Error Message
The server certificate on the destination computer (server.domain.com:1270) has the following errors: The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. The SSL certificate is signed by an unknown certificate authority.
Login to the linux server and run this command as root:/opt/microsoft/scx/bin/tools/scxsslconfig -v -fThis will regenerate the certificate, at which point you can use the discovery wizard to re-sign it. Also take note of the Hostname/domain returned by this command. If it is incorrect (such as FQDN in the hostname field, and domain name blank), you can attempt to fix that on the OS (hostname command /etc/hosts), or you can hardcode it with:/opt/microsoft/scx/bin/tools/scxsslconfig -v -f -h hostname -d domain.name
Resolutions
To verify that the SCX Agent on the remote system is running properly, try enumerating the SCX_Agent provider using the following command from the Operations Manager monitoring server:
winrm e http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -r:https://. :1270 -u: -p: -auth:basic -encoding:utf-8
substituting. for the fully-qualified domain name of the host and / for some valid username and password combination on the remote system.
To verify the certificate on the remote system, log into the remote system and issue the following command:
openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates
To check if the certificate has expired, ensure that the current date falls between the notBefore and notAfter dates, and ensure that the date and time on the target server matches that of the Operations Manager Server.
If the certificate common name does not match the hostname, you may change the name of your host system if necessary (check your operating system documentation for information on how to do that). Or, if the certificate is incorrect but your system's host hame is correct, regenerate the certificate by issuing the following commands from the 'root' account:
• |
cd /etc/opt/Microsoft/scx/bin/tools
|
• |
. setup.sh
|
• |
scxsslconfig -f
|
• |
scxadmin -restart cimom
|
Finally, be certain that the target computer's Fully
Qualified Domain Name can be resolved from the Operations Manager Server.
Hiç yorum yok:
Yorum Gönder