Linux Authentication Satellite promotion fails during Certificate Signing Request

  • 7006970
  • 30-Sep-2010
  • 07-Aug-2014

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3

Situation

Linux Authentication Satellite promotion fails during CSR
 
ERROR (from zmd-messages.log):
 
[ZenHttpServer::KeyStoreUtil] [Exception :
 java.lang.Exception: Unable to sign the Satellite Server's Certificate. Authenticated user or device does not have sufficient privileges to request a signed certificate
 
[Debug] [09/30/2010 15:26:25.960] [] [1251] [ZenworksAgent] [262] [ZenHttpServer] [Exception configuring SSL for satellite server :
java.lang.Exception: An unexpected exception was encountered while configuring the Authentication Server service
 
Caused by: java.lang.Exception: An unexpected error occured during configuration.  The certificate signing request unexpectedly returned a null result

Resolution

Any or all of the following may help.
 
zac asr -t all -u Administrator -p password
or
zman rsc
zac ref
/etc/init.d/novell-zenworks-xplatzmd restart
 
 

Additional Information

Running zac command to reconfigure that satellite bypasses the token and the administrator credentials you provide are used to provide authorization to the CA service.
 
This error:
 
Unable to sign the Satellite Server's Certificate. Authenticated user or device does not have sufficient privileges to request a signed certificate
 
Means that the satellite was requesting that the primary sign a certificate.  The primary rejected the satellite as the GUID passed in the CSR request was considered invalid.
 
Likely reason:
 
When promoting a satellite server a token with an expiration time is created and stored in the database. It is also sent to the satellite device to use with the request to the CA to sign the satellite's certificate.
 
If the device waits too long to refresh and start the promotion then the token will be expired and the error is seen.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.