Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
5
Replies

migration LMS 3.1 to LMS 3.1 --- SSL issues

max12341234
Level 1
Level 1

‎09-02-2009 08:46 AM

Hi all,

I just performed a migration from one server to another (same version of OS, LMS, and application modules) After the restore, I ran hostnamechange.pl. The log files look clean and things seem to work OK.

Before the migration I loaded a 3rd party certificate to the new server and didn't have problems.

Problem: When I enable SSL via the GUI and restart the daemon manager, I can get to the first LMS web page (default Functional tab). The lock sign shows up properly. However, when I click on almost every link that is off of this page (such as Device Center), I get the following error:

__________________________________________________

Forbidden

You don't have permission to access /cwhp/device.center.do on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

_________________________________________________

Afterwards, I stopped the deamon, ran configssl.pl -disable, start daemon, etc. and the error goes away. However, now SSL is not enabled as desired. I was wondering if anyone knew why SSL can be enabled for the first page, and

why I would get the /cwhp/device.center.do on other pages? Does enabling SSL affect how the internal database is accessed?

Thanks!

--Max

Labels:
0 Helpful
5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

‎09-02-2009 08:52 AM

Go back to the CLI, and run ConfigSSL.pl -enable. That should resync SSL to the necessary places, and allow SSL to work throughout.

0 Helpful

max12341234
Level 1
Level 1
In response to Joe Clarke

‎09-03-2009 04:19 AM

Hi jclarke,

Thanks for your quick reply. I tried that several times, but it did not fix the problem. I restarted the daemon manager, and I even rebooted.

I find it very unusual that the first page loads fine using SSL - green lock symbol, good cert, etc.. Then when I click on a link I get the "forbidden" error.

-Max

--Max

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to max12341234

‎09-03-2009 10:04 AM

No, that is typical. Post a screenshot of your Services control panel showing all of the CiscoWorks services. Also, post the output of the command:

pdreg -l Apache

And the NMSROOT/lib/classpath/md.properties file.

0 Helpful

Joan Pelser
Level 1
Level 1
In response to Joe Clarke

‎09-04-2009 12:47 AM

Hi there,

I have exactly the same issue. Please let me know if you find a resolution

0 Helpful

max12341234
Level 1
Level 1
In response to Joan Pelser

‎09-10-2009 03:20 AM

Hi All,

I was able to solve the problem by re-doing the order of the certificate installation.

I figured it would be too difficult to troubleshoot so I started over. The symtpoms were that I can get to all tabs, but when I clicked on a link (which caused a new browser window to pop up) I had the error.

I started with a fresh LMS 3.1 as my target server as before. However, this time I did not install a third-party cert. I followed the usual reload from backup and changename script. Then, after it was working with a self-signed cert, I added the third-part certificate. That worked!

--Max

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card