Там похоже что-то не особо относящееся к вашей проблеме:
Details
System Manager 6.x , 7.x and higher version.
Problem Clarification
(Alarm Name) : avAuraSysMgrTMUICertExpire , (Alarm String) : 11/20:51,ACT| avAuraSysMgrTMUICertExpire,RR-me-sm,10.10.4.12,websphere,TMA000056E,Certificate about to expire on remote element,MAJ
(Alarm Name) : avAuraSysMgrTMUICertExpire , (Alarm String) : 18/13:33,ACT|avAuraSysMgrTMUICertExpire,System
spiritalias,TMA000056E,Certificate about to expire on remote element
This alarm is valid in 6.2.x, may also appear in System Manager 6.3.x, and those that have been upgraded from earlier versions that are deploying Avaya Demo Certificates, or have had Demo Certificates added using the CertificateRenewalUtility_v2.bin, or loaded otherwise from the Session Managers.
Starting from Session Manager / System Manager 6.2 release, "Certificate about to expire on Remote Element " alarm (EventID: TMA000056E) alarms will be generated on System Manager web page Events --> Alarms.
This was not available in prior releases.
Certificate renewal alarm TMA000056E generated for Session Manager
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Example Logs: On some instances of SMGR version 6.3.7, the auto-renewal is not working although System Manager tries to renew successfully the ASM certificates:
/var/log/Avaya/mgmt/tm/tmAuditLog.log
<107>Mar 18 14:20:43 sydavasmgr01]: +11:00 2016 032 1 com.avaya.mgmt | 1 com.avaya.mgmt.trust.logging TMA000056E Certificate about to expire on remote element. Element Name : sydavasm02, Host : x.x.x.x, Certificate alias : mgmt
<110>Mar 18 14:20:43 sydavasmgr01]: +11:00 2016 274 1 com.avaya.mgmt | 0 Required access point found. Name = Session Manager TM Type = TrustManagement Protocol = jnpPort = 1299
<107>Mar 18 14:20:43 sydavasmgr01]: +11:00 2016 277 1 com.avaya.mgmt | 1 com.avaya.mgmt.trust.logging TMA000056E Certificate about to expire on remote element. Element Name : sydavasm02, Host : x.x.x.x, Certificate alias : websphere
<110>Mar 18 14:20:43 sydavasmgr01]: +11:00 2016 526 1 com.avaya.mgmt | 0 Required access point found. Name = Session Manager TM Type = TrustManagement Protocol = jnpPort = 1299
<107>Mar 18 14:20:43 sydavasmgr01]: +11:00 2016 528 1 com.avaya.mgmt | 1 com.avaya.mgmt.trust.logging TMA000056E Certificate about to expire on remote element. Element Name : sydavasm02, Host : x.x.x.x, Certificate alias : spiritalias
<110>Mar 18 14:26:46 sydavasmgr01: +11:00 2016 926 1 com.avaya.mgmt | 0 Renewing - spiritalias 2094145886 SPIRIT
<110>Mar 18 14:26:46 sydavasmgr01: +11:00 2016 930 1 com.avaya.mgmt | 0 Renewing certificate with CN=avaya.spirit.agent, key size=1024, key algorithm=RSA
<110>Mar 18 14:26:47 sydavasmgr01]: +11:00 2016 625 1 com.avaya.mgmt | 1 com.avaya.mgmt.trust.logging AUDTM004 Replace Signer Certificate
<110>Mar 18 14:26:47 sydavasmgr01]: +11:00 2016 628 1 com.avaya.mgmt | 0 Successfully renewed certificate : C=US, O=Avaya, CN=avaya.spirit.agent
<110>Mar 18 14:26:47 sydavasmgr01: +11:00 2016 631 1 com.avaya.mgmt | 0 Renewed - spiritalias 2094145886 SPIRIT
<110>Mar 18 14:27:34 sydavasmgr01: +11:00 2016 259 1 com.avaya.mgmt | 0 Renewing - websphere 1943824649 WebSphere
<110>Mar 18 14:27:34 sydavasmgr01: +11:00 2016 263 1 com.avaya.mgmt | 0 Renewing certificate with CN=xyz.ab, key size=1024, key algorithm=RSA
<110>Mar 18 14:27:34 sydavasmgr01]: +11:00 2016 764 1 com.avaya.mgmt | 1 com.avaya.mgmt.trust.logging AUDTM004 Replace Signer Certificate
