Smarts NCM: After renewing self-signed certificate, communication between Application Server and Device Servers is not restored and jobs will not run
search cancel

Smarts NCM: After renewing self-signed certificate, communication between Application Server and Device Servers is not restored and jobs will not run

book

Article ID: 331080

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:


After renewing the Smarts NCM self-signed certificate (as described in ETA 165730), communication between Application Server and Device Servers is not restored.

Smarts NCM jobs such as config pulls are not running but instead remain listed as Queued for Execution.

Error seen in Smarts NCM syssyncm.log:
Connection Error: SSL certificate check failed: Certificate verification fail - self signed certificate in certificate chain the certificate chain could be built up using the untrusted certificates but the root could not be found locally.


Environment

VMware Smart Assurance - NCM

Cause

The new hash key may not have been generated on the Smarts NCM Application server and/or the Device server(s).

Resolution

To address this issue, run the Smarts NCM cert_hash.pl script aganist the new voyenceca.crt file to generate the new hash key. This can be done as follows:

  1. On the Smarts NCM Application server, change directory to the following:

$VOYENCE_HOME/conf/CA

  1. If running Linux or Solaris, run the following command to see the directory contents and their details:
ls -lrt
  1. Check the modification time on the new voyenceca.crt file and the hash key file (file with .0 extension).
  2. If the hash key file is older than the new voyenceca.crt file, then you need to generate a new hash key file. This is done using the cert_hash.pl perl script in the same directory by running the following command:
perl cert_hash.pl voyenceca.crt
  1. Run ls -lrt again and you should see the new hash key generated with the new date.
  2. Repeat the preceding steps on each of the Smarts NCM Device Servers in the environment.
    • Services do not need to be restarted. Smarts NCM will immediately start using the new hash key.
  3. Start a new Smarts NCM job such as a config pull job and it should now complete successfully.