Iniciar sesión
 
InicioBibliotecaAprendizajeDescargaSoporteComunidadForos
Recursos para Profesionales de TI >
SCOM 2012 - Zertifizierung von Linux Clients schlägt fehl

Answered SCOM 2012 - Zertifizierung von Linux Clients schlägt fehl

  • jueves, 31 de mayo de 2012 10:47
     
     
    Inicie sesión para votar
    0

    Hallo *,

    seit der Migration auf SCOM 2012 ist es nicht mehr möglich automatisch die Linux Clients durch SCOM zu signieren. Der Ermittlungsassistent schlägt fehl mit der Meldung:

    Error 26319:

    An exception was thrown while processing SubmitTasks for session ID uuid:bb8cdc72-4b84-4591-82a1-387cf191fcd6;id=10.
     Exception message: Ein Objekt der Klasse "SecureData" mit Namen "0x0080c83aa45a141a24ae974b427a50d25a807a147700000000000000000000000000000000000000" wurde nicht gefunden.
     Full Exception: Microsoft.EnterpriseManagement.Common.ObjectNotFoundException: Ein Objekt der Klasse "SecureData" mit Namen "0x0080c83aa45a141a24ae974b427a50d25a807a147700000000000000000000000000000000000000" wurde nicht gefunden.
       bei Microsoft.EnterpriseManagement.SecurityConfigurationManagement.GetSecureData(Byte[] secureStorageId)
       bei Microsoft.EnterpriseManagement.Utility.WorkflowExpansion.OnlineManagementGroupDataResolver.GetSecureDataBySecureRefId(EnterpriseManagementObject target, Guid secureRefId, String selector, Boolean checkDistribution)
       bei Microsoft.EnterpriseManagement.Utility.WorkflowExpansion.OnlineManagementGroupDataResolver.ResolveSSID(Guid secureRefId)
       bei Microsoft.EnterpriseManagement.Utility.WorkflowExpansion.Workflow.Resolve(Workflow unresolvedWorkflow, IManagementGroupDataResolver resolver, Dictionary`2 overrideValues)
       bei Microsoft.EnterpriseManagement.Utility.WorkflowExpansion.RemoteJobSerializer.Serialize(XmlWriter writer, WindowsJobCredentials credentials, ManagementPackTask task, IManagementGroupDataResolver resolver, Dictionary`2 overrideValues)
       bei Microsoft.EnterpriseManagement.Utility.WorkflowExpansion.RemoteJobSerializer.Serialize(WindowsJobCredentials credentials, IManagementGroupDataResolver resolver, ManagementPackTask task, Dictionary`2 overrideValues)
       bei Microsoft.EnterpriseManagement.RuntimeService.TaskRuntimeService.CreateRemoteJobXml(JobDefinition jobDefinition, ManagementPackTask task, Guid hsId)
       bei Microsoft.EnterpriseManagement.RuntimeService.TaskRuntimeService.SubmitJobs(IList`1 jobDefinitions, Guid batchId, JobCategory category)
       bei Microsoft.EnterpriseManagement.RuntimeService.TaskRuntimeService.SubmitTasksInternal(IList`1 jobDefinitions, Guid batchId, JobCategory category, Boolean registerCallback)
       bei Microsoft.EnterpriseManagement.RuntimeService.TaskRuntimeService.SubmitTasks(IList`1 jobDefinitions, Guid batchId, JobCategory category, Boolean registerCallback)

    ich muss immer manuell die Clients signieren und das ist bei 150 Linux Servern ein ECHTES Problem.. weiß jemand rat?

    Die Linux Server sind unterschiedlich: SLES 9.0 bis 11.1 alles dabei...

     

Todas las respuestas

  • jueves, 31 de mayo de 2012 13:27
    Moderador
     
     
    Inicie sesión para votar
    0
     
    Mein Deutsch ist nicht so gut, so hoffentlich der Übersetzer eine gute genug Arbeit erledigt. Dies ist normalerweise ein englisches Forum, so dass, wenn Sie in Englisch Antworten können andere mehr bereit zu helfen.
    Entdecken Sie neue Agenten oder versuchen Sie die Agents aktualisieren? Wenn zuvor entdeckt wurde, versuchten Sie nur aktualisieren sie mit der rechten Maustaste darauf und wählen Upgrade aus im Administrator-Bereich? Ich gehe davon aus, dass Sie der deutschen Sprache Abgeordneten auch verwenden?
    Wenn Sie einige Details, wie Sie von SCOM 2007 R2 SCOM 2012 migriert geben können wir zum Repo die Frage in unserem Labor versuchen.
    Grüße,
    -Steve
     
