OpenManage Timeout – Possible SSL Issue After Updating to Version 9.2

I updated my server to OpenManage version 9.2 (from version 9.1 which was working fine), apparently with success. I can run the CLI commands without problems.

My problem is connecting to the OMSA site. I have tried different computers, different browsers (Chrome, Edge, Safari), from the server itself, and I always end up with a timeout connecting to the https://myserver:1311/ webpage.

I have uninstalled and reinstalled OMSA several times, with no luck.

The only slight improvement I've had is when modifying the tomcat server.xml config file: if I disable the SSLEnabled setting in the Connector then I do get the login screen, but I can't get past it. I enter the correct credentials, click Login, and then I get again in the Login screen. If I enter invalid credentials I get the expected "login failed" message (so I know the problem aren't the credentials). I'm guessing that internally this requieres the SSL to be working to get past the login.

This makes it clear that the issue is with the SSL connection. Trying to debug it with Fiddler I can see "A SSLv3-compatible ClientHello handshake was found" and the parameters. But it apparently… never finishes it?

I have removed the certificates (self signed) I found for the server on my computer, expecting Chrome to ask me to accept a new certificate, but no change whatsoever. I have already cleaned (Ctrl+Shift+Del) Chrome history/browsing data, with no luck.

I haven't tried reinstalling version 9.1 to see if anything changes, but I would really like to understand the problem before throwing the towel.

The server is running Windows 2016. The clients I have tried are Windows 10 and MacOS Mojave and the server itself. All the browsers I have tried are up to date.

Best Answer

After looking further into the tomcat logs, I found a message that said Keystore was tampered with or password was incorrect in the callstack of an error when trying to initialize the protocol handler. Something similar to what was mentioned here: https://www.dell.com/community/Systems-Management-General/OMSA-9-2-quot-Keystore-was-tampered-with-or-password-quot/td-p/6236906

After that I checked the keystore.db file in the tomcat conf folder and saw that it had a date that was previous to the other files in that folder.

During my uninstalls I noticed that somehow the changes I made to server.xml were persisted between installs, even if I used the OMCleanup tool to uninstall OMSA and deleted the folders. The only way I found to avoid this was deleting the server.xml file before uninstalling, so I did the same for the keystore.db file. I also restarted the server after the uninstall.

After that, reinstalled OMSA and now the keystore.db file had the same date as the other files (and it was after updated to today) and now I can use OMSA without problems.

Best Answer

Related Solutions

Windows – Is the password compromised because I forgot to hit Enter after ssh username

Centos – Can’t get to Dell OMSA webpage on the server

Related Topic