5 Replies Latest reply on Dec 15, 2009 11:52 AM by Bill Robinson

    NSH shell proxy doesn't work

    Antonio Caputo

      - nsh proxy server is configured on Application Server (as usually done as reported on Admin guide)

      - secadmin has been run on client (secure file is created)

      - blcred has been run in order to acquire credentials (ok message is returned)

       

      but this is not true.

       

      The appserver.log says:

       

      + BLAdmin::192.168.65.57 user authentication successful: BLAdmin

      BLAdmin::192.168.65.57 Authentication Connection closed

      +

       

      and the console.log:

       

      + Anonymous:Anonymous:192.168.65.57 Connection closed by /192.168.65.57:6021 before pre-authentication handshake could be completed.

      Anonymous:Anonymous:192.168.65.57 failure establishing session with proxy service

      Anonymous:Anonymous:192.168.65.57 NSH Proxy Connection closed+

       

      Any suggestion?

       

      Thanks

        • 1. Re: NSH shell proxy doesn't work
          Bill Robinson

          is 9842 open from the client to the appserver?

          do you see the proxysvcurl in the credentials? (blcred cred -list)

           

          you enabled the 'blsso' nsh proxy, not the legacy SRP or CLR proxy right?

          • 2. Re: NSH shell proxy doesn't work
            Narjit Najran

            I am receiving the same error and can't see where I'm going wrong. Any help would be appreciated. Thanks.

             

            From NSH I get

             

            SSO Error: Unacceptable proxy service greeting.
            Error in Initializing RBAC User and Role (SSO Proxy)
            Network Shell can be used for local access

             

            And in the appserver.log I see:

             

            failure establishing session with proxy service

            NSH Proxy Connection closed

             

            In my secure file I have

            default:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls:auth_profile=TEST_76:auth_profiles_file=/d/Program Files/BMC BladeLogic/OM_2/br/authenticationProfiles.xml:appserver_protocol=ssoproxy

             

            And in my credentials list I can see the urls

             

            %blcred cred -list

            Username:         BLAdmin
            Authentication:   SRP
            Issuing Service:  service:authsvc.bladelogic:blauth://appserverhost:9840
            Expiration Time:  Mon Dec 14 21:59:32 GMT 2009
            Maximum Lifetime: Mon Dec 14 21:59:32 GMT 2009
            Client address:   10.10.96.221
            Authorized Roles:
                BLAdmins

            Destination URLs:
                service:appsvc.bladelogic:blsess://appserverhost:9841
                service:proxysvc.bladelogic:blsess://appserverhost:9842

            • 3. Re: NSH shell proxy doesn't work
              Bill Robinson

              the syntax of your secure file does not look correct. it should look like:

               

              default:protocol=5:auth_profile=QAProfile:
                 auth_profiles_file=/c/Program Files/BMC BladeLogic/OM/br
                 /authenticationProfiles.xml:
                 appserver_protocol=ssoproxy:tls_mode=encryption_only:
                 encryption=tls

               

               

              take out the port=4750

              • 4. Re: NSH shell proxy doesn't work
                Narjit Najran

                Thanks Bill.

                 

                The problem was that I have just installed a second version of the CM GUI on my desktop to test out the new app server (7.6) and the NSH I was using was the old version that was in my Path (v7.4.2). I have since modified my Path to use the new GUI, resolved the issue of incompatible cygwin1.dlls and now I can connect. I have also removed the port 4750 from the secure file. I do however see several 'NSH Proxy Connection closed' messages in the appserver log after executing a command through nsh, for example an 'ls' even though the command works fine. Is this supposed to happen?

                 

                Also is there a way to run two versions of the GUI and nsh simultanteously? So without having to edit the secure file and changing desktop environment variables? Or shall I post this in another forum?

                 

                Thanks.

                • 5. Re: NSH shell proxy doesn't work
                  Bill Robinson

                  If this was unix, I'd say check your environment variables.  On windows, I'm not sure.  you should be able to run 2 different versions of the GUI at the same time, I've done that w/o any changes.  as far as the secure file, unless you can separate the systems you are connecting to by network, you can only have 1 'default' line in there.