Grid console SSL access

Similar Messages

• Problems accessing Grid Console through firewall

  I am trying to set up my Grid console to be accessible pubically. My Network admin add a entry to the CSS for a public IP and site oms.domain.com which points to http://host:7777/em. I have been unable to get this to work though. I can get to the console localy on 7777 and 4889 but not using this public address.
  I tried to add a proxy server to the OMS for the oms.doamin.com on prot 80 but this does not seem to have any affect.
  Anybody have any luck configuring the console like this?
  Thanks,
  Brian

  Reinstall the OMS just so I can access it through a firewall? The oms.domain.com address is registered in the CSS and points to my hostname:7777/em why would I need to reinstall? I figured there was just a config file within Apache that I would need to update to tell Apache to allow connections from the public address. Seems overkill to reinstall everything. This OMS is monitoring a couple hundred targets at this point. Reconfiguring all that would be slightly painfull.
  Any other suggestions?

• Error while trying to save layout:Console layout (Access is denied)

  Got an error while trying to save changes made in the layout,
  The error message is
  1) 'Preference.properties' (Access is denied), In the details button 'java.io.FileNotFoundException...'
  2) and on continuing futher, another message displayed is - 'Error while trying to save layout:Console layout (Access is denied)
  There is no Oracle Error Number associated with this message. It is a Oracle Warehouse Builder Error
  I have checked that
  1) this file exist in owb home/owb/bin/admin/Preference.properties
  2) It is not read only
  3) tried to set a parameter REPOS_DB_VERSION_ALLOWED=Oracle 10g
  as specified in the Installation and Admin Guide
  Please can you help?

  Also, not that you shouldn't get to the bottom of this, but you should be aware that any of your development or mapping changes are likely still being saved to the respository.
  In other words, you could continue working and just ignore these errors. We ran into this situation (it was indeed simply file permissions on the owb directories), but we noticed right away that at least our actual OWB work was in fact still being committed to the respository every time.

• Linstener showing wrong status in grid console

  Listener is showing as unavailable in grid console while it is really up and accepting connections. Any ideas?
  Thanks
  S~

  Also check the HOST you have used in the Listener configuration to ensure it matches the host GC is looking at in targets.xml. For instance, if it is looking for servername.domain.com, esnure that the Listener has the same as host instead of the IP Address or another mapping/representation

• Grid Console and Configuration Change Console?

  I have installed Grid Console 10.2.0.5, and now I'm looking at the Configuration Change Console URL (http://www.oracle.com/technology/software/products/oem/htdocs/config_control.html) wondering if I also need to install this as well.
  It appears that the Grid console has all the management packs in, so maybe the Configuration Change Console is a standalone product (i.e. I only want the change management side and not all of grid control?)
  Can someone clarify if I'm correct in this?
  Regards
  Stuart.

  Thanks. We are just a small IT shop (only 12 databases), so Grid Console and repository are on the same server. I take it that I could also install Configuration Change Console on the same server under a different Oracle home, and use the same grid repository for the Change Configuration Console?

• Need help downloading Overdrive Media Console to access pub library book

  Trying to download Overdrive Media Console to access public library book
  Thank you

  Jeff, I'm pretty sure I activated Bluefire directly on my iPad.  Quite a time ago now, so I may have remembered wrong.
  Overdrive partner with most of the UK public libraries for DRM loans.
  I also only just realized Bluefire can download the .epub from the .acsm file, so no need for ADE at all.
  I don't usually use my iPad for ebooks (much too heavy), so hadn't really used Bluefire that much.
  I still need ADE to get the .epub so I can download it to the (Sony) eReader.
  Anyway, it looks as if original poster is happy

• Stopping Agents From With the Grid Console

  Hello.
  We are using Grid COntrol 10.2.0.5.0 to monitor various 10g DBs. I have used blackouts in the past when I do various scheduled maintenance on our DBs. We need to physically relocate our Grid OMS and Repository to another RACK (not RAC). Both the OMS and repository reside on the same server being relocated. I have two questions related to this:
  1.) Would blackouts be the best to do in this instance or simply shutting the various DB agents?
  2.) Is there a way from the Grid Console to shut down (not black out) more than one agent at a time?
  Thank you.
  Matt

  Blackout would be best because it design in this way. You can stop all agent by creating job host command but you will not get a succ message agent has stop or not so i would recommend go for blackout

