This section explains how to troubleshoot cloning issues that occur after re-installing the Manager.

When performing a cloning image operation (collection or deployment) on a managed server that was already registered on the Manager before re-installation, the following problem may occur. The Manager and Agent certificates may not match, resulting in the Admin Server being unable to communicate with its managed server. In such a case, trying to deploy or collect an image to or from the managed server will fail. This problem occurs when the following conditions are met.

• The Manager was re-installed, but its certificate store was not properly backed up, as described in "3.1.2 Uninstallation" of the "ServerView Resource Coordinator VE Installation Guide"

• Both the Manager and Agent were re-installed (and their certificates renewed), but a cloning image that was collected before the re-installation is deployed, thus restoring an outdated Agent certificate on the managed server

Use the following procedure to correct the problem.

After correcting problem, it is also recommended to update any cloning image that contains an outdated Agent certificate in order to avoid further certificate problems.

How to check certificates

1. Stop the Manager and then display SSL certificate data by executing the following commands on the Admin Server.

   >"Installation_folder\Manager\bin\rcxadm" mgrctl stop <RETURN> >"Installation_folder\Manager\bin\rcxadm" certctl list <RETURN>

   Refer to "5.2 rcxadm certctl" and "5.6 rcxadm mgrctl" of the "ServerView Resource Coordinator VE Command Reference" for information on these commands.

   Example Results

   Truststore: -------------- Key store type: jks Key store provider: SUN The key store includes four entries. client2, May, 10, 2007, trustedCertEntry, Certificate fingerprint (MD5): 0F:4E:1C:DB:19:AE:3B:82:9D:74:93:6C:46:D8:7C:D2 client1, May, 10, 2007, trustedCertEntry, Certificate fingerprint (MD5): 9D:99:ED:88:C0:8F:32:26:60:FA:4C:96:A2:34:5A:45 server4, May, 11, 2007, trustedCertEntry, Certificate fingerprint (MD5): DC:E3:19:59:08:6D:C4:AD:B4:C7:F6:5C:E1:52:0A:1A (*1) server3, May, 11, 2007, trustedCertEntry, Certificate fingerprint (MD5): 9B:EB:94:58:90:E8:09:BE:BD:FA:14:83:9D:87:3A:E4 ... Keystore: -------------- Keystore type: jks Keystore provider: SUN 2 entries are contained in the keystore. client, 2007/05/11, keyEntry, Certificate fingerprint (MD5): AA:55:85:54:6B:57:80:4F:8C:6E:2E:AA:7C:77:DB:F6 (*2) server, 2007/05/11, keyEntry, Certificate fingerprint (MD5): 14:48:31:68:C9:CA:66:E1:E0:34:8A:FC:1C:17:19:EF

2. Stop the Agent and display SSL certificate data by executing the following commands on the managed server where the error occurred.

   [Windows]

   >"Installation_folder\Agent\bin\rcxadm" agtctl stop <RETURN> >"Installation_folder\Agent\bin\rcxadm" certctl list <RETURN>

   [Linux]

   # /opt/FJSVrcxat/bin/rcxadm agtctl stop <RETURN> # /opt/FJSVrcxat/bin/rcxadm certctl list <RETURN>

   Refer to "5.1 rcxadm agtctl" and "5.2 rcxadm certctl" of the "ServerView Resource Coordinator VE Command Reference" for information on these commands.

   Example Results

   Truststore: -------------- Keystore type: jks Keystore provider: SUN 1 entry is contained in the keystore. client1, 2007/05/11, trustedCertEntry, Certificate fingerprint (MD5): AA:55:85:54:6B:57:80:4F:8C:6E:2E:AA:7C:77:DB:F6 (*2) ... Keystore: -------------- Key store type: jks Key store provider: SUN The key store includes one entry. server, May, 11, 2007, keyEntry, Certificate fingerprint (MD5): DC:E3:19:59:08:6D:C4:AD:B4:C7:F6:5C:E1:52:0A:1A (*1)

3. Check the fingerprint that is contained in the Agent Keystore.

   As shown in the example in (*1), check that the fingerprint that is contained in the Agent Keystore is also contained in the Manager Truststore that is shown in "Example Results" of step 1.
   If it is not, refer to "Corrective Action" to take proper corrective action.

4. Check the fingerprint that is contained in the Agent Truststore.

   As shown in the example in (*2), check that the fingerprint that is contained in the Agent Truststore is also contained in the Manager Keystore that is shown in "Example Results" of step 1.
   If it is not, refer to "Corrective Action" to take proper corrective action.

Corrective Action

[Windows]

[Linux]