Session Manager Security Module 1

[FreD_WriteR]

Problem with Session Manager Security Module.
Security Module status - Down. And the eth2 interface does not ping. I installed Session Manager from two disks: linux for ASM and ASM-installer. When I installed the first disk, I immediately configured the interfaces and checked the ping. All ip pinged. After installing ASM-installer, SMGR and other hosts from the subnet stopped pinging Security Module - eth2. This is fine? Another problem - InitTM and initDRS are not executed, an error occurs:

Register replica node with System Manager DRS master failed.
Thu Nov 18 20:13:15 VLAT 2021: Failed to initialize DRS.

I think because the Security Module is not pinged.

swversion:
ASM:

Avaya Aura Session Manager Software Version Inventory

                   Release: 6.3.2.0.632023
           Call Processing: 6.3.2.0.632023
                Management: 6.3.2.0.632023
                  SM Tools: 6.3.2.0.632023
                       DRS: 6.3.2.0.632023
                       CDR: 6.3.2.0.632023
                       NCS: 7.65.04
           Security Module: 6.3.2.0.632003
                     nginx: 1.2.0
                  Firewall: 6.3.2.0.632003
              WebSphere AS: 8.0.0.5
                 SAL Agent: 6.3.2.4
                        OS: Enterprise Linux Server release 6.2 (May 15 2:10:59 MDT 2013)

SMGR:

************************************************ 
System Manager - Software Information
************************************************ 

===== Software Update Revision: 6.3.0.8.923 =====

System Manager 6.3.8.0 Build Number 6.3.0.8.5682
Patch 6.3.8.818 Build Number 6.3.0.8.923

Quantum 3.1.8-SNAPSHOT(6135) 3.1.8.0 Build Number 6.3.0.8.5682
Communication Server 1000 1.0.2.0 Build Number 1.0-SNAPSHOT-8665
Patch 1.0.2.1 Build Number 6.3.0.8.923

MMCS 6.3.8.0 Build Number 6.3.0.8.1
Communication System Management 6.3.8.0 Build Number 6.3.8.0.4379
Patch 6.3.8.6308003 Build Number 6.3.0.8.923

Messaging 6.3.8.0 Build Number 6.3.8.0.1794
Patch 6.3.8.6308001 Build Number 6.3.0.8.923

Device Inventory 6.3.8.0 Build Number 6.3.8.0.1833
Patch 6.3.8.6308001 Build Number 6.3.0.8.923

B5800 Branch Gateway 6.3.8.0 Build Number 6.3.8.0.2376
Upgrade Manager 6.3.8.0 Build Number 6.3.8.0.2148
Patch 6.3.8.6308001 Build Number 6.3.0.8.923

Session Manager Element Manager 6.3.0.0 Build Number 6.3.0.0.630002
Patch 6.3.0.630024 Build Number 6.3.0.8.923

Conferencing 6.3.107.0 Build Number 6.3.0.0.107
Presence Extensions 6.3.8.0 Build Number 6.3.0.0.0800

************************************************ 
Operating System Information
************************************************ 
CentOS release 5.6 (Final)
Linux smgr.eao.ru 2.6.18-308.13.1.el5xen #1 SMP Tue Aug 21 17:51:21 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux

************************************************ 
JAVA Version
************************************************ 
java version "1.6.0_33"
Java(TM) SE Runtime Environment (build 1.6.0_33-b04)
Java HotSpot(TM) 64-Bit Server VM (build 20.8-b03, mixed mode)

hosts files:
ASM:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.11.13.5     services-laptop
10.31.200.50	SM1 GMI-SM1.global2.avaya.com GMI-SM1 ASM
192.11.13.17	smgr.slu.com AsmSysMgr
10.31.200.82	smgr.slu.com smgr AsmSysMgr GMI-SP4-SMGR.global2.avaya.com GMI-SP4-SMGR

SMGR:

[admin@smgr ~]$ cat /etc/hosts
127.0.0.1		localhost.localdomain localhost
10.31.200.82		smgr.slu.com smgr AsmSysMgr GMI-SP4-SMGR.global2.avaya.com GMI-SP4-SMGR
::1			localhost6.localdomain6 localhost6
10.31.200.50		SM1 GMI-SM1.global2.avaya.com GMI-SM1 ASM

SMGR Sertificate:

[root@smgr ~]# openssl x509 -text -in /var/lib/pgsql/data/server.crt|grep "Not After"
            Not After : Oct 21 06:19:08 2023 GMT

 

[avayaguy23]

does your date/time match on system and session manager? If they do not match you will have issues

 

[FreD_WriteR]

Date/time match. Security Module should respond to ping?

 

[avayaguy23]

sounds like you don't have your element session manager config correct. Management Access Point Host Name/IP and your Security module SIP Entity IP Address need to properly set. Not sure how you are deploying SM/SMGR but you might wanna check the server to make sure you are using the correct ports on the server.

