cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
551
Views
0
Helpful
5
Replies

migration LMS 3.1 to LMS 3.1 --- SSL issues

max12341234
Level 1
Level 1

Hi all,

I just performed a migration from one server to another (same version of OS, LMS, and application modules) After the restore, I ran hostnamechange.pl. The log files look clean and things seem to work OK.

Before the migration I loaded a 3rd party certificate to the new server and didn't have problems.

Problem: When I enable SSL via the GUI and restart the daemon manager, I can get to the first LMS web page (default Functional tab). The lock sign shows up properly. However, when I click on almost every link that is off of this page (such as Device Center), I get the following error:

__________________________________________________

Forbidden

You don't have permission to access /cwhp/device.center.do on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

_________________________________________________

Afterwards, I stopped the deamon, ran configssl.pl -disable, start daemon, etc. and the error goes away. However, now SSL is not enabled as desired. I was wondering if anyone knew why SSL can be enabled for the first page, and

why I would get the /cwhp/device.center.do on other pages? Does enabling SSL affect how the internal database is accessed?

Thanks!

--Max

5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

Go back to the CLI, and run ConfigSSL.pl -enable. That should resync SSL to the necessary places, and allow SSL to work throughout.

Hi jclarke,

Thanks for your quick reply. I tried that several times, but it did not fix the problem. I restarted the daemon manager, and I even rebooted.

I find it very unusual that the first page loads fine using SSL - green lock symbol, good cert, etc.. Then when I click on a link I get the "forbidden" error.

-Max

--Max

No, that is typical. Post a screenshot of your Services control panel showing all of the CiscoWorks services. Also, post the output of the command:

pdreg -l Apache

And the NMSROOT/lib/classpath/md.properties file.

Hi there,

I have exactly the same issue. Please let me know if you find a resolution

Hi All,

I was able to solve the problem by re-doing the order of the certificate installation.

I figured it would be too difficult to troubleshoot so I started over. The symtpoms were that I can get to all tabs, but when I clicked on a link (which caused a new browser window to pop up) I had the error.

I started with a fresh LMS 3.1 as my target server as before. However, this time I did not install a third-party cert. I followed the usual reload from backup and changename script. Then, after it was working with a self-signed cert, I added the third-part certificate. That worked!

--Max

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco