Was anybody able to get 2 Management Servers working together with SD 5? As soon as we enable the second management server we get the following error message:
"Login failed. signed subject authentication failure"
In the log file I have this entry:
Apr 11, 2006 3:25:12 PM;48;13;com.hp.ov.sec.login.common.SignedSubject;isValid;com.hp.ov.sec.login.common.SignedSubject;SEVERE;Error verifying the subject due to exception: class com.hp.ov.sec.core.MessageSignatureException: Failed to create MessageVerifier..
As soon as I stop all services on the second management server it works again.
I had similar problems. You may want to disable certain components on one of the management console. In the guide, it mentioned for some components like reporting, slm, & etc, you only need it on on management console for the whole environment. Work out what components you want loaded on which management consoles and avoid conflicts between them.
I was setting another server for load balancing and noticed something in the installation process.
When setting the 2nd server, choose the Secondary server option which will not create a new database and use existing database. It will also not install the OV certificate server module (ovcs).
Also, if you have old crappy hardware like mine, during the starup some module may timeout and not installed. This can be fix by starting those module manually. In a dos box, type ovc and see which module is aboprted or stopped and type eg. ovc -start ovloginsv to start it up. Note: some module are dependent on others modules to be up first.
You are right, I do get the "Login failed. signed subject authentication failure". I had assume some of the process on the 2nd box is timing out and some dependencies cannot not occur. So I normally, just start the dependencies process first and both boexes will work then. Eg like get the tomcat and apache running before ovobs and etc etc.
We found the solution for our problem. Well, actually HP did.
We did the following: 1. On the primary server (the one running the certificate server): run the following command:
ovcert -exporttrusted -file c:\trusted.cert -ovrg server
(c:\trusted.cert is just a file name, you can choose any)
2. Transfer the file that is created (trusted.cert) to the secondary server (I assume it is put in c:\ again)
3. On the secondary server: stop all processes (ovc -stop)
4. On the secondary server: run the following command:
ovcert -importtrusted -file c:\trusted.cert
5. On the secondary server: start the object server processes again (ovc -start)
If you now run the command ovcert -list on the secondary server it should show the trusted certificate that has been imported. Please test the ovconsole loadbalancing after this change has been applied and let me know the results.