IBM Support

IT08464: LOCAL SRA INSTALL FAILS - CERT INCLUDED IN SRA IMAGE DOESN'T MATCH SERVER-DEPLOYED-SRA CERT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • The TPC server upgraded from 5.2.1 or earlier is using 1024-bit
certificates.  Newer versions of TPC distribute 2048-bit default
certificates, including in the local SRA installation image.
Using mismatched certificates will cause the local SRA upgrade
to fail.

AGT0466I Cannot connect to TPC Server.
5 possible reasons:
1. Server IP(s) cannot be resolved
2. TPC Data Server port number 9549 incorrect
3. TPC Data Server not running
4. Certificates on the TPC Data Server and agent do not
match&mgsnl;
5. Firewall blocks communication
AGT0384E Install failed, return code 118

If you are affected by this and need assistance to resolve,
contact IBM Support.

Local fix

  • The certificates in the SRA local install image will need to be
manually replaced with the existing 1024-bit certificates from
the TPC server located under <TPC install
location>/data/sra/<platform>/certs."

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* TPC 5.2.2 and higher users who have upgrade from a previous  *
* TPC version and are attempting to install the 5.2.2 and      *
* higher Storage Resource agents using the command line        *
* installation procedure from the installation image with the  *
* local CLI.                                                   *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* A new installation of Tivoli Storage Productivity Center     *
* V5.2.2 or later uses SSL certificates with a 2048-bit key.   *
* However, if the server was upgraded from an earlier version  *
* to V5.2.2 or later, then the server still uses certificates  *
* with a 1024-bit key. If you install V5.2.2 or later Storage  *
* Resource agents using the command line installation          *
* procedure from the installation image, and point those       *
* agents to an upgraded server, the agent installation will    *
* fail due to a certificate mismatch.                          *
****************************************************************
* RECOMMENDATION:                                              *
* Follow the manual procedure listed in here and in the        *
* limitations and known issues document to install the Storage *
* Resource agent in this scenario.  No fix will be provided.   *
****************************************************************

Problem conclusion

  • To install V5.2.2 or later Storage Resource agents using the
local command line, the 2048-bit certificates in the install
image on the agent system must be replaced with 1024-bit
certificates using the following steps.

Restriction: This process assumes that the Storage Resource
agent disk image can be modified. If you are installing from a
DVD, you must copy the installation files to a location where
you have write access before you implement the following steps.

1. Copy
<TPC_installation_directory>/data/sra/<agent_operating_system>/c
erts.zip from the upgraded Tivoli Storage Productivity Center
server to
<SRA_image_install_directory>/sra/<agent_operating_system> on
the agent system.

2. Extract the zip file to
<SRA_image_install_directory>/sra/<agent_operating_system>/certs
.

Note: <SRA_image_install_directory> is the directory where the
Storage Resource agent image was extracted.
<agent_operating_system> is the directory that is named for the
operating system where the agent is installed.

3. Install the Storage Resource agent with the appropriate
option.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT08464
    • 

  • Reported component name
    TPC
    • 

  • Reported component ID
    5608TPC00
    • 

  • Reported release
    525
    • 

  • Status
    CLOSED  PRS
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-04-22
    • 

  • Closed date
    2015-04-23
    • 

  • Last modified date
    2015-04-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • INSTALL

    



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS5R93","label":"IBM Spectrum Control"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"525","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            22 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback