Access Problems
After updating my Windows XP system with Service Pack 2 or installing Windows Server 2003 SBS, I am unable to access the HP Version Control Repository Manager. What happened?
Solution: Some operating systems, including Windows XP with Service Pack 2 and Windows Server 2003 SBS, implement a firewall that prevents browsers from accessing the ports required for the Version Control Repository Manager access. To resolve this issue, you must configure the firewall with exceptions to allow browsers to access the ports used by HP Systems Insight Manager and Version Control Repository Manager. To configure the firewall: Select Start Settings
Control Panel.
Double-click Windows Firewall to configure the firewall settings. Select Exceptions. Click [Add Port].
You must enter the product name and the port number.
Add the following exceptions to the firewall protection: Click [OK] to save your settings and close the Add a Port dialog box. Click [OK] to save your settings and close the Windows Firewall dialog box.
For Windows XP with Service Pack 2, this configuration leaves the default SP2 security enhancements intact, but allows traffic over the ports. These ports are required for the HP Version Control Repository Manager to run. The secure and insecure ports must be added to enable proper communication with your browser.
Browser Problems
When I use Internet Explorer 6.0 in Windows, why do I see warnings in the Security Alert dialog box when I log in to the HP System Management Homepage (HP SMH)?
Solution: There are two possible warnings that might be seen including:
Warning #1: The name on the security certificate is invalid or does not match the name of the site.
This warning occurs when you browse to HP SMH using an IP address. This warning also occurs if you browse locally using localhost for the machine name.
Warning #2: The security certificate was issued by a company you have not chosen to trust. View the cert to determine whether you want to trust the CA.
The certificate is issued by HP SMH. You can add the certificate to your Trusted Certificate List and the warning goes away.
Opening a second Mozilla browser can appear as an unauthorized login into HP SMH.
Solution: Mozilla browsers share sessions when launched separately.
I get security messages or partially displayed pages when browsing into HP SMH from Internet Explorer running on Windows 2003.
Solution: Internet Explorer 6.0 on Windows 2003 Server has different security settings in the default install. To prevent the problem, add each managed system into the local intranet zone twice, once as: http://hostname:2301 and once more as: https://hostname:2381. The alternatives to this solution are to decrease the level of security settings in the browser (not recommended) or alter the browser security settings to allow cookies (both stored and per-session) and allow active scripting.
My browser page does not display all of the contents. What is wrong?
Solution: Frame sizes are optimized for medium fonts. If you switch your browser to use larger or smaller fonts, then manually adjust the frame layout using the mouse.
Why does the browser prompt to accept cookies when accessing a system?
Solution: Browser cookies are required to keep track of user state and security. Cookies must be enabled in the browser and prompting for acceptance of cookies should be disabled.
I can log in to HP-UX with http://hostname:2301/, but not https://hostname:2381/.
Solution: By default, HP-UX is installed with the autostart feature enabled. A daemon listens on port 2301 and only starts HP SMH on port 2381 when requested, then stops it again after a timeout period. See the smhstartconfig(1M) command for more information.
When I browse to https://ipaddress:2381 on a local machine running Windows 2003, I don't see the Login screen.
Solution: Internet Explorer 6.0 on Windows 2003 sometimes causes only the Account Login text in a blue bar to appear instead of the entire Login page. This issue only occurs when browsing on a local system. Rather than specifying the IP address in the URL, the problem can be resolved by using hostname. HP recommends using the following URL to resolve this issue:
https://hostname:2381
Clustering Problems
I cannot browse to the HP SMH on my cluster IP address after a cluster fail over has occurred.
Solution: Install HP SMH 2.1.4 or later (which is available in SmartStart 7.5 or later) and modify the XML file to accommodate the cluster. HP recommends the following actions: As a precautionary measure, copy the existing smhpd.xml file into a different directory. Manually add the tag: Open the smhpd.xml in the \hp\hpsmh\conf directory on the boot drive with a text editor. Add the following line between the <system-management-homepage> and </system-management-homepage> tags:
<monitor-ip-changes>1</monitor-ip-changes>
Save the file.
Repeat these steps on any system that could be a target of a cluster failover. Restart the HP SMH service on both systems.
Installation Problems
When installing HP SMH, I am getting an error that reads another instance is running.
Solution: The HP SMH installation attempted to install on a system that had files that were previously corrupted or the installation was aborted. To resolve this issue, navigate to the \temp directory on the HP SMH system and delete the smhlock.tmp file.
When installing HP SMH, I am getting an error that reads error: cannot get exclusive lock on /var/lib/rpm/Packages error: cannot open Packages index using db3 - Operation not permitted (1) error: cannot open Packages database in /var/lib/rpm.
Solution: This error appears when more than one instance of the install is initiated on a Linux system. Only one HP SMH installation can run at a time.
IP Address Problems
Is there an easier way to access the local system with my browser without having to find out its IP address?
Solution: Yes. You can access the local system at https://hostname:2381 or https://127.0.0.1:2381. For HP-UX, you can access the local system at http://hostname:2301 if you keep the default setting of autostart enabled.
When I use the IP Restricted Login feature on Windows 2000 Advanced Server, entering my server IP address does not have the desired effect. How can I be sure that the local machine IP addresses are recognized by this feature?
Solution: On Microsoft Windows NT 4.0 and Windows 2000 Advanced Server, enter 127.0.0.1 in addition to the actual IP addresses of the server if you intend to include or exclude the local machine. The address 127.0.0.1 is always included in the Include section, so it is only excluded if it is explicitly placed in the Exclude section.
Although an IP restriction is configured, localhost access is not being denied. Why is this happening?
Solution: If you do not include the IP address for the local host in the Include field, the local host is still granted access because most users do not intend to block the local host access. If you do need to block localhost access, enter 127.0.0.1 into the Exclude field under IP Restriction.
Under IP Restriction, I did not include the system's local IP address or 127.0.0.1 to the Include list, but I can still browse to it locally.
Solution:As a precaution against users unintentionally locking themselves out of HP SMH access, localhost requests are not denied when the local IP addresses are not mentioned in the Include list. If this is absolutely necessary, the local system's IP address and 127.0.0.1 can be added to the Exclude list, and this setting denies access to any user trying to gain access from the local system.
Login Problems
I cannot log in to HP SMH on my Windows operating system.
Solution:
Verify that a valid Windows operating system account has been set up and that the login is included in the Administrators group or one of the HP SMH operating system groups. Log in to the operating system. Change the password if prompted.
I cannot log in to HP SMH on my Windows XP operating system.
Solution:
Why doesn't my password work after I upgrade my Web Managed Products?
Solution: HP SMH 2.0 and greater uses operating system accounts whereas previous versions use three static accounts (administrator, operator, and user). Any operating system account belonging to the administrators group (root group in Linux) has administrative access to HP SMH. With this access, you can assign accounts in other operating system account groups to different levels of access for HP SMH. The HP SMH online help describes this process in detail. Note that this does not apply to HP-UX.
I created new Windows accounts, using default settings, for use with HP SMH but I cannot use them to log in.
Solution: By default, new accounts created in Windows operating systems are set to user must change the password on next login. This option must be deselected before the account can be used to log in to HP SMH.
When I use Internet Explorer 6.0 in Windows and browse through the management server to a system that was discovered by IP address, I cannot log in to HP SMH. If anonymous access is enabled, I get through anonymously but the user name is incorrect.
or
When I use Internet Explorer 6.0 in Windows and browse through the management server to a device that was discovered by the IP address, the detailed certificate information does not appear in the text box of the Automatic Import Certificate screen.
Solution: These issues can be resolved two different ways by adjusting the Internet Explorer settings: Configure the Internet Explorer Privacy settings from Medium to Low. HP does not recommend using this option. To change the settings: In Internet Explorer, click Tools → Internet Options. Click Privacy. Click and drag the slide bar to Low. Click [Apply]. Click [OK]. The changes are saved.
or Add the IP address of the target HP SMH to the Local Intranet's zone. To change the settings: In Internet Explorer, click Tools → Internet Options. Click Security. Select Local Intranet. Click [Sites] → [Advanced]. In Add this website to the zone, enter the IP address of the HP SMH system. For example, enter https://ipaddress
. Click [Add]. Click [OK]. Click [OK] again. Click [OK]. The changes are saved.
When I browse to my system using the server name http://my-server-name:2301 with Internet Explorer, I cannot log in using my valid Windows administrator account username and password. However, I can log in if I browse to my system using my IP address, http://my-ip-address:2301.
Solution: Verify whether there is an underscore "_" defined in your server 's computer name. If there is, remove it or use - instead of __.
You should be able to log in using system name.
