SSL Certificate Error in AIX server~~~SCOM 2012 R2

Similar Messages

• When trying to get to a CUIC permalink report via a get XML document data step in UCCX, we get a SSL certificate error

  Has anyone found a way to overcome the SSL certificate error via UCCX editor?  See attached screenshots.  Thanks!

  Hi, not easily, no.
  But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
  G.

• I get this error when i deploy SCOM 2012 in my Lab server

  When i install SCOM 2012 i get this error "
  The version of SQL Server on this computer is either not supported or could not be validated"
  I tried performing as per this article but still i have the same issue.
  Below is the screen shot of the error.
  I also tried the steps in the below article. The command completes success fully but still i get the below error.
  http://social.technet.microsoft.com/wiki/contents/articles/13954.opsmgr-2012-the-version-of-sql-server-on-this-computer-is-either-not-supported-or-could-not-be-validated.aspx
  Can some one please help on this.

  Hi,
  look at this two blog:
  http://www.scom2k7.com/fix-scom-2012-install-error-the-version-of-sql-server-on-this-computer-is-either-not-supported-or-could-not-be-validated-because-of-an-issue-connecting-to-the-wmi-provider/
  http://kevingreeneitblog.blogspot.com/2013/06/scom-2012-sp1-install-error-with-sql.html
  Regards.
  Ivan 

• SQL version could not be verified error while installing the SCOM 2012 R2 reporting component

  I have the below SCOM server roles in my SCOM 2012 R2 set up
  1) All servers with Windows Server 2008 R2 SP1, MS - SCOM1, DB & DW - DB1, Reporting Server - DB2
  2) All the DB servers with SQL 2012 SP1
  3) Windows firewall is turned off on all the servers.
  4) Success fully installed all the components except SCOM reporting.
  While installing the SCOM 2012 R2 reporting component on DB2 ( Iam running this set up on the server where I instllaed the SQL DB engine and reportin services in Native mode. Configured the SQL reporting database and reporting URLs successfully in SQL reporting
  configuration manager) getting the below error in the Rporting server instance page. Kindly advise.
  I ran mofcomp.exe and there is no firewall restrictions. My account also has DB owner & sysadmin permissions.
  Also tried re installing the SQL on Reporting server.
  "The installed version of SQL Server could not be verified or is not supported. Verify that the computer and the installed version of SQL Server meet the minimum requirements for installation, and that the firewall settings are correct. See the Supported
  Configurations document for further information".

  Hi,
  As far as I know, after installing SSRS, we don't need to configure the database and reporting URLs manully. When we install the reporting service for SCOM, it will configure those automatically.
  If possible, you may re-install SSRS and then install SCOM reporting service.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• IMAP SSL Certificate Errors

  Just got my iPhone today.
  My email server has a simple, self-signed SSL certificate (IMAPS and TLS on the MTA). The iPhone doesn't like this and refuses to work with my mail/imap server.
  This won't work for me and I'm wondering if there is a way around this.
  Thanks.

  This was extremely helpful to me. Thanks. Basically it seems the iPhone assumes you want SSL turned on when doing IMAP, and it does not give you a way to turn if off until AFTER you have set up your mail. The advanced settings button does not even show up until AFTER you have the account saved, and every time you try to save it, you get error messages. So your steps below save the day, but I added a couple of more.
  1) Enter Mail on iPhone
  2) Select Other from the list of mail provider options
  3) Enter all the Account specifics, in my case it was IMAP stuf
  4) Click Save, and get the invalid certificate message
  5) Click "CANCEL", an you get returned to the settings screen
  6) Click "SAVE" again, it says, "You may not be able to receive email..."
  7) Click OK
  8) Now you can go back into the settings, and preso chango, the ADVANCED button now shows up at the bottom of the mail screen.
  9) NOW you can go into the advance tab and turn OFF SSL for both sending and receiving mail.
  What a pain, but it works.

