6 Replies Latest reply on Feb 25, 2011 11:45 AM by Bill Robinson

    NSH Proxy Error  SSO Error

      NSH.JPG

      This is the error I receive from my windows based client after checking the save credentials and running:

       

      secadmin  -m default -p 5 -auth_profile default1  -auth_profiles_file "/C/Program  Files/BMC  Software/BladeLogic/8.0/NSH/br/authenticationProfiles.xml"   -appserver_protocol ssoproxy -T encryption_only -e tls ......

       

      It returns:

      Entry   for host default successfully modified...  as it should.  When I exit   and relaunch NSH I get the error seen in the screenshot:

       

      I can login to the console as RBACAdmin, BLAdmin, and my ldap user just fine.

       

      Any ideas?

       

      I was wondering about the ProxySvcPort setting.  There is no value defined and I don't know if it needs to be?  I printed the setting before upgrading to SP6 from 8.0.0.359 and nothing was defined for ProxySvcPort before the upgrade either.

       

       

      I had an issue with LDAP authentication after the upgrade which I was able to resolve by adding the truststore back,

       

      I am now having an issue with the NSH Proxy.

       

      I can login to the console as RBACAdmin, BLAdmin, and my ldap user just fine.

       

      Any ideas?  It's like some of these items were overwritten....

       

      Thanks for any help you can offer.

        • 1. NSH Proxy Error  SSO Error

          Also wanted to add that our app server is running on RHEL.  RCP clients are windows based so far.

           

          Our base install was 8.0.0.359 and I upgraded to SP6 on Wednesday this week.  I am hoping to go to SP8 soon after we get the NSH Proxy working so we can get the new Sun Patch site to work..

           

          I am wondering if this will happen again when I install SP8???

           

          Thanks

          • 2. NSH Proxy Error  SSO Error
            Gerardo Bartoccini

            What's the output of blcred cred -list

            ?

            • 3. NSH Proxy Error  SSO Error

              bladmin>dsmdc-admin-blg1# blcred cred -list

              THIS SESSION CREDENTIAL HAS EXPIRED

              Username:         BLAdmin

              Authentication:   SRP

              Issuing Service:  service:authsvc.bladelogic:blauth://dsmdc-admin-blg1:9840

              Expiration Time:  Wed May 12 18:41:47 CDT 2010

              Maximum Lifetime: Wed May 12 18:41:47 CDT 2010

              Client address:   10.4.0.27

              Authorized Roles:

                  BLAdmins

                  GlobalReportAdmins

               

              Destination URLs:

                  service:appsvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9841

               

               

              You have new mail.

              dsmdc-admin-blg1#

              • 4. NSH Proxy Error  SSO Error

                THIS SESSION CREDENTIAL HAS EXPIRED

                 

                This does not look good...

                • 5. Re: NSH Proxy Error  SSO Error

                  The problem is that NSH proxy service is not running. Go to "Setting Up a Network Shell Proxy Server" in the BladeLogic Administration PDF. At a minimum, the application server instance you are trying to use as a NSH proxy has to be an ALL or NSH_PROXY instance and the ProxySvcPort has to be set. You will need to restart the appserver instance after the changes. When you try to fire up NSH, the secure file hits the URL and does not find the NSH proxy service running.

                  • 6. Re: NSH Proxy Error  SSO Error

                    Also, in your BBSA console, make sre you have "cache session credentials" checked and try to login. Then when you do the blcred list, you should see valid credentials there.

                    • 7. Re: NSH Proxy Error  SSO Error
                      Gerardo Bartoccini

                      Expiration time refers to May 2010.

                      Double check time settings on appserver. Is it a VM?

                      • 8. Re: NSH Proxy Error  SSO Error

                        Great..  Thanks guys..  It's working after setting the following with blasadmin:

                         

                        set appserver ProxySvcPort 9842

                         

                        .........and then restarting the appserver service.

                         

                         

                        • 9. Re: NSH Proxy Error  SSO Error

                          No problem. Mark this question as 'answered' and assign points please.

