Table of Contents
Advertisement
•
The cfgRacTuneHttpsPort property is changed (including when a config -f <config file> changes it).
•
racresetcfg is used or a chassis configuration backup is restored.
•
CMC is reset.
•
A new SSL server certificate is uploaded.
My DNS server doesn't register my CMC?
Some DNS servers only register names with a maximum of 31 characters.
When accessing the CMC Web interface, a security warning stating that the SSL certificate was issued by a certificate
authority that is not trusted is displayed.
CMC includes a default CMC server certificate to ensure network security for the web interface and remote RACADM features. This
certificate is not issued by a trusted certificate authority. To address this security concern, upload a CMC server certificate issued by
a trusted certificate authority (such as Thawte or Verisign).
Why is the following message displayed for unknown reasons?
Remote Access: SNMP Authentication Failure
As part of discovery, IT Assistant attempts to verify the device's get and set community names. In IT Assistant, the get community
name = public and the set community name = private. By default, the community name for the CMC agent is public. When IT
Assistant sends out a set request, the CMC agent generates the SNMP authentication error because it only accepts requests from
community = public.
Change the CMC community name using RACADM. To see the CMC community name, use the following command:
racadm getconfig -g cfgOobSnmp
To set the CMC community name, use the following command:
racadm config -g cfgOobSnmp -o cfgOobSnmpAgentCommunity <community name>
To prevent SNMP authentication traps from being generated, enter input community names that are accepted by the agent. Since
CMC only allows one community name, enter the same get and set community name for IT Assistant discovery setup.
When accessing the CMC Web interface, a security warning stating that the host name of the SSL certificate does not match
the host name of CMC is displayed.
CMC includes a default CMC server certificate to ensure network security for the web interface and remote RACADM features.
When this certificate is used, the web browser displays a security warning if the default certificate does not match the host name of
CMC (for example, the IP address).
To address this security concern, upload a CMC server certificate issued to the IP address of CMC. When generating the certificate
signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address
of CMC (for example, 192.168.0.120) or the registered DNS CMC name.
To ensure that the CSR matches the registered DNS CMC name:
1.
In the left pane, click Chassis Overview.
2.
Click Network.
The Network Configuration page appears.
3.
Select the Register CMC on DNS option.
4.
Type a CMC name in the DNS CMC Name field.
5.
Click Apply Changes.
Active Directory
Does Active Directory support CMC login across multiple trees?
Yes. The CMC's Active Directory querying algorithm supports multiple trees in a single forest.
Does the login to CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run different
operating systems, such as Microsoft Windows 2000 or Windows Server 2003)?
Yes. In mixed mode, all objects used by the CMC querying process (among user, RAC Device Object, and Association Object) must
be in the same domain.
206
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
