You have configured your installation to use medium certificate verification which is the default on HP-UX (for comparison sake, on Windows low is the default). Apparently the certificate on the array being validated is expired and you should work with support to review (and possibly regenerate) the certificate if you want to maintain that level of security. You can confirm the verifying level by running:
If you want to get up and running, at least for now, another option you could consider is to forgo the certificate verification by uninstalling and reinstalling but pass the following parameter upon installation (there isn't a way to change an existing installation):
-x ask=true \*
When prompted for "verifying level", select: low or l.
Please enter the verifying level(low|medium|l|m) to set?
Review the Unisphere Host Agent /CLI and Utilities Release Notes document available on Powerlink via the following breadcrumb trail:
Home > Support > Technical Documentation and Advisories > Software ~ T-Z ~ Documentation > Unisphere > Release Notes
"reinstalling but pass the following parameter upon installation " ==========>here you mean reinstall "Navisphere agent" or Navisphere Secure CLI RPM package? I suppose you mean the former since I didn't see any interactive question during the installation of Navisphere Secure CLI RPM package when I ran "rpm -ivh NaviCLI-Linux-64-x86-en_US-7.31.32.0.42-1.x86_64.rpm".
[root@lx0034nbumast bin]# ./naviseccli -User XX -Password XXX -Scope 0 -Address 10.119.9.121 Error occurred during HTTP request/response from the target: '10.119.9.121'. Message : End of data stream
after I changed the security level from medium to low, I came across new error...still can;t login via CLI......
Ooops, was thinking HP-UX but you noted Linux. Steps are also in the same release notes and you'd want to skip to the section for Linux instead:
[...]
Linux a. Run command
rpm -ivh
b. Run command /opt/emc/uemcli- /bin/setlevel.sh low|medium|l|m to set the security level before you proceed.
c. In case of any failure while setting security level, error log will be stored at /opt/emc/uemcli-VERSION/bin/setlevel.log
[...]
You will have to uninstall and then reinstall as noted above as you need to run the setlevel.sh command immediately after the install. Again, this is assuming this level of verification is acceptable for you. If you need to maintain the medium verifying level, then review with support as mentioned in my previous post.
Since it is one of your SP's, my only thought then is a network connectivity issue using default port 443, but the previous error (made progress lowering verifying level) suggests this is not the issue.
Another thought may be to grab the Windows version of the utility, install it on a Windows server, and try the same. I'm not expecting different results, but might help troubleshoot by comparing.
I'd open up a ticket for support to review, but in the meantime let's see if anyone else has any thoughts.
The portion about passing at the command line during (re)installation was for HP-UX when I mistakenly was thinking of and not Linux.
For Linux, it is uninstall -> reinstall -> and then immediately run the command as noted above (also mentioned in the release notes).
Sorry for asking, but I'd like to rule it out, is 10.119.9.121 by chance your control station IP (and not SP A or SP B)? Otherwise, at this point it seems to be a network connectivity related error. By default, it uses -port 443 for communication.
Could you try but with a simple command as follows:
Also, if you want to store (encrypted) the credentials so you don't have to keep typing -User, -Password, and -Scope, you may want to look into the command
ivyyang1
1 Rookie
•
89 Posts
0
May 24th, 2012 03:00
anybody who can help?
christopher_ime
4 Operator
•
2K Posts
1
May 24th, 2012 22:00
You have configured your installation to use medium certificate verification which is the default on HP-UX (for comparison sake, on Windows low is the default). Apparently the certificate on the array being validated is expired and you should work with support to review (and possibly regenerate) the certificate if you want to maintain that level of security. You can confirm the verifying level by running:
/opt/Navisphere/bin/naviseccli security -certificate -getlevel
If you want to get up and running, at least for now, another option you could consider is to forgo the certificate verification by uninstalling and reinstalling but pass the following parameter upon installation (there isn't a way to change an existing installation):
-x ask=true \*
When prompted for "verifying level", select: low or l.
Please enter the verifying level(low|medium|l|m) to set?
Review the Unisphere Host Agent /CLI and Utilities Release Notes document available on Powerlink via the following breadcrumb trail:
Home > Support > Technical Documentation and Advisories > Software ~ T-Z ~ Documentation > Unisphere > Release Notes
ivyyang1
1 Rookie
•
89 Posts
0
May 24th, 2012 22:00
hi, Christopher
thanks for your reply. it's helpful
but i have a question.
"reinstalling but pass the following parameter upon installation " ==========>here you mean reinstall "Navisphere agent" or Navisphere Secure CLI RPM package? I suppose you mean the former since I didn't see any interactive question during the installation of Navisphere Secure CLI RPM package when I ran "rpm -ivh NaviCLI-Linux-64-x86-en_US-7.31.32.0.42-1.x86_64.rpm".
[root@lx0034nbumast bin]# /opt/Navisphere/bin/naviseccli security -certificate -getlevel
low
[root@lx0034nbumast bin]# ./naviseccli -User XX -Password XXX -Scope 0 -Address 10.119.9.121
Error occurred during HTTP request/response from the target: '10.119.9.121'.
Message : End of data stream
after I changed the security level from medium to low, I came across new error...still can;t login via CLI......
christopher_ime
4 Operator
•
2K Posts
0
May 24th, 2012 22:00
Ooops, was thinking HP-UX but you noted Linux. Steps are also in the same release notes and you'd want to skip to the section for Linux instead:
[...]
Linux
a. Run command
rpm -ivh
b. Run command
/opt/emc/uemcli- /bin/setlevel.sh
low|medium|l|m to set the security level before you proceed.
c. In case of any failure while setting security level, error log will be stored at
/opt/emc/uemcli-VERSION/bin/setlevel.log
[...]
You will have to uninstall and then reinstall as noted above as you need to run the setlevel.sh command immediately after the install. Again, this is assuming this level of verification is acceptable for you. If you need to maintain the medium verifying level, then review with support as mentioned in my previous post.
christopher_ime
4 Operator
•
2K Posts
0
May 24th, 2012 23:00
Since it is one of your SP's, my only thought then is a network connectivity issue using default port 443, but the previous error (made progress lowering verifying level) suggests this is not the issue.
Another thought may be to grab the Windows version of the utility, install it on a Windows server, and try the same. I'm not expecting different results, but might help troubleshoot by comparing.
I'd open up a ticket for support to review, but in the meantime let's see if anyone else has any thoughts.
ivyyang1
1 Rookie
•
89 Posts
0
May 24th, 2012 23:00
10.119.9.121 is the IP of SPA. thanks very much for your help ,Christopher !
I will try "AddUserSecurity" later.
ivyyang1
1 Rookie
•
89 Posts
0
May 24th, 2012 23:00
ok I will download CLI for windows and try again!thanks!!
christopher_ime
4 Operator
•
2K Posts
0
May 24th, 2012 23:00
The portion about passing at the command line during (re)installation was for HP-UX when I mistakenly was thinking of and not Linux.
For Linux, it is uninstall -> reinstall -> and then immediately run the command as noted above (also mentioned in the release notes).
Sorry for asking, but I'd like to rule it out, is 10.119.9.121 by chance your control station IP (and not SP A or SP B)? Otherwise, at this point it seems to be a network connectivity related error. By default, it uses -port 443 for communication.
Could you try but with a simple command as follows:
naviseccli -h not CS> -User xxx -Password xxx -Scope 0 getagent
Also, if you want to store (encrypted) the credentials so you don't have to keep typing -User, -Password, and -Scope, you may want to look into the command
-AddUserSecurity