what user does agent info show you are mapped to on the targets?
Anonymous:PrivelegeMapped (identity via trust)
You need to be mapped to root or the admin account
That one was for a Windows box... we're using automation principles though and it was my understanding that once you had configured a role to map to an automation principle (which we have with BLAdmin) you didn't need to configure users.local/users files etc?
That’s true, but however you are running the agentinfo, you are not mapped to a local user w/ privs to make the license change. if the automation principal is in use I believe agentinfo will return the user mapping correctly.
Is the nsh session you are using to run agentinfo using the nsh proxy?
The domain account has local admin rights though...? I haven’t set up an nsh proxy, I didn’t think it was necessary to be honest.
Setup the nsh proxy and setup the nsh client to use the proxy and then try it.
This is the only app server we have for this instance – setting it to act as an nsh proxy doesn’t stop anything else working does it?
I'm also a bit confused as to why we need an nsh proxy if you wouldn't mind explaining, Bill? (the manuals don't seem pariticularly helpful...)
I was trying this from the app server which has 4750 to all managed servers?
The only way for nsh to pickup the automation principal, or for that matter, any bladelogic creds is to go through the nsh proxy. making a direct connection from anywhere to an agent is only sending across the name of the OS account you are logged in as. Because there is no mapping for that name on the target you get mapped to anonymous/guest/nobody.
Ah OK I see! Thanks Bill.
What steps do I need to take to set this up on our application server? I find the manuals really confusing describing the nsh proxy stuff....
I notice on another thread, Bill, you've posted:
"if you want to test the nsh proxy function and the secure file that references it you need to run the client from a system other than the appserver."
All of my above problems were from a client on our app server - unfortunately we don't have any other servers to test this from.
Should I be getting these nsh errors when coming from the app server? Apologies for all the questions but I'm feeling like I'm in way over my head here!
in older versions of blade you could not configure the nsh client on the appserver to use a nsh proxy. in 8.x you can do this.
if the appserver is the only place you have a gui/nsh install (it's not a good long term idea to do this, the appserver shouldn't have the gui on it) do this:
-make sure 9842 is listening on the appserver
-make sure the secure file on the appserver is setup to use the nsh proxy
-launch the GUI, check the 'cache session credentials' box in 'options >>'
-from a server that's working, right click and do 'custom commands | nsh here'
-run the agentinfo against the target.
that will ensure you have bladelogic creds when you access the target system.
At the moment unfortunately we havent been given any spare servers/TS to install the GUI on so it has to be on the app server.
- set the ProxySvcPort to 9842 (which I believe is what you're referring to?)
- set the secure file as you described on the app server
- cached credentials logging in as BLAdmin > nsh here
I'm getting the following error then though:
"SSO Error: No authentication profile has been succesfully loaded. Single Sign-On connections require a valid authentication profile."
Which I don't really understand, as the authentication profile must be valid else I wouldn't have been able to log into the GUI?