                          • 10. Re: NSH Proxy Error  SSO Error

                            gbartoccini:

                             

                            I am not sure why it is showing the old date and EXPIRED Credential on the appserver:

                             

                            dsmdc-admin-blg1# blcred cred -list
                            THIS SESSION CREDENTIAL HAS EXPIRED
                            Username:         BLAdmin
                            Authentication:   SRP
                            Issuing Service:  service:authsvc.bladelogic:blauth://dsmdc-admin-blg1:9840
                            Expiration Time:  Wed May 12 18:41:47 CDT 2010
                            Maximum Lifetime: Wed May 12 18:41:47 CDT 2010
                            Client address:   10.4.0.27
                            Authorized Roles:
                                BLAdmins
                                GlobalReportAdmins

                             

                            Destination URLs:
                                service:appsvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9841

                             


                            You have new mail.
                            dsmdc-admin-blg1# date
                            Fri Feb 25 11:01:36 CST 2011
                            You have new mail.
                            dsmdc-admin-blg1#
                            You have new mail.
                            dsmdc-admin-blg1#

                             

                            It is still showing that even though blcred is now showing good from my Client now:

                             

                            Pick Role:

                            1. BLAdmins

                            2. dsm_sysadmins

                            3. BladeLogic_Admin

                            1

                            nc-dm-dc237% blcred cred -list

                            Username:         uid=meller,ou=people,dc=mcdc,dc=com

                            Authentication:   LDAP

                            Issuing Service:  service:authsvc.bladelogic:blauth://10.4.0.27:9840

                            Expiration Time:  Fri Feb 25 20:22:08 CST 2011

                            Maximum Lifetime: Fri Feb 25 20:22:08 CST 2011

                            Client address:   10.25.53.3

                            Authorized Roles:

                                BladeLogic_Admin

                                BLAdmins

                                dsm_sysadmins

                             

                            Destination URLs:

                                service:appsvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9841

                                service:proxysvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9842

                             

                             

                            nc-dm-dc237%

                             

                            Pick Role:
                            1. BLAdmins
                            2. dsm_sysadmins
                            3. BladeLogic_Admin
                            1
                            nc-dm-dc237% cd //dallas
                            dallas% agentinfo
                            dallas:
                              Agent Release   : 8.0.8.814
                              Hostname        : dallas
                              Operating System: SunOS 5.10
                              User Permissions: 0/0 (root/root)
                              Security        : Protocol=5, Encryption=TLS1
                              Host ID         : 83091A3F
                              # of Processors : 1
                              License Status  : Licensed for NSH/CM
                            dallas% blcred cred -list
                            Username:         uid=meller,ou=people,dc=mcdc,dc=com
                            Authentication:   LDAP
                            Issuing Service:  service:authsvc.bladelogic:blauth://10.4.0.27:9840
                            Expiration Time:  Fri Feb 25 20:22:08 CST 2011
                            Maximum Lifetime: Fri Feb 25 20:22:08 CST 2011
                            Client address:   10.25.53.3
                            Authorized Roles:
                                BladeLogic_Admin
                                BLAdmins
                                dsm_sysadmins

                             

                            Destination URLs:
                                service:appsvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9841
                                service:proxysvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9842

                             


                            dallas% cd //
                            nc-dm-dc237% agentinfo
                            Can't access host "(null)": No error
                            nc-dm-dc237% blcred cred -list
                            Username:         uid=meller,ou=people,dc=mcdc,dc=com
                            Authentication:   LDAP
                            Issuing Service:  service:authsvc.bladelogic:blauth://10.4.0.27:9840
                            Expiration Time:  Fri Feb 25 20:22:08 CST 2011
                            Maximum Lifetime: Fri Feb 25 20:22:08 CST 2011
                            Client address:   10.25.53.3
                            Authorized Roles:
                                BladeLogic_Admin
                                BLAdmins
                                dsm_sysadmins

                             

                            Destination URLs:
                                service:appsvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9841
                                service:proxysvc.bladelogic:blsess://dsmdc-admin-blg1.mcomdc.com:9842

                             


                            nc-dm-dc237%
                            • 11. Re: NSH Proxy Error  SSO Error

                              Just use the destroy option to remove the expired credential.

                              • 12. Re: NSH Proxy Error  SSO Error

                                Can you give me an example of the command line etc...

                                 

                                like blcred cred -destroy  what????

                                 

                                So this will not affect anything since that expired credential is on the app server itself?

                                 

                                Obviously I am still learning so I am trying to get a proper understanding..

                                 

                                Thanks

                                • 13. Re: NSH Proxy Error  SSO Error

                                  Just do destroy. It will get rid of all of them. Then just grab new credentials.

                                  • 14. Re: NSH Proxy Error  SSO Error
                                    Bill Robinson

                                    blcred -destroy.

                                     

                                    also if you get a new credential it should overrite the expired one - eg blcred cred -acquire <options> or use the 'save cached credential for this session' option in the gui login.