Certificates

  • Article

Applies To: Operations Manager 2007 R2

You might receive error messages that are related to missing or expired connector certificates. To make sure that an error message is certificate-related, verify first that the problem is related to certificates. Then, if it is, reinstall or update the certificate. In many cases, you can use the Windows Remote Management (WinRM) commands described in Using Windows Remote Management to Troubleshoot Connectors to determine the status of certificates, as shown in the resolution of the following error messages.

No Providers Could Be Contacted

Problem: The "No Providers Could Be Contacted" message usually indicates that the connector service could not connect to any provider configured in the Connector Configuration user interface on port 1270.

Resolution: You can use winrm commands to connect to the provider to determine whether it is available. If you know the local administrator password, use basic authentication to connect to the provider. Otherwise, use Kerberos authentication. To use Kerberos authentication, both the connector and provider server nodes must be in the same domain, and the user must be in the local administrators’ group on the provider server. You can run winrm command options with or without certificates.

To determine whether certificates are working, use the skipCAcheck -skipCNcheck options to run without certificates. Run winrm commands connect to the provider and determine whether the provider is available. If the provider is available, you know that the certificates are the problem.

You can also run winrm commands with or without certificates. If you run the commands without certificates, you have to bypass the certificates to determine whether they are the cause of the problem. If the commands succeed, you will see no results. If they fail, they will display an error message.

The following sample code shows the use of winrm commands on Windows and UNIX servers, running as an administrator on the local system or on the domain.

Windows Based Provider Commands

  • Basic Administrator

    Winrm e https://schemas.microsoft.com/wbem/wsman/1/wmi/root/scx/* -r:https://<node name of provider>:1270 –u:administrator –p:******** -auth:basic –encoding:utf-8 –skipCAcheck –skipCNcheck –filter:”select * from SCX_Connector, where ManagementGroupName = ‘test’”

winrm e https://schemas.microsoft.com/wbem/wsman/1/wmi/root/scx/* -r:https://<node name of provider>:1270 –u:administrator –p:******** -auth:kerberos –encoding:utf-8 –skipCAcheck –skipCNcheck –filter:”select * from SCX_Connector, where ManagementGroupName = ‘test’”

UNIX-Based Server Provider Commands

  • Basic Administrator

    winrm e https://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Connector?_cimnamespace=root/scx -r:https://<node name of provider> -u:root –p:******** -auth:basic –encoding:utf8 –skipCAcheck –skipCNcheck –filter:”select * from SCX_Connector, where ManagementGroupName = ‘test’”

winrm e https://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Connector?_cimnamespace=root/scx -r:https://<node name of provider> -u:root –p:******** -auth:kerberos –encoding:utf8 –skipCAcheck –skipCNcheck –filter:”select * from SCX_Connector, where ManagementGroupName = ‘test’”

Security Error Occurred While Selecting the WS-Management Server Type

Problem: The following error message appears in the connector log:

Exception: A security error occurred while determining the WSMan type of server xxxx

Resolution: This problem occurs because the correct certificate is not installed.

You can distinguish between a certificate error and bad credentials by running a winrm –enumerage command against the provider with the skipCAcheck option. If the command succeeds, the problem is related to the certificate itself.