6 Replies Latest reply on Jan 5, 2011 7:08 AM by Bill Robinson

    About Run Custom Command

    Antonio Caputo


      I have configured the NSH Proxy on a Win2k8 App Server (BL 8 SP7). Also I have a GUI installed on the App Server and another GUI on my laptop.


      When I run Custom Command (like "nsh here" or "Agent Information") from the GUI on the App Server the result comes up but if I do the same with the GUI from my laptop the nsh here window disappear and the Agent Information returns an empty output.


      The secure files of my laptop and the app server are the same and the nsh proxy is running (On the App Server I get a LISTENING from the 9842).

      I think something wrong in my use of this functionality so any suggestion can be good for me.



        • 1. About Run Custom Command

          You could try first opening NSH and acquiring credentials.... I had a similar issue and that solved it!

          • 2. Re: About Run Custom Command
            Antonio Caputo

            Hi did it and it does not work as well.

            Also I think that this could not be needed because the credentials should be acquired only for the local NSH shell to reach targets.

            In this case we open a "nsh here" from the GUI that is already autenticated ...


            Maybe I am wrong but this is what I understand playing with this feature.

            • 3. Re: About Run Custom Command

              In my experience, logging in to the GUI does not aquire credentials via NSH. Doesn't seem to make any sense really..... Even if I have the GUI open, when I launch NSH I still have to type "blcred cred -acquire"!!

              • 4. Re: About Run Custom Command
                Bill Robinson

                When you authenticate w/ the gui you need the check the ‘cache credentials for this session’ box under the ‘options’ menu on the gui login.  You will need to do this each time you login w/ the gui.


                Also, what is in the secure file?  You mentioned they were the same but you didn’t say what was in them?  even w/ the proxy configured, the appserver and client will still have different secure files.

                • 5. Re: About Run Custom Command
                  Antonio Caputo

                  This is the secure file in the WINDOWS\rsc folder of the AppServer:




                  If I run on the AppServer -> blcred cred -list I get: "The session credential cache is empty".

                  Now if I run the GUI without caching the credentials and I run on a server "NSH Here" the NSH Shell is opened.


                  So I think I don't need to cache the credentials.


                  If I run the same test from my laptop the nsh shell disappear.

                  It happens both with the same secure file written above and with the secure files after run the secadmin with the profile used on my laptop. In this case the secure is:


                  default:port=4750:protocol=5:tls_mode=encryption_only:auth_profiles_file=/c/Program Files/BMC Software/BladeLogic/8.0/NSH/br/authenticationProfiles.xml:auth_profile=TEST_PROFILE:appserver_protocol=ssoproxy:encryption=tls:


                  I think the problem is elsewhere ...

                  • 6. Re: About Run Custom Command
                    Bill Robinson

                    The syntax of the secure file in not correct on your client.  If the client doesn't have the rscd agent installed, you do not need the rscd line (but that is not the problem).




                    default:port=4750:protocol=5:tls_mode=encryption_only:auth_profiles_file=/c/Program Files/BMC Software/BladeLogic/8.0/NSH/br/authenticationProfiles.xml:auth_profile=TEST_PROFILE:appserver_protocol=ssoproxy:encryption=tls


                    you need to remove the 'port=4750' from this line - that is causing your client to not use the proxy.


                    regardless of where you run the 'nsh here' command from (appserver or client) you will pickup credentials if you do not have the nsh proxy configured.  that will initate a connection directly to the target agent.


                    once you configure the nsh client to use the nsh proxy, you need to have the sso credentials established, as the nsh proxy requires them, and those are not generated when you do the 'nsh here'.  so you must either use blcred or have the 'cache crednetials' option checked when you login to the gui.