This post is more than 5 years old
9 Posts
0
19670
ESRS VE Provisioning - Unable to login to emc support
During the initial configuration of ESRS VE I am able to proceed from Registration to Provisioning. We do not use a proxy server, the Network Check passes for all sites, however when I go to the next step, Provision I am unable to login using my support credentials. I receive an immediate "User Login Process Failed" error.
What I would like to do is login to the console and examine the logs so I can confirm communications and/or work with my networking team to get any missing destinations allowed. Anyone have any idea where these logs are kept?
gallom1
22 Posts
0
February 12th, 2016 06:00
Hi Rob,
do you know if there are some of these checking? (as per KB 000013285)
no SSL checking, Certificate verification or Certificate Proxying is permitted
Just in case you can follow the Knowledge Base Article: 000210985 "ESRS VE: User log on process failed when provisioning ESRS VE, How to troubleshoot SSL checking / Filtering"
You also could issue this comand from ESRS VE SSH
/usr/bin/openssl s_client -showcerts -connect esrs-core.emc.com:443
Regards
Marco
RPE
33 Posts
2
February 11th, 2016 23:00
Checkout https://support.emc.com/kb/202306 for the logfile location and a possible solution for this issue
RobClendenin
9 Posts
0
February 12th, 2016 05:00
I had found that article and verified the time/time zone are correct. However I am seeing some anomalies. In YAST time and timezone are set properly, however using ssh or winscp , if I look at the provisioning log in /var/log/esrs/provisioning the time the logged times appear to be UTC time.
The log shows the following errors -
Caused by: ! sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ! at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.7.0_91] ! at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.7.0_91] !... 68 common frames omitted ERROR [2016-02-12 13:27:42,109] com.emc.esrs.provisioning.ProvisioningResource: ProvisioningServiceException :com.emc.esrs.provisioning.exception.ProvisioningServiceException: User Login Process Failed
RobClendenin
9 Posts
0
February 12th, 2016 07:00
I am unable to find those KB articles, however I did issue the command via SSH and see the following error:
Verify return code: 21 (unable to verify the first certificate
So I am pretty sure I need to disable SSL checking, Certificate Verification.. however I would assume that as a virtual appliance this should already be set in the appliance? I also have a question on this submitted to my network/firewall team.
gallom1
22 Posts
1
February 12th, 2016 10:00
Try to search the KB removing the 0 before. (13285 and 210985). With your return code 21 there is the possibility that some router or firewall in the network is doing some SSL checking certificate verification etc...As you mention before the ESRS VE is a preconfigured VM and we don't enable this kind of check because is not supported so I think that you have done well opening a ticket to your network group for a verification.
Regards
Marco
RobClendenin
9 Posts
0
February 15th, 2016 06:00
The issue was on my side, we did indeed do ssl inspection. The network team created some bypass rules for the ESRS destinations and everything started working normally. Thanks for the assistance.
stylnchris
3 Posts
0
July 13th, 2016 11:00
You need to import your Businesses SSL Certificate into the cacert keystore.
wget http://yourcompanysslcert.pem
wget http://yourcompanysslcert2.pem (there might be more then one for unchained certs)
you will need to convert the certificate from pem to der format because java cert store doesn't understand pem format.
openssl x509 -outform der -in myCert1.pem -out myCert1.der
openssl x509 -outform der -in myCert2.pem -out myCert2.der (there might be more then one for unchained certs)
/usr/java/default/bin/keytool -alias myCert1 -keystore /usr/java/jre1.8.0_74/lib/security/cacerts -file mycert1.der
password = changeit
Trust this certificate? [no]: yes
Certificate was added to keystore
/usr/java/default/bin/keytool -alias myCert2 -keystore /usr/java/jre1.8.0_74/lib/security/cacerts -file mycert2.der
password = changeit
Trust this certificate? [no]: yes
Certificate was added to keystore
reboot the appliance and go though the setup process though the webgui.
nicolas_pasquar
1 Message
0
April 5th, 2017 03:00
Hello,
i've the same problem. How i can solve it?