 

[FreD_WriteR]

in Home/Elements/Routing/SIP Entities you need to specify the security module ip address. The installation manual say this is the eth2 interface of the Session Manager. On eth2, my ip address is 10.31.200.52. I indicated it in SIP Entities. Access Point Host Name/IP - SM1/10.31.200.50. They are also listed in the hosts ASM and SMGR files. By the name SM1, ASM responds to ping from SMGR.

[root @ smgr ~] # ping SM1
PING SM1 (10.31.200.50) 56 (84) bytes of data.
64 bytes from SM1 (10.31.200.50): icmp_seq = 1 ttl = 64 time = 0.147 ms
64 bytes from SM1 (10.31.200.50): icmp_seq = 2 ttl = 64 time = 0.141 ms
64 bytes from SM1 (10.31.200.50): icmp_seq = 3 ttl = 64 time = 0.154 ms
64 bytes from SM1 (10.31.200.50): icmp_seq = 4 ttl = 64 time = 0.138 ms

ifcfg-eth2 ASM file

[cust @ SM1 ~] $ cat / etc / sysconfig / network-scripts / ifcfg-eth2
DEVICE = "eth2"
NM_CONTROLLED = no
ONBOOT = "yes"
IPADDR = "10.31.200.52"
GATEWAY = "10.31.200.1"
NETMASK = "255.255.255.0"

ping ip Security Module:

[root@smgr ~]# ping 10.31.200.52
PING 10.31.200.52 (10.31.200.52) 56(84) bytes of data.
From 10.31.200.82 icmp_seq=1 Destination Host Unreachable
From 10.31.200.82 icmp_seq=2 Destination Host Unreachable
From 10.31.200.82 icmp_seq=3 Destination Host Unreachable

--- 10.31.200.52 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4016ms
, pipe 3

Can you please tell me what I'm missing?

PS
By the way, my data replication also signals red x. This is due to the fact that initTM and initDRS do not work.

 

[avayaguy23]

well if initTM and initDRS does not work then that is the problem. When you are running initTM did you set your enrollment password on system manager before hand? If you have an invalid or expired enrollment password that is probably the problem.

 

[FreD_WriteR]

Enrollment password right and not expired, but the error is different:

Register replica node with System Manager DRS master failed.
Thu Nov 18 20:13:15 VLAT 2021: Failed to initialize DRS.

I wrote about this in the first post. Doesn't get to the prompt for a Enrollment password.

 

[bignose21]

initTM -f

 

[FreD_WriteR]

initTM -f - same error.

 

[avayaguy23]

Are you using a 3rd party certificate? Couldn't tell if openssl x509 -text -in /var/lib/pgsql/data/server.crt|grep "Not After"
Not After : Oct 21 06:19:08 2023 GMT meant you were using system manager or 3rd party.

 

[FreD_WriteR]

I have completed the renewal of the certificate using this instruction:
[link ]

https://support.avaya.com/ext/index?page=content&id=SOLN224890

[/url]

 

[kyle555]

can you ping the SMGR FQDN from SM?

 

[FreD_WriteR]

Сan you ping the SMGR FQDN from SM?

Yes.

 

[bignose21]

Odd as it should have prompted for the Enrolment password when yo added the force switch

 

[FreD_WriteR]

SMnetSetup prompted for a password to register after I entered the SMGR ip address.

 

[bignose21]

Its been a while but you used to be able to rename or remove the trust file if you have root its like below or similar depending on the release

/opt/Avaya/jboss-6.1.0.Final/server/mgmt/conf/tm/TMClientInv.xml

Then initTM should definitely go from default

 

[FreD_WriteR]

Thank you very much bignose21 and the rest for the answers, I will try to remove, unsubscribe about the result.

 

[kyle555]

Maybe the JBOSS app security certificate is expired.

Why are you trying 6.3.2 anyway? Are you replacing a dead system?

What happens if you just turn the clocks back on both to 2015 and renew the SMGR certs and try again?

There might be some deep baked in cert for SM that expired. Had a helluva time reinstalling a Midsize Enterprise 6.2 in the last couple of years beacuse of that

 

[G van Hamburg]

And I think these old versions needed to match 100%. So SMGR 6.3.2 with SM 6.3.2.

Freelance Certified Avaya Aura Engineer

 

[FreD_WriteR]

Avaya Knowledge has a solution to my problem and it says System Manager MUST be equal to or higher version than Session Manager.
Avaya Knowledge
I have met this condition, but I want to try updating the Session Manager. I don't have access to asm-6.3.8.0.638018-installer.iso on Avaya Support and no PLDS, but I have a list of activation codes for our PBX. What should be done with these codes? Can I use them to access PLDS? I have a bunch of Avaya software DVDs, but asm-6.3.8.0.638018-installer.iso is not among them.