• How to get the ssl-certificate trusted on lion-server

  I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
  So I want to use the server to exchange data, use a common calendar, address-book etc.
  To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
  So I selected the server in server.app (Hardware) and selected SSL certificate edit
  created a certificate signing request that I exported and saved on my computer
  I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
  and also imported the certificate in to the keychain
  All following the steps described in:
  Managing iOS deviceswith OS X Lion Server by Arek Dryer
  the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
  So I somehow did something wrong.
  Any suggestions what I should do?

  ok let me add some info in the hope I will get some guidance:
  using the site http://www.sslshopper.com/ssl-checker.html
  I was able to check on the status of the certificate:
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
  since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
  I guess I would be helped if there is a step by step manual how to install a root certificate

• Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

  Hi,
  We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
  We are following the below steps,
  Under "Server Certificates" tab,
       -> Click on "Install" button.
       -> On "Select Configuration" click on "Next" button.
       -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
       -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
       -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
       -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
  There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
  So, say currently the subdomains present are,
  1.abc.com
  2.abc.com
  so on...
  and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
  Please let us know if you have solution to this problem.
  Thanks,
  Rajesh

  Hi Rajesh,
  That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
  The chain should be installed using the "Certificate Authorities" tab per the following steps:
  1) Login to the Admin Console.
  2) Click Edit Configuration from Common Tasks > Configuration Tasks.
  3) Click the Certificates > Certificate Authorities tab from the Configurations page.
  4) Click the Install... tab from the Certificate Authorities (CAs) page.
  An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
  You should then see the CA and intermediate certificate(s) listed in the security database.
  If you have access to MOS, more details can be found in the MOS KM Note:
     Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
  regards
  Tracey

• Error 1723 when removing scom 2012 sp1 agent

  Hi All,
  I am trying to remove the scom 2012 SP1 agent from a machine and i get an error - 'Error 1723. There is a problem
  with this Windows Installer package. A DLL required for this install to complete could not be run.
  Any idea how can i remove the agent from the box. Let me now if any other info required to give a hint to the problem.
  Durgesh Kumar

  Hi,
  Reinstall the agent, and the uninstall ? If possible, reboot the server and then uninstall?
  Same issue here:
  http://answers.microsoft.com/en-us/windows/forum/windows_8-windows_install/get-error-1723-there-is-a-problem-with-windows/3d68fc4b-c968-4796-a270-27027a52de3f?page=2
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Error 10218 while integrating scom 2012 r2 with scvmm 2012 r2

   hello,
  We are working to integrate the SCOM 2012 R2 With SCVMM 2012 R2 .But while creating connection of integration it got failed with error in job on scvmm as below :
  Error (10218)
  Setup could not import the System Center Virtual Machine Manager Management Pack into Operations Manager server because one or more required management packs are missing. The VMM Management Packs cannot be deployed unless the following component management
  packs are present in Operations Manager :
  Windows Server Internet Information Services 2003,
  Windows Server 2008 Internet Information Services 7,
  Windows Server Internet Information Services Library,
  SQL Server Core Library.
  Recommended Action
  To provide the missing component management packs, ensure that the following management packs have been imported into Operations Manager server:
   Microsoft Windows Server 2003 Internet Information Services Management Pack for OpsMgr 2012 (version 6.0.6278.0 or later)
   Microsoft SQL Server 2005 Management Pack(version 6.0.5000.0 or later)
   You can download the management packs from the System Center Operations Manager Catalog at http://go.microsoft.com/fwlink/?LinkId=86411 
  Reference link used :-  http://technet.microsoft.com/en-us/library/hh882396.aspx ,We have imported all the required MPs as mention in above link on scom.
  Regards
  Richa KM

  Have you imported all of the packs it mentions:
  Windows Server Internet Information Services 2003,
  Windows Server 2008 Internet Information Services 7,
  Windows Server Internet Information Services Library,
  SQL Server Core Library.
  There's a good walkthrough
  here which details all the pre-reqs.
  It was some time ago but i also did a walk-through with pictures
  http://myopsmgrblog.wordpress.com/2013/04/23/scom-integration-with-scvmm/
  Hope this helps

• Certificate Error for second server in collection

  I'm running 2012 R2 RD Services. I have Two RD Session hosts:
  HostRDP1.domain.local
  HostRDP2.domain.local
  The External DNS entry is: rdp.mydomain.com
  I have a wildcard certificate applied to both servers (*.mydomain.com)
  I have the two servers setup in a collection so if I remote to rdp.mydomain.com I get one or the other.  However, for example, I get a certificate error when RDP'ing in and it's directing me to HostRDP2.domain.local. The error says that HostRDP2.domain.local
  doesn't match *.mydomain.com certificate. Even though I used rdp.mydomain.com to start with.
  How do I fix this?