• 6300 Hotmail - pop3/ SSL access

  According to a MSN, hotmail now support POP3 over SSL, access for Hotmail Plus users. (http://mailcall.spaces.live.com/blog/cns!CC9301187A51FE33!44348.entry)
  From the blog:
  Our POP service requires that you use Secure Sockets Layer (SSL) with the POP and SMTP connection and use SMTP authentication. This is to ensure that your email address and password are not subject to tampering. The settings are the following:
  • POP: pop3.live.com (port 995)
  • SMTP: smtp.live.com (port 25)
  Has anyone got this working?
  I am connecting using Vodafone’s ‘contract internet’ access point.
  Under the advanced receiving section what secure login parameters are you using?
  I consistently get the message ‘Checking failed’, looking at the options/detail I get the message ‘certificate not present’. I get the same error
  I see other postings for the 6300 complaining about SSL / certificate handling, but no resolutions.
  I also see a post saying that Vodafone only support sending using the their SMTP server (send.vodafone.net)
  Is anyone able to confirm this?
  My 6300 firmware is V5.00 (no newer release available on software updater).
  D2.

  I'd recommend checking with Hotmail regarding the settings for doing this.
  Hotmail settings support is found at:
  https://account.live.com/helpcentral.aspx?mkt=EN-GB
  Your network will only be able to give the general settings for your device, as hotmail is a third party company they will not be able to offer direct support for them.

• Unable to access grid console

  have a 10.2.0.2 ac setup on 2 nodes running CENTOS 4.4
  On the node2 i installed the OEM grid control 10.2.0 with the option "new database" [ emrep ] as the repository db
  Once the installation was completed i cud access the the grid consle thru
  http:/node2:4889/em
  then thru the console i accidently shutdown the emrep database and i lost the connection to the console.
  I started the emreb db thru cmd prompt,
  started the em, $<oms10g>/bin/emctl start em
  $<agent10g>/bin/emctl start agent
  $<oms10g>/opmn/bin/opmnctl startall
  $<oms10g>/opmn/bin/opmnctl status
  ias-component | process-type | pid | status
  DSA | DSA | N/A | Down
  HTTP_Server | HTTP_Server | 18066 | Alive
  LogLoader | logloaderd | N/A | Down
  dcm-daemon | dcm-daemon | N/A | Down
  OC4J | home | 18067 | Alive
  OC4J | OC4J_EMPROV | 18068| Alive
  OC4J | OC4J_EM | 18076 | Alive
  WebCache | WebCache | 18078| Alive
  WebCache | WebCacheAdmin | 18077| Alive
  then i tried to access the console thru webpage and am getting
  "503 service unavailable"
  what am i supposed to do... ??
  TIA,
  Jj

  1) stop all the opmn,agent and Login to database and change the sysman password by command
  alter user sysman identified by <new_password> account unlock
  2) Make a copy and change the following parameters in $ORACLE_HOME/sysman/config/emoms.properties
  eml.mntr.emdRepPwd=newpassword
  oracle.sysman.eml.mntr.emdRepPwdEncrypted=FALSE
  3.) Make a copy and edit the $AGENT_HOME/sysman/emd/targets.xml file
  with the newpassword and change ENCRYPTED from TRUE to FALSE.
  The line to look for is
  <Property NAME="password" "newpassword" ENCRYPTED"FALSE"/>
  4) run the command from <OMSHOME>/bin
  emctl config emkey -repos -force -sysman_pwd <sysman_pwd>
  5) opmnctl startall
  Please follow up offline for further discussion.

• ACS/ASA authentication for vpn access vs. console management access

  I have an ACS 4.2 Server and an ASA 5540. I have setup AnyConnect SSL VPN on the ASA and want to authenticate users using AAA tacacs+ authentication with the ACS and an external Windows AD database. I have done this successfully. I also want to use the ACS for authenticating SSH management sessions into the ASA. I have setup a group in AD and on the ACS called VPNUSERS and NETADMINS. The problem is, I want the VPN users to ONLY be able to authenticate for VPN but not have access to logging into the ASA CLI or ASDM. The NETADMINS should be able to do both. The question I have is how do I setup the VPNUSER group in ACS to have access to connect to the ASA for VPN but not for the management console? It seems that if they can authenticate for vpn, they can also ssh the firewall which is what I want to prevent.

