ELEMENT [BCM00] ID [3]: Failed to receive new system model data as requested from node [192.168.1.226:50158]

12:48:12.039 (03844/SystemManager) INF> ELEMENT [BCM00] ID [3]: Requesting new HAC model data from node [192.168.1.226:50158]

12:49:13.027 (03844/SystemManager) INF> ELEMENT [BCM00] ID [3]: Failed to receive new system model data as requested from node [192.168.1.226:50158]

12:49:13.027 (03844/SystemManager) INF> ELEMENT [BCM00] ID [3]: Requesting new HAC model data from node [192.168.1.226:50158]

12:50:14.171 (03844/SystemManager) INF> ELEMENT [BCM00] ID [3]: Failed to receive new system model data as requested from node [192.168.1.226:50158]