  Hi,
  1. Please change the published FQDN name using this cmdlet:
  Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
  http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
  Since your gateway and broker are on the same server you can use the same FQDN you are using for the broker.
  2. On your internal network, please make sure there is a DNS A record for rdp.domain.com pointing to the private ip address of your broker.  Based on what you have written previously I believe you already
  have this in place but I want to make sure.
  3. In RD Gateway Manager, properties of your RD RAP, Network Resource tab, please select Allow users to connect to any network resource.  Later if you want to create a RDG managed group and enter all the required names you can do so.
  4. Please re-download the .rdp file and double-click it.  On the prompt, it should now have the same FQDN for both Remote computer and Gateway server.
  The way the connection process should work from external is client connects to RDG (rdp.domain.com) over TCP 443/UDP 3391, then RDG connects to RDCB (rdp.domain.com, which resolves to itself) over TCP 3389/UDP 3389, broker redirects client if needed, and
  if redirected client again connects to RDG and RDG connects to the other RDSH server.
  The way the connection process should work from internal is similar, only the RD Gateway will be bypassed automatically.
  Thanks.
  -TP

• How do i "re-trust" the SSL certificate sent from a server I previously marked as untrusted?

  I use Citrix Receiver to access my workplace Windows environment remotely from home, where I run Firefox 7.01 on Ubuntu 11.10. Two days ago the SSL certificate expired, so when I tried to logon remotely it failed. Now the company have renewed the certificate, but now when I try to logon I get an error from the Citrix ICA Client saying "You have not chosen to trust Verisign Class 3 Public Primary Certification Authority - G5, the issuer of the server's security certificate (SSL error 61)"
  I have found a couple of similar queries here, but neither had a solution which worked for me. The entry for Verisign Clas 3... G5 is in /etc/ca-certificates.conf, also there's a link to it in /etc/ssl/certs to an existing ...G5.crt file in /usr/share/ca-certificates - Firefox seems to recognise the issuer as a valid existing certificate issuer. Firefox displays the certificate for the page when I use menu options Tools -> Page Info -> Security -> View Certificate, and the certificate shows as valid for today - for the life of me I can't find a way to make Firefox trust the darn issuer.
  I get the same fault with Firefox 3.6.23 on Ubuntu 10.04.
  (I'd rather not tell everyone here the URL of my company's remote access website)

  Thanks for the swift reply, cor-el - unfortunately, no joy with this approach.
  A. As my named user (called "greg", surprise, surprise, no secret there...)
  Run Firefox; select Edit > Preferences > Advanced : Encryption:
  Here I get no option for Certificates, but I do get View Certificates - then tabs for:
  - Servers, under which my company's remote logon URL is listed - Edit button is grey
  - Authorities, under which the Verisign...G5 entry may be edited; 3 options:
  1. may identify websites (ticked)
  2. may identify mail users (unticked)
  3. may identify software makers (ticked)
  I ticked 2, tried again - same failure. Unticked it.
  B. As root.
  Run Firefox; select Edit > Preferences > Advanced : Encryption:
  Here I get no option for Certificates, but I do get View Certificates - then tabs for:
  - Servers, under which my company's remote logon URL is NOT listed
  - Authorities, under which the Verisign...G5 entry may be edited; 3 options:
  1. may identify websites (ticked)
  2. may identify mail users (unticked)
  3. may identify software makers (unticked)
  I ticked 2 and 3, tried again - same failure. Unticked them.
  Maybe a solution would be, in some way, to add my company's remote logon URL to the list of Servers while running Firefox as root. The Export and Import buttons may help here. However, when I first declined their certificate I was running Firefox as greg, not as root, so I am a bit suspicious there - what can be done as greg should be undoable as greg.
  This is doing my head in. Maybe it's time to step back and think a bit. Maybe try Citrix's online help (already spent a fair amount of time there with no joy either).
  So, thanks again for the reply - I've generally tried to provide a good list of what's up, and your reply has given me food for thought. OK, I'll keep trying.

• Install SSL certificate for Oracle HTTP server

  I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com.
  I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem".
  I want to install this on the oracle 11g HTTP server (OHS) installed as standalone based on apache 2.2
  With oracle, i have to create a wallet and point the SSL.CONF wallet directive to use that wallet.
  I used Oracle Wallet Manager to create it and import the certificate but this is where i am having a problems.
  First I could not restart the web server but the it worked but I got SSL handshake errors (Shown below).
  According to oracle steps, I have to create a CSR and then import the certificate into the wallet
  http://www.apache.com/resources/how-to-setup-an-ssl-certificate-on-apache/
  However, when I tried to use Oracle Wallet Manager, there were two options: import server certificate and trusted certificate.
  The import server certificate was greyed out. I had to create a CSR just to get it enabled but I did not use the CSR, i just imported the "server.crt" file.
  I also tried to import the "serverkey.pem" into the trused certificate option but was rejected (invalid certificate).
  Do you know how to create a successful wallet based on the files i have and not creating a CSR since i already have a certificate file?
  2013-05-04T20:11:40.2718-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.2719-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1253263680] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.4774-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.4776-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1263753536] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error
  [2013-05-04T20:11:40.6814-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] unusably short session_id provided (0 bytes)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] nzos handshake error, nzos_Handshake returned 29040(server ptp.xyz.xom:443, client 10.60.117.121)
  [2013-05-04T20:11:40.6816-04:00] [OHS] [ERROR:32] [] [core.c] [host_id: ptp.xyz.xom] [host_addr: 10.72.11.211] [pid: 11339] [tid: 1274243392] [user: root] [VirtualHost: ptp.xyz.xom:443] NZ Library Error: Unknown error

