migration LMS 3.1 to LMS 3.1 --- SSL issues

Unanswered Question
Sep 2nd, 2009
User Badges:

Hi all,


I just performed a migration from one server to another (same version of OS, LMS, and application modules) After the restore, I ran hostnamechange.pl. The log files look clean and things seem to work OK.


Before the migration I loaded a 3rd party certificate to the new server and didn't have problems.


Problem: When I enable SSL via the GUI and restart the daemon manager, I can get to the first LMS web page (default Functional tab). The lock sign shows up properly. However, when I click on almost every link that is off of this page (such as Device Center), I get the following error:


__________________________________________________

Forbidden

You don't have permission to access /cwhp/device.center.do on this server.


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

_________________________________________________




Afterwards, I stopped the deamon, ran configssl.pl -disable, start daemon, etc. and the error goes away. However, now SSL is not enabled as desired. I was wondering if anyone knew why SSL can be enabled for the first page, and


why I would get the /cwhp/device.center.do on other pages? Does enabling SSL affect how the internal database is accessed?


Thanks!

--Max

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 09/02/2009 - 08:52
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Go back to the CLI, and run ConfigSSL.pl -enable. That should resync SSL to the necessary places, and allow SSL to work throughout.

max12341234 Thu, 09/03/2009 - 04:19
User Badges:

Hi jclarke,


Thanks for your quick reply. I tried that several times, but it did not fix the problem. I restarted the daemon manager, and I even rebooted.


I find it very unusual that the first page loads fine using SSL - green lock symbol, good cert, etc.. Then when I click on a link I get the "forbidden" error.


-Max


--Max

Joe Clarke Thu, 09/03/2009 - 10:04
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, that is typical. Post a screenshot of your Services control panel showing all of the CiscoWorks services. Also, post the output of the command:


pdreg -l Apache


And the NMSROOT/lib/classpath/md.properties file.

Joan Pelser Fri, 09/04/2009 - 00:47
User Badges:

Hi there,

I have exactly the same issue. Please let me know if you find a resolution

max12341234 Thu, 09/10/2009 - 03:20
User Badges:

Hi All,


I was able to solve the problem by re-doing the order of the certificate installation.


I figured it would be too difficult to troubleshoot so I started over. The symtpoms were that I can get to all tabs, but when I clicked on a link (which caused a new browser window to pop up) I had the error.


I started with a fresh LMS 3.1 as my target server as before. However, this time I did not install a third-party cert. I followed the usual reload from backup and changename script. Then, after it was working with a self-signed cert, I added the third-part certificate. That worked!


--Max

Actions

This Discussion