We are running Service Desk V5 with following Servers: 1 MSSQL Server 1 FTP Server 2 Management Servers
The Problem: All runs well if we have only one Management Server (Server 1). For Weight Balancing we would like to have a second Management Server. As soon as we start the services on server 2 there is no longer an authentication on any of the servers possible.
Running only server 2 doesn't work: Authentication on Server 2 not possible.
Although both servers are setup the same way (Virtual Servers) the only way is: we need to run Server 1 and stop Server 2
My question: Has anyone experiences with running more than one Management Server?
Hi Ragu Thanks for your help. Unfortunately doesn't help. When trying to logon the following message appears: Login failed. Signed subject authentication failure. Please contact your system administrator.
Hi Ragu Thank you for help. We made that hundert times, I opened a call at hp, no solution so far. hp said they don't have experiences with two managment servers. That's why I asked in this forum, somebody might have. Do you?
Have you exported the certificate to the secondary server?
Below is the process if you haven't
This problem occurs because the trusted certificate of the certificate server has not been exported to the secondary server.
To do this the following steps need to be taken:
1. On the primary server (the one running the certificate server) run the following command:
ovcert -exporttrusted -file c:\trusted.cert -ovrg server
(c:\trusted.cert is an example file name. You can choose any name.)
2. Transfer the file that is created (trusted.cert) to the secondary server (assuming it is put in c:\ again)
3. On the secondary server, stop all processes (ovc -stop)
4. On the secondary server, run the following command:
ovcert -importtrusted -file c:\trusted.cert
5. On the secondary server start the object server processes again (ovc -start).
If you now run the command ovcert -list on the secondary server it should show the trusted certificate that has been imported. Load balancing will work fine now if the primary server is used as the login server as well. To be able to use the secondary server as the login server, some additional steps need to be taken.
Only management servers that have a valid certificate installed can act as a login server. The previous steps installed a Trusted Certificate. However, if you run 'ovcert -list', it will show that the secondary server does not have a certificate of it's own. To obtain this, the certificate needs to be issued from the certificate server. These steps need to be taken:
1. On the Secondary server run:
This will return the coreid of the installed management server. Copy this id or write it down somewhere.
2. On the Certificate server (your Primary server) run the following command (make sure the certificate server is running):
Below is an example coming from a test environment:
ovcm -issue -file c:\cert -name ovtest.nld.hp.com -pass password -coreid e1966932-c832-7518-043c-e26554f88817 Copy the file that is created to the secondary server.
3. On the secondary server run the following command:
ovcert -importcert -file c:\cert -pass password
This will import the certificate into the Keystore of your secondary server (you can check using: ovcert -list). After you have done this you should be able to use the secondary server as a login server as well.