Visitors

EMC Ionix UIM/P: UCS Discovery Failed. Replace expired UCS certificate.

Cisco UCS Manager certificate expired and we had to re-generate it. See my ‘HOW TO: Regenerate expired UCS Manager certificate‘ blog post for details.

How to replace UCS certificate that was imported into UIM/P?

Well, in UIM/P 3.2 it is dead easy:

 cd /opt/ionix-uim/tools
 ./importUcsCertificate.pl

enter UCS IP address and UIM/P will do the rest. See full output on the “Install and configure EMC UIM/P” blog post, step 8.4.2.

As one of my UIM/P’s is still on 3.1.1, I had to upload new UCSM certificate and install it again:

Upload new UCM certificate to ‘/opt/ionix-uim/conf/CA’ folder and run the following command:

vim001:/opt/ionix-uim/conf/CA # openssl x509 -inform DER -in DC1-VFC01.der -out DC1-VFC01.crt
vim001:/opt/ionix-uim/conf/CA # ./cert_hash.pl
Installing:DC1-VFC01.crt....
Installing:UCSM.crt....
Installing:voyenceca.crt....

You must now restart device services to reload the certificate cache.
Please make sure there are no provisioning or other tasks running and
then issue this command:
service uim-device-services restart

vim001:/opt/ionix-uim/conf/CA #  service uim-device-services restart
Stopping uim-device-services                                done
Starting uim-device-services
Device Master Service started
Device Service started                                      done

I tried to discover Vblock in UIM/P but it failed:

UCS discovery - failed

I noticed that two things were not just right. First, UCS software version was not correct. Since this Vblock was discovered, we upgraded USC Manager to 2.0(4b) in line with VCE Support Matrix 3.0.8. and the second is that both, old and new certificates were imported:

vim001:/opt/ionix-uim/conf/CA # ./cert_hash.pl
Installing:DC1-VFC01.crt....       - new certificate
Installing:UCSM.crt....         - old certificate

Here is the content of ‘/opt/ionix-uim/conf/CA’ folder – both certificates are still there:
UIM-P UCSM certificates

The solution is simple – delete old certificate from ‘/opt/ionix-uim/conf/CA’ and run ‘./cert_hash.pl’ again:
UPDATE courtesy of Ziggy: Sometimes it might be necessary to delete *.0 files as well.

pdc1vim001:/opt/ionix-uim/conf/CA # ./cert_hash.pl
Installing:DC1-VFC01.crt....
Installing:voyenceca.crt....

You must now restart device services to reload the certificate cache.
Please make sure there are no provisioning or other tasks running and
then issue this command:
service uim-device-services restart

pdc1vim001:/opt/ionix-uim/conf/CA # service uim-device-services restart
Stopping uim-device-services                                done
Starting uim-device-services
Device Master Service started
Device Service started                                      done

Vblock discovery was successful and the UCS OS version is correct as well:

UCS discovery - succeeded

Hope this will help.

7 comments to EMC Ionix UIM/P: UCS Discovery Failed. Replace expired UCS certificate.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>