<110>Mar 18 14:27:34 sydavasmgr01]: +11:00 2016 767 1 com.avaya.mgmt | 0 Successfully renewed certificate : C=US, O=Avaya, CN=xyz.ab
<110>Mar 18 14:27:34 sydavasmgr01: +11:00 2016 770 1 com.avaya.mgmt | 0 Renewed - websphere 1943824649 WebSphere
<110>Mar 18 14:27:55 sydavasmgr01: +11:00 2016 857 1 com.avaya.mgmt | 0 Renewing - mgmt 174960651 Management
<110>Mar 18 14:27:55 sydavasmgr01: +11:00 2016 861 1 com.avaya.mgmt | 0 Renewing certificate with CN=xyz.ab, key size=1024, key algorithm=RSA
Issues with Auto-Renew of certificates.
Cause
Product is functioning as its designed.
This is a warning message as indication for the certificate expiry.
The warning occurs 60 days prior to expiry
Solution
An alarm is raised on the System Manager web page --> Events --> Alarms page, if any of the Session Manager certificates are about to expire. Typically 60 days prior to expiration.
Refer to the PSN3909 https://downloads.avaya.com/css/P8/documents/100169323 for Session Manager 6.2 release to fix (Only if the certificates are not yet expired)
As mentioned in the PSN, this is NOT Service Affecting.
If the Session Manager was upgraded from the previous releases (6.0, 5.2 etc), then the SM instance in :
System Manager Web page --> Inventory --> Managed Elements
The SM instances are automatically added if the system was newly installed. In this case, if you find the SM Instances are not available in the Managed Elements page then we can manually add it.
Press the "New" button and Select the "Type" as Session Manager from the drop down menu.
Enter the Session Manager hostname as the given Name and Session Manager's Management IP address in the Node field.
In "Access Point" field, select "Session Manager" and click on Edit. Type the Session Manager Management IP address in the "Host" field leaving all other fields unchanged. Press Save button on "Access Point Details" and click on Commit.
Perform the above steps from 1 to 3 for all of the available Session Managers. This is NOT Service Affecting. After completing this, follow the PSN given above.
Please Note: The latest Service Patch for your release resolves the majority of issues preventing auto-renewal.
Additional Note: If the ASM Element is not showing managed by SMGR the ASM may need to be rebooted so that it can accept and activate the new certificates. Run the Session Manager validate can also confirm the certificate status.
1.) Deny New Service on the relevant ASM on the SMGR GUI
2.) Reboot the ASM via the SMGR GUI
3.) If necessary Allow New Service after the ASM comes back up from the reboot.
Check below PSN.
https://support.avaya.com/css/P8/documents/100159923
For System Manager Alarm- Certificate about to expire on remote element, please Run the Certificateutility.bin to renew the expired certificate.
Certificateutility.bin Script will renew all the certificate.
To renew your certificates on ASM 6.3.x
1. Access the session manager CLI VIA the cust account.
2. Ensure that you are ready to have service down on that session manager for ~10 to 15 minutes.
3. Run the following command: initTM -f (if any 3rd party certifiates installed, after the command, 3rd party cert need reload, so dont need run initTM -f, but just restart the application like in CLI of session manager restart -all )
4. After the command is completed, verify certificates have updated on SMGR through
Inventory>Manage Elements>[SM]>View Identity Certificates
Attachment Description
Run Certificate renewable utility downloaded from Support.avaya.com
|
