This document is under revision.
Summary
Fix
1. In the command line console, run the following command:
ovcert -list
The list of certificates installed on the system is displayed.
2. From the command line console, note down the contents of the Certificates and Trusted Certificates field under the Keystore Content section.
3. On the OBR system, run the following command:
ovcert -remove <certificate_content>
In this instance, <certificate_content> is the complete string of characters that appears under the Certificates Keystore Content section.
Do not remove the content under Keystore Content<OVRG: server> section.
4. On the OBR system, run the following command:
ovcert -remove<trusted_certificate_content>
In this instance, <trusted_certificate_content> is the complete string of characters that appears under the Trusted Certificates Keystore Content section.
Do not remove the content under Keystore Content<OVRG: server> section.
5. Go to the Operations Agent bits download location or OVINSTALLDIR\bin\win64\OpC\install directory and run the following command:
oainstall.sh -c -a -s <mgmt_srv_name> -cs <cert_srv_name>
To configure the agent to work with OBM DPS/GW management server.
6. Send certificate request from OBR to OBM server:
ovcert -certreq
7. Go to OBM server and grant the certificate.
8. Then, create a new policy under Administration > Monitoring > Policy Templates > Policy Management > Templates grouped by type> Configuration > Flexible Management.
Copy the following contents to the policy:
#
# Template for message forwarding to another management server
#
TIMETEMPLATES
# None
#
# Responsible Manager Configurations for a backup server
#
RESPMGRCONFIGS
RESPMGRCONFIG
DESCRIPTION "Responsible managers"
SECONDARYMANAGERS
SECONDARYMANAGER
NODE IP 0.0.0.0 "fqdn_OBM_Server" ID "OvCoreId_OBM_Server"
DESCRIPTION "Management Server OBM"
SECONDARYMANAGER
NODE IP 0.0.0.0 "fqdn_OBR_Server" ID "OvCoreId_OBR_Server"
DESCRIPTION "Management Server OBR"
ACTIONALLOWMANAGERS
ACTIONALLOWMANAGER
NODE IP 0.0.0.0 "fqdn_OBM_Server" ID "OvCoreId_OBM_Server"
DESCRIPTION "Management Server OBM"
ACTIONALLOWMANAGER
NODE IP 0.0.0.0 "fqdn_OBR_Server" ID "OvCoreId_OBR_Server"
DESCRIPTION "Management Server OBR"
MSGTARGETRULES
------------------------
Replace fqdn_OBM_Server with the FQDN of the OBM management server and fqdn_OBR_Server with the FQDN of the OBR system.
Also, replace OvCoreId_OBM_Server with the Core Id of the OBM management server and OvCoreId_OBR_Server with the Core Id of the OBR system.
Run the following command in OBM server to get the OvCoreId:
ovcoreid –ovrg server
9. Save the policy and deploy it to the OBR system.
10. Run the following command on the OBR system:
ovcert -exporttrusted -file <filename> -ovrg server
In the instance, <filename> is the name with which you want to save the certificate. You must specify the complete path to the certificate file.
11. Run the following command on the OBR system:
ovcert -importtrusted -file <filename>
In the instance, <filename> is the name of the file that you copied in the previous step. You must specify the complete path to the certificate file.
12. On the OBR system, run the following command:
ovcert -trust<Management_Server>-ovrg server
In this instance, <Management_Server> is the FQDN of the OM system or OBM system.
13. Run the following commands on the OBR system:
ovc -kill
ovc -start
14. Run the following commands on the OBR server:
ovdeploy -env PMDB_HOME -ovrg server
ovdeploy -env PMDB_HOME -ovrg server -host <OBR_Host_Name>
The value of the PMDB_HOME environment variable must display.