Security Problems
After updating my Windows XP system with Service Pack 2, I am unable to access HP Systems Insight Manager or the HP Version Control Repository Manager. What happened?
Solution: The Windows XP Service Pack 2 implements a software firewall that prevents browsers from accessing the ports required for HP Systems Insight Manager and Version Control Repository Manager access. To resolve this issue, you must configure the firewall with exceptions to allow browsers to access the ports used by HP Systems Insight Manager and Version Control Repository Manager. HP recommends the following actions: Select Start Settings
Control Panel.
Double-click Windows Firewall to configure the firewall settings. Select Exceptions. Click [Add Port].
You must enter the product name and the port number.
Add the following exceptions to the firewall protection: Click [OK] to save your settings and close the Add a Port dialog box. Click [OK] to save your settings and close the Windows Firewall dialog box.
This configuration leaves the default SP2 security enhancements intact, but will allow traffic over the ports previously indicated. These ports are required for HP Systems Insight Manager and Version Control Repository Manager to run. Ports 2301 and 2381 are required for the Version Control Repository Manager and ports 280 and 50000 are required by HP Systems Insight Manager. The secure and insecure ports must be added for each product to enable proper communication with the applications.
Why can't I import X.509 certificates directly into HP SMH?
Solution: HP SMH generates Certificate Request in Base64-encoded PKCS #10 format. This certificate request should be supplied to the CA. Most Certificate Authorities return Base64-encoded PKCS #7 certificate data that you can import directly into HP SMH by selecting
Settings HP System Management Homepage.
If the CA returns the certificate data in X.509 format, rename the X.509 certificate file as cert.pem and place it into the \hp\sslshare directory. When HP SMH is restarted, this certificate is used.
Why is my PKCS #7 cert data not accepted?
Solution: When using a Mozilla browser, there can be problems when cutting and pasting cert request and reply data when using Notepad or other editors. To avoid these problems always use Mozilla to open any certificate reply files from your CA. Be sure to use the Select All, Cut, and Paste operations that are supplied by Mozilla when working with certificates.
Why is my private key file not protected by the file system?
Solution: If you are using Windows operating systems, you must have the system drive in NTFS format for the private key file to be protected by the file system.
Why do I get errors when I paste my customer-generated certificate PKCS #7 data into the HP Systems Insight Manager Certificate Data field in Settings HP System Management Homepage Security Trusted Management Servers
?
Solution: The customer-generated certificate PKCS #7 data does not belong in the Trusted Management Servers field. The PKCS #7 data should be imported into the Customer Generated Certificates Import PKCS #7 Data field under Settings→HP System Management Homepage→Security→Local Server Certificate. The HP Systems Insight Manager Certificate Data field is used to configure which HP Systems Insight Manager servers are trusted by HP SMH. For more information, refer to Security - Trusted Management Servers.
Why can't I use a Windows 2003 certificate authority to grant my third-party certificate into the HP SMH?
Solution: To use a Windows 2003 certificate authority to create a certificate for HP SMH: Create the PKCS #10 data packet by clicking Settings HP System Management Homepage Security Local Server Certificate page. Press the Ctrl+ C keys to copy the data into a buffer. Navigate to http://W2003CA/certsrv where W2003CA is the name of your Windows 2003 certificate authority system.
Select Request a certificate. Select Advanced certificate request. Select Submit a certificate request by using a base. Press the Ctrl+ V keys to paste the PKCS #10 data into the field.
From your Windows 2003 certificate authority system:
Click CA (Local) ⇒ W2003CA/certsrv ⇒ where W2003CA is the name of your Windows 2003 certificate authority system. Issue the pending request certificate.
Navigate to http://W2003CA/certsrv where W2003CA is the name of your Windows 2003 certificate authority system.
Select View the status of a pending certificate request. Select Base64-encoded and Download certificate (not certificate chain). The file download is certnew.cer. Rename certnew.cer to cert.pem.
Other Problems
Why can't I install HP SMH on my system?
Solution: The HP SMH install requires a Java version that requires at least 256 colors to load. Note this applies to Windows only.
Why do I get an error indicating the page cannot be displayed when I click the Management Processor link?
Solution: The administrator for the management processor has configured the Web server on the management processor to use a port other than port 80. HP SMH does not currently have access to that parameter and assumes the management processor is on port 80.
Why can't I install HP SMH on HP-UX or Linux when I am not root?
Solution: You must be logged in as root for HP SMH to have the proper access rights.
|