LMS 4.1 https/syslog

redouanebali · ‎02-06-2012

I have some problems with LMS 4.1. When i switch to https i can't accces

I have these message :

Forbidden

You don't have permission to access /cwhp/LiaisonServlet on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

2 question : the timer of sysolg is not synchronised with the ntp server : when i see the error ( time it's ok) but when i see the same error in the syslog i have a one hour time lag.

Thanks

Red1

v.nikolaev · ‎02-15-2012

Hi.

I have the same problem. Any ideas?

Michel Hegeraat · ‎02-15-2012

There is sometimes a problem with the redirecting after you log in. Try to go direcly to this url:

https:///cwportal/group/lms/lms-monitoring

Cheers,

Michel

redouanebali · ‎02-16-2012

Hi Michel,

Your answer is about https or syslog??

Thank you

Red1

v.nikolaev · ‎02-16-2012

Here is recommendation from Cisco TAC. It was perect for me (Cisco Prime LMS for Windows 4.1. Problem: no access to portal after switching to https)

-- Dont forget to start you shell session as Administrator

net stop crmdmgtd

-- Remove server.* files under NMSROOT\MDC\Apache\conf\ssl

NMSROOT\bin\perl NMSROOT\MDC\Apache\ConfigSSL.pl -disable

NMSROOT\bin\perl NMSROOT\MDC\Apache\ConfigSSL.pl -enable

-- If the command says something as " Usage ConfigSSL.pl -enable | -disable"

-- Please then try it like this:

-- NMSROOT\bin\perl NMSROOT\MDC\Apache\perl ConfigSSL.pl -disable

-- NMSROOT\bin\perl NMSROOT\MDC\Apache\perl ConfigSSL.pl -enable

NMSROOT\bin\perl NMSROOT\MDC\Apache\bin\ConfigSSL.pl -disable (only if you do not use SSL https://...)

net start crmdmgtd

-- Ensure that the following files are created under

-- NMSROOT\MDC\Apache\conf\ssl

-- server.crt

-- server.key

-- server.pk8

-- Wait about 15 minutes or so and login again.

redouanebali · ‎02-16-2012

Thank you very much Vladimir,

I will tray it.

Cdlt

Red1

bdunsing2 · ‎03-07-2012

I had a little trouble following Vladimir's response, so I paid attention while the TAC engineer did his thing...

Delete the server.* files as indicated in vlad's post above

at CMD prompt opened as Administrator:

C:\>net stop crmdmgtd

Then

C:\Program Files (x86)\CSCOpx\MDC\Apache>C:\Progra~2\CSCOpx\bin\perl.exe ConfigSSL.pl -disable
(after hitting enter, message was "SSL is disabled. Restart Daemon Manager to reflect the changes.

Next command was
C:\Program Files (x86)\CSCOpx\MDC\Apache>C:\Progra~2\CSCOpx\bin\perl.exe ConfigSSL.pl -enable

Output was:
You don't have a private key and/or certificate

*** Running key and certificate generation utility ***

Please enter the following information. It is needed to generate your temporary certificate

Country (2 letter code) :
State or Province (full name):
Locality (eg, city) :
Orgaization (eg, company):
Organization_unit (eg, company):
Host Name (eg, FQDN):
enter email address (eg, your_name@domainname.com):

After hitting enter, the private key and certificate was generated.

net start crmdmgtd

IMPORTANT: It took a good 15 minutes for the services to restart (as Vlad indicates). You can check their status by typing

c:\Program Files (x86)\CSCOpx\bin>pdshow -brief

The TAC engineer said this was how they used to change the https/http login method on previous versions, but now there was a radio button on the Settings page in LMS. Selecting that button is supposed to do what these command lines just did, but they are not. BUG.

Anjas Vaheed · ‎08-06-2012

That works perfectly for me as well....

geder · ‎09-11-2012

Thanks for that Post.

It also solved my Problem