cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
853
Views
0
Helpful
1
Replies

CSA agents not using FQDN to register

jjkruege
Level 1
Level 1

I installed CSA MC on a server that is in our DMZ. I forgot to set the FQDN of the server before installing VMS. The server's name is in our inside and outside DNS servers. All of my hosts that are part of that domain can register with the MC, but none of my non-domain member laptops can. I looked at the agent.bundle and the csalog file and it appears that they are trying to register with the netbios name of the server. I assume that since I had not told the MC server what its domain suffix was, that CSA used the netbios name.

I went back and added the full DNS name to the server properties. I generated a new agent kit, but it still contains the netbios name for registration. Is there anything I can do to get these agent kits to use the full DNS name of the server? Am I correct in saying that if I had setup the server's name to be a full DNS name before installing VMS, that I would not have this problem?

I understand that I could add an lmhosts file to the PC's, but I do not have control over them to do that. I also thought about changing the agent.bundle on the PC's, but I will not be able to get access to do this.

Thanks,

Josh

1 Reply 1

tomayer
Level 1
Level 1

Hi Josh!

After changing the DNS Name of the CSA MC, you have to generate the new certificates for the MC.

First( on the CSA MC):

net stop csagent

net stop crmdmgtd

Second:

Delete the Files:

CSCOpx\CSAMC\cfg\sslca.crt

CSCOpx\CSAMC\cfg\sslhost.crt

CSCOpx\lib\web\conf\root.crt

CSCOpx\lib\web\conf\server.key

CSCOpx\lib\web\conf\server.crt

CSCOpx\MDC\Apache\conf\ssl\chain.cer

CSCOpx\MDC\Apache\conf\ssl\root.crt

CSCOpx\MDC\Apache\conf\ssl\server.key

CSCOpx\MDC\Apache\conf\ssl\server.cert

Third:

Change to the directory CSCOpx\CSAMC\Bin

and type: "perl.exe installcert.pl -forceinstall"

Fourth:

net start crmdmgtd

net start csagent

After some minutes to allow all Cisco Works Processes to start, change to

CSCOpx\CSAMC\Bin

enter "webmgr makekits_refresh"

The Server is now generating the new KITS with all the new stuff.

Problem: The installed Agents habe not yet any knowledge of the new certificate.

Go to the Agents (your DMZ Server, for example)

stop the agent:

net stop csagent

Copy the Certificate from the CSA MC from the directory

CSCOpx\CSAMC\cfg\sslca.crt

into the correct place for the Agent:

Program Files\Cisco\CSAgent\cfg\sslca.crt

Now you can edit the agent.bundle to reflect the new DNS Name of the server.

And then start the CSA Agent

HTH,

regards,

Tobias

Review Cisco Networking for a $25 gift card