  • jueves, 31 de mayo de 2012 14:34
     
     
    Inicie sesión para votar
    0

    Hello,

    okay i will try in english :)

    i did an inplace upgrade from SCOM 2007 R2 to SCOM 2012,

    we have got one RMS and two MS. I upgraded the Server 2008 R2 to 2008 R2 SP1 for the upgrade.

    i tried both of the two szenarios:

    - discover a NEW linux based Server (SLES 11)

    - discover an "well known" Client

    the installation of the new Agent (3.xx) works perfekt, but after this the SCOM tries to sign the certificate - this one fails with the error show in my last thread. the only way to fix it was to sign every linux certificate manually by copying the <hostname>.pem to the SCOM Server, sign it with the command line tool and copy the new .pem key back to the linux client. After this the linux client came back to state "healthy"... but it must be done automatically with the discovery agent...

    sry 4 my bad english ;)

     
  • viernes, 01 de junio de 2012 14:39
    Moderador
     
     
    Inicie sesión para votar
    0

    Let me see if I have this correct.

    - Upgraded from SCOM 2007 R2 to SCOM 2012. - What CU was SCOM 2007 R2 on at the time?

    - Upgraded Windows from 2008 R2 to 2008 R2 SP1. - At what point did you upgrade. Before installing SCOM 2012 or after?

    - Any newly discovered agent installs fine but the certificate signing fails. - Did existing discovered agents work after the upgrade?

    - Is SCOM running on a Germany language version of Windows with the German language Management Packs installed? If so, was SCOM 2007 R2 using the German language Management Packs prior to the upgrade?

    I'd like to try and reproduce this in our lab and any addition details you can give me would be helpful.

    No problems on your English. A lot better than my German. :)

    Regards,

    -Steve

     
  • martes, 05 de junio de 2012 12:08
     
     
    Inicie sesión para votar
    0

    to your questions:

    - CU 5 was installed on SCOM 2007 R2

    - i upgraded to 2008 R2 SP1 BEFORE SCOM 2012

    - the discovery works fine after the upgrade, the SQL Broker wasn't enabled but after this no errors

    - yes, the scom was running on a german language of the windows server and was based on german management pack. the new scom 2012 is only available in english but is installed on a german windows server...

     
  • miércoles, 06 de junio de 2012 15:58
    Moderador
     
     Respondida
    Inicie sesión para votar
    0

    Sorry - I cannot reproduce your issue. Below is what I tried.

    - German install of SCOM 2007 R2 with CU5 and German language Management packs on a German language of Windows 2008 R2 SP1 server.

    - Upgraded to English version of SCOM 2012 - No issues in upgrade but now only English MPs are listed.

    - Configured UNIX/Linux Accounts under Administration --> Run As Configuration (Both Maintenance and Monitoring)

    - Assigned specific account to the 'UNIX/Linux Agent Maintenance Account' and UNIX/Linux Privileged Account' under Administration --> Run As Configuration --> Profiles

    - Ran the 'Discovery Wizard' and discovered a HP-UX system without error. Certificates were signed without issues and it is showing a healthy state in SCOM 2012. Note that existing discovered systems before the upgrade are show healthy as well.

    I'm not sure what else you did during your upgrade so it's hard to tell if my steps above reproduce your upgrade path. I would suggest you open a trouble ticket with MS support as they will be able to dig deeper into the issue and look at trace logs which are not fun to look at in a forum post.

    Regards,

    -Steve

    • Marcado como respuesta Datbinich miércoles, 06 de junio de 2012 19:20
    •  
     
  • miércoles, 06 de junio de 2012 19:20
     
     
    Inicie sesión para votar
    0

    Thx 4 your help,

    you're right, on a "new" (clean) installation of SCOM 2007 R2 CU 5 to SCOM 2012 works perfect, i tried this too, no issues.

    i guess there must be something wrong with the other (older) management packs i used. Some of them are not supported in scom 2012 but they were still installed after the update OR with the Run As Accounts (Linux)

    i installed the scom 2012 completly new (inc. a new database) and discovered the linux server - perfect, also the certification signing!

    i mark your reply as an answer.

    Best regards from Germany