none
Certificate signing operation was not successful

    Question

  • I am using SCOM 2012 R2 and RHEL 6.8 and RHEL 7.2 also. I am trying to add servers to SCOM. Servers get successfully discovred in SCOM but when I try to sign the certificate using "manage" I get the following error :

    Certificate signing operation was not successful

    Failed to sign kit. Exit code: 1
    Standard Output: Failed to start child process '/etc/init.d/scx-cimd' errno=13  
    RETURN CODE: 1
    Standard Error: cp: cannot create regular file `/etc/opt/microsoft/scx/ssl/scx.pem': Permission denied
    Exception Message: 

    What I have tried so far is reinstalled SCOM agen many times with no success. I have also changed the permission of the "scx-host-servername.pem" to the "runasaccount" by using the command "sudo chown runasaccount scx-host-servername.pem" but still no success.


    Saturday, March 04, 2017 5:32 AM

All replies

  • Hi,

    Judging by your statement you already did this:

    SSL Certifikate Error – WS-Management Certificate Health

    Have you looked at the suggestions here:

    SCOM 2007R2 Cross Platform Agent – Unknown

    and here

    [OpsMgr] Solaris agent can’t start

    Regards,


    Stoyan (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!)

    Wednesday, March 08, 2017 9:09 AM
  • Hello Kaushalendra,

    Its permission issue, you must have Sudo access on the ID which you are using for installation. You can refer below article which can help you fixing this issue:

    http://systemcentermvp.com/2016/07/21/discover-unix-linux-servers-in-scom/

    Regards,

    Shashi

    Wednesday, March 08, 2017 12:50 PM
  • Hi Stoyan,

    $ cd /var/opt/microsoft/scx/tmp
    $ rm cim.socket
    $ rm scx-cimd.pid

    Unfortunately it said that file not found. Do you have any other suggestion ?


    Saturday, March 18, 2017 4:14 PM
  • Thanks Shashi for reply. I have sudo access on my account which I used for installation. I ran the command /opt/microsoft/scx/bin/tools/scxsslconfig -f -v and It was successfull but when again I tried to discover the server it gave this error. 


    Agent verification failed. Error detail: The server certificate on the destination computer (xxxxxxx) has the following errors:    
    The SSL certificate is signed by an unknown certificate authority.      
    It is possible that:
       1. The destination certificate is signed by another certificate authority not trusted by the management server. 
       2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: xxxxxxxxxxxx
       3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.

    The server certificate on the destination computer (xxxxxxxxxx) has the following errors:    
    The SSL certificate is signed by an unknown certificate authority.      
    It is possible that:
       1. The destination certificate is signed by another certificate authority not trusted by the management server. 
       2. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.  The FQDN used for the connection is: xxxxxxxxxxx
       3. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.

    Saturday, March 18, 2017 4:23 PM
  • I will be very thankful If you can call me on my cell +91-9873538012 if you are based in India. Or text me so that I can call you. 
    Saturday, March 18, 2017 4:26 PM