  I do not have weblogic installed. I only have standalone 11g HTTP server with mod_plsql.
  If i can get OWM working to create a successful certificate them the problem would be resolved.
  I am just not sure what is Root Certificate and Trustworthy Certificate and how to get that from the files i have.

• SSL Certificate on 10.6 Server

  I've just been migrating services off a G5 Xserve running 10.5 Server, to a Mac Pro running 10.6 Server.
  It dawned on me it'd be a good idea to get an actual SSL certificate. Because of the lack of funds available, I've gone for PositiveSSL.
  Here are the steps I took to get it:
  1. In Server Admin > Certificates I chose Generate CSR
  2. I pasted this in to Comodo's page and chose Apache + MOD SSL
  3. Took the .crt file emailed to me and chose "replace with signed certificate", dropped it on and clicked "replace certificate" (replacing the old, self signed one).
  This all seemed to work fine. HOWEVER, the web service doesn't seem to be playing ball with it at all and because of this I'm scared to propagate it around any other services.
  These are the errors I'm receiving: (not that Server Admin notices anything wrong!)
  [Wed Jan 19 05:59:58 2011] [error] Init: Pass phrase incorrect
  [Wed Jan 19 05:59:58 2011] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2iASN1SET:bad tag
  [Wed Jan 19 05:59:58 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1CHECKTLEN:wrong tag
  [Wed Jan 19 05:59:58 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1ITEM_EXD2I:nested asn1 error
  [Wed Jan 19 05:59:58 2011] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
  Now I'm aware there needs to be a pass pharse, I saw the box in Server Admin 10.5, but it's gone from Snow Leopard.
  ...and therefore I'm stumped.
  Is there any easy how-to guide for actually getting this sorted and having SSL up and running?
  Thanks in advance

  I'm not sure if this will be helpful or not but the information in this post really helped me to get SSL working on my server...
  http://discussions.apple.com/thread.jspa?messageID=12447818&#12447818

• Where to install reporting server - SCOM 2012

  HI All,
  I Have 3 servers:
  1. Management server
  2. SQL Operations DB
  3. Data warehouse 
  Where should i install the reporting server? on the SQL Operations DB server or Data warehouse server?
  Thanks
  TechNet

  Hi，
  Please refer to the following articles for reference, maybe you could get some hints:
  OpsMgr 2012 Installation in a two server configuration (#SCOM, #SYSCTR)  
  http://blogs.catapultsystems.com/cfuller/archive/2012/06/25/opsmgr-2012-installation-in-a-two-server-configuration-scom-sysctr.aspx
  SCOM 2012 Installation does not show the SQL Server Instance for reporting services
  http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/a3470ec2-e748-4f30-b18b-0bd42809cd1e
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SSL certificate unconfigured, but web server still defaults to https

  Hi all,
  I set up my web page as indicated in the Lion Server: Advanced Administration manual (Server/Web/Data/Sites/Default). I originally had a self-certified ssl certificate set up for all services, and the web server defaulted to port 443 with the following page:
  Index of /
  Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r DAV/2 PHP/5.3.6 with Suhosin-Patch Server at *****.com Port 443
  I removed the ssl certificate, but it keeps going to the same page. I have  default.html and index.html files in the directory, and I figure at least one of those should. Any suggestions?

  Camelot,
  Thanks for the reply. I'm not offended by your suggestion that it's something simple that I've overlooked, rather I'm hoping that it is.
  I have selected the certificate on the appropriate site on the web panel. When you visit the site link In my original message, you'll see that the correct certificate is being served, but it appears as expired to the browser, even though it shows as valid in Server Admin.
  I also found it in the Keychain utility, and it also shows as a valid certifcate there. I did find an entry in the Keychain utility for an earlier attempt at installing an expired certificate, so I deleted that entry.