Highlighted
RobClendenin
1 Nickel

ESRS VE Provisioning - Unable to login to emc support

Jump to solution

During the initial configuration of ESRS VE I am able to proceed from Registration to Provisioning.  We do not use a proxy server, the Network Check passes for all sites, however when I go to the next step, Provision I am unable to login using my support credentials.  I receive an immediate "User Login Process Failed" error.

SnipImage.JPG.jpg

What I would like to do is login to the console and examine the logs so I can confirm communications and/or work with my networking team to get any missing destinations allowed.  Anyone have any idea where these logs are kept?

0 Kudos
8 Replies
RPE1
1 Nickel

Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

Checkout https://support.emc.com/kb/202306 for the logfile location and a possible solution for this issue

RobClendenin
1 Nickel

Re: Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

I had found that article and verified the time/time zone are correct.  However I am seeing some anomalies.  In YAST time and timezone are set properly, however using ssh or winscp , if I look at the provisioning log in /var/log/esrs/provisioning the time the logged times appear to be UTC time.

The log shows the following errors -

Caused by: ! sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ! at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.7.0_91] ! at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.7.0_91] !... 68 common frames omitted ERROR [2016-02-12 13:27:42,109] com.emc.esrs.provisioning.ProvisioningResource: ProvisioningServiceException :com.emc.esrs.provisioning.exception.ProvisioningServiceException: User Login Process Failed

0 Kudos
gallom1
1 Nickel

Re: Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

Hi Rob,

    do you know if there are some of these checking? (as per KB 000013285)

no SSL checking, Certificate verification or Certificate Proxying is permitted

Just in case you can follow the Knowledge Base Article: 000210985 "ESRS VE: User log on process failed when provisioning ESRS VE, How to troubleshoot SSL checking / Filtering"

You also could issue this comand from ESRS VE SSH

/usr/bin/openssl s_client -showcerts -connect esrs-core.emc.com:443

Regards

      Marco

0 Kudos
RobClendenin
1 Nickel

Re: Re: Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

I am unable to find those KB articles, however I did issue the command via SSH and see the following error:

Verify return code: 21 (unable to verify the first certificate

So I am pretty sure I need to disable SSL checking, Certificate Verification.. however I would assume that as a virtual appliance this should already be set in the appliance?  I also have a question on this submitted to my network/firewall team.

0 Kudos
gallom1
1 Nickel

Re: Re: Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

Try to search the KB removing the 0 before. (13285 and 210985). With your return code 21 there is the possibility that some router or firewall in the network is doing some SSL checking certificate verification etc...As you mention before the ESRS VE is a preconfigured VM and we don't enable this kind of check because is not supported so I think that you have done well opening a ticket to your network group for a verification.

Regards

      Marco

RobClendenin
1 Nickel

Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

The issue was on my side, we did indeed do ssl inspection.  The network team created some bypass rules for the ESRS destinations and everything started working normally.  Thanks for the assistance.

0 Kudos
stylnchris
1 Copper

Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

You need to import your Businesses SSL Certificate into the cacert keystore.

wget http://yourcompanysslcert.pem

wget http://yourcompanysslcert2.pem  (there might be more then one for unchained certs)

you will need to convert the certificate from pem to der format because java cert store doesn't understand pem format.

openssl x509 -outform der -in myCert1.pem -out myCert1.der

openssl x509 -outform der -in myCert2.pem -out myCert2.der    (there might be more then one for unchained certs)

/usr/java/default/bin/keytool -alias myCert1 -keystore /usr/java/jre1.8.0_74/lib/security/cacerts -file mycert1.der

password = changeit

Trust this certificate? [no]:  yes

Certificate was added to keystore

/usr/java/default/bin/keytool -alias myCert2 -keystore /usr/java/jre1.8.0_74/lib/security/cacerts -file mycert2.der

password = changeit

Trust this certificate? [no]:  yes

Certificate was added to keystore

reboot the appliance and go though the setup process though the webgui.

0 Kudos

Re: Re: ESRS VE Provisioning - Unable to login to emc support

Jump to solution

Hello,

i've the same problem. How i can solve it?

0 Kudos