How do I export my domain keys? (NETIQKB73150)

  • 7773150
  • 15-Aug-2011
  • 15-Aug-2011

Environment

NetIQ Secure Configuration Manager 5.8

Situation

How do export my domain keys?
Registration returns an error 'agent is monitored by more than one Core Services'
How do I save my Domain Keys for disaster Recover for Core Services?
How do I register my agent or endpoint with more than one Core Services?

Resolution

Running Core Services for the first time generates a set of authentication keys called domain keys. If you have more than one Core Services, and if you register an agent in NetIQ Secure Configuration Manager that supports shared secret authentication, another Core Services must have those domain keys to communicate with that agent. You must export the domain keys from your first Core Services, and import the keys into the other Core Services to communicate with that agent.

To move domain keys from one Core Services to another, complete the following steps:

  1. On the Core Services computer that registered the agents, open the ExportDomainKeys.bat file. By default, this file is located in the Program Files\NetIQ\Secure Configuration Manager\Core Services\bin folder.

  2. At the Filename prompt, type the name of the file in which to store the domain keys, and then press Enter. You can enter only the file name, which will be saved in the same folder, or you can enter a full path and file name.

  3. At the Password prompt, type a password that the other Core Services will use to access the domain keys for importing, and press Enter.

  4. For each Core Services computer that requires access to the agents registered on the first Core Services, complete the following steps:

  1. Run the ImportDomainKeys.bat file.

  2. At the Filename prompt, type the name of the file where the domain keys are stored and press Enter.

  3. At the Password prompt, type the password to access the domain keys, and then press Enter.

  4. Restart the NetIQ Core Services service.



Cause

Disaster recovery where Core Services is lost will cause the newly installed keys to not match the registration on the agents.  Agents may be registered to only one Core Services unles you share the domain keys.

Additional Information

Formerly known as NETIQKB73150