Service Desk Practitioners Forum
cancel

SD5: More than one Management Server

SOLVED
Go to solution
Highlighted
Hanspeter Loche
Super Contributor.

SD5: More than one Management Server

Hi All

We are running Service Desk V5 with following Servers:
1 MSSQL Server
1 FTP Server
2 Management Servers

The Problem: All runs well if we have only one Management Server (Server 1). For Weight Balancing we would like to have a second Management Server. As soon as we start the services on server 2 there is no longer an authentication on any of the servers possible.

Running only server 2 doesn't work: Authentication on Server 2 not possible.

Although both servers are setup the same way (Virtual Servers) the only way is: we need to run Server 1 and stop Server 2

My question: Has anyone experiences with running more than one Management Server?

Thank you for help
Hanspeter
6 REPLIES
Ragu_4
Respected Contributor.

Re: SD5: More than one Management Server

Hi Turn on login server only on one server and other one should only be management server with no certification and login services started.

type OVC - Status will give you the information and you can stop using OVC login server and try.

R*
Hanspeter Loche
Super Contributor.

Re: SD5: More than one Management Server

Hi Ragu
Thanks for your help. Unfortunately doesn't help. When trying to logon the following message appears:
Login failed. Signed subject authentication failure. Please contact your system administrator.

Thanks
Hanspeter
Ragu_4
Respected Contributor.

Re: SD5: More than one Management Server

Hi
That looks like the authentication prob.
Can you check the login details for the client and try again.
Hanspeter Loche
Super Contributor.

Re: SD5: More than one Management Server

Hi Ragu
Thank you for help. We made that hundert times, I opened a call at hp, no solution so far. hp said they don't have experiences with two managment servers. That's why I asked in this forum, somebody might have. Do you?

Thank you
Hanspeter
Ragu_4
Respected Contributor.

Re: SD5: More than one Management Server

when you installed the second server did you install using second server feature and connected to the existing database / server.
is it possble to send screen shots of OVC for both servers seperately.
philstep
Valued Contributor.
Solution

Re: SD5: More than one Management Server

Have you exported the certificate to the secondary server?

Below is the process if you haven't

This problem occurs because the trusted certificate of the certificate server has not been exported to the secondary server.

To do this the following steps need to be taken:

1. On the primary server (the one running the certificate server) run the following command:

ovcert -exporttrusted -file c:\trusted.cert -ovrg server

(c:\trusted.cert is an example file name. You can choose any name.)


2. Transfer the file that is created (trusted.cert) to the secondary server (assuming it is put in c:\ again)


3. On the secondary server, stop all processes (ovc -stop)


4. On the secondary server, run the following command:

ovcert -importtrusted -file c:\trusted.cert


5. On the secondary server start the object server processes again (ovc -start).

If you now run the command ovcert -list on the secondary server it should show the trusted certificate that has been imported. Load balancing will work fine now if the primary server is used as the login server as well. To be able to use the secondary server as the login server, some additional steps need to be taken.

Only management servers that have a valid certificate installed can act as a login server. The previous steps installed a Trusted Certificate. However, if you run 'ovcert -list', it will show that the secondary server does not have a certificate of it's own. To obtain this, the certificate needs to be issued from the certificate server. These steps need to be taken:

1. On the Secondary server run:

ovcoreid

This will return the coreid of the installed management server. Copy this id or write it down somewhere.

2. On the Certificate server (your Primary server) run the following command (make sure the certificate server is running):

ovcm -issue -file c:\cert -name -pass password -coreid

Below is an example coming from a test environment:

ovcm -issue -file c:\cert -name ovtest.nld.hp.com -pass password -coreid e1966932-c832-7518-043c-e26554f88817
Copy the file that is created to the secondary server.

3. On the secondary server run the following command:

ovcert -importcert -file c:\cert -pass password

This will import the certificate into the Keystore of your secondary server (you can check using: ovcert -list). After you have done this you should be able to use the secondary server as a login server as well.