  Try using Network Access Restrictions (NAR)where you can restrict the administrative access on per device or on NDG basis.
  By default user accounts from external database such as AD in ACS will get authenticated through telnet on network device or a AAA client which can be restricted by enabling NAR in ACS.
  In your case it should be VPNUSERS group in ACS.
  HTH
  Ahmed

• OID SSL access ?

  Hi,
  904AS - infrastructure install
  During install I got OID,OHS and SSO configured and running. I didn't check always use SSL for OID connections.
  After reboot OC4J_SECURITY is down OHS&OID are alive
  I've noticed that http port (mine is 3060) is responding whereas ssl port (3130) is not.
  Metadata repository access assume implicit ssl connection
  Am I missing some post-install configuration of OID to get SSL working ? If so pleaee point me to the relevant sections in the documentation
  TIA
  Pete

  I've investigated things a little further
  I can connect vis ssl/non ssl using both oidadmin/ldapbind so OID accept both (using orcladmin user)
  Can't figure out why application server console fails (ldap error 49) to connect to metadata repository using same ssl portnr.
  (logged on as ias_admin user) - so maybe password is skewed
  ias_admin/orcladmin concept seem confusing

• Router config for console modem access

  We're upgrading 2500 series routers with 2811's in several remote sites, and we have preferred modem access to be connected to the console port as opposed to AUX, in order to see boot-up and diagnostics we wouldn't otherwise see. Our only issue is that we aren't replacing the modems out there and some aren't connecting correctly. We obviously need AA turned on, and also be able to continue a session if the cable is moved to another device's console port (like the local switch.) If we were using the AUX port, I know autoconfigure discovery and other commands might fix this; but we'd like to keep the modem connected to the router console port. Are there any router commands I can use?

  If I understand correctly these modems were connected on the Aux port of the 2500 & now you intent to connect then on the console port of the 2800, what vendor modems are in use?
  The below doc has info on router console port configuration, we will need to configure the correct initialization string on the modem based on the modem vendor (the AT commands will change as per the description based on the modem vendor).
  http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a00800941c9.shtml
  Thanks, Mak

• Quick enhancement request - improve handling of console SSL mismatch

  Hi,
  Just a quick note. I was modifying the configuration of an instance (DS 5.2P2) today and changed the port. Unbeknownst to me (because i was lazy), the port i changed the instance of DS to was actually the SSL port of the configuration instance.
  When i restarted the console, it attempted to connect to this new port (which was still bound to SSL of the configuration instance) to determine if the instance was alive, and the console hung hard.
  A deadlock is common when an application unknowningly connects to an ssl port, but this hung the console up completely, and for at least 10 minutes until i got tired of waiting and killed it.
  Granted, this was sloppy on my part, but it would be nice if that 'ping' connection to see if the server was up or down was moved to another thread or the socket options were set for a timeout within 15-30 seconds.
  Just my $.02

  Hello Dirk,
  Your best bet for something like this would be to give us a call and ask to open a support case.  Give the technician a link to this post and ask for an escalation for a feature request/bug.  I can't guarantee what will be done about it, it may be working as intended, but I can get it to the right people.
  Cisco Small Business Support Center Contact Numbers
  Thank you for choosing Cisco,
  Christopher Ebert - Network Support Engineer
  Cisco Small Business Support Center

• WAP2000 Admin console not accessable

  I'm having an issue with our WAP2000 access point.  I had to reset the access point and now I can't access the admin console.  I've set a static IP address just as I did when I first set it up. Now when I browse to the 192.168.1.245 in my browser it just displays an Authentication error.  Need some help with this please.

  Ok so here is what needs to be done.
  If you are using the WAP2000 you may(will) have some issues if you are trying to configure your device you must have it attached to a router that has 192.168.1.* class c IP Range.  If not you will have some issues.  Once you have that part you can then move on to accessing the admin console.
  If the router is wireless or wired make sure that DHCP is turned on so that you can insure that you will recieve an IP address in the same range.  With that done connect to the Router not the WAP and wait for the connection to be established.  Once that is done you can then browse to either 192.168.1.245 or http://192.168.1.245.  once inside set the WAP to accept web support this way no matter what IP it gets once configured you can access it.

• IPS 4240 WEAK Cypher for SSL Access

  Is there a way to upgrade the cyphers to AES 128 minimum on the Web interface of the IPS?                  

  Hello
  per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
  regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
  lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).