Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
When the Host Name and/or IP address of the Change Guardian server is changed, all the existing agents and CAM would fail to communicate and forward events to Change Guardian server.
Even the new Agents deployment also will fail because of the old certificates i.e., already generated certificate with the older Host Name and/or IP Address
Bug 1144949 - 101235341451 : CG Server IP and domain changed all certs are using the wrong information
The core problem here is CAM and Agents will not have any knowledge about the Change Guardian Server's new Host Name and/or IP Address so they will still try to communicate to the old Host Name and/or IP Address only.
Even after updating the new Host Name and/or IP Address in the CAM's configuration, it will still fail to communicate with the CG Server because all the client certificates are generated with the old Host Name and/or IP Address.
Below steps helps to solve the Host Name and/or IP Address change issue
Edit the following files to update the new Host Name and/or IP Address
Windows: Update the new Host Name or IP Address:
"hostLocator" registry key located @ path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NetIQ\ChanageGuardianAGent\IQRM
"amsHost" registry key located @ path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NetIQ\ClientAgentManager\
CAM's log file should show the following message with the New Host Name or IP Address
CAM's log
Linux /usr/netiq/cam/log/nq_cam.log
Windows C:\ProgramData\NetIQ\ClientAgentManager
In the log you will see the following message
"The active root address is now <New_Host_Name/IP>:<Port>"
Execute configure_cg.sh script from /opt/novell/sentinel/setup folder to reconfigure CG Server with the new Host Name and IP Address
Note
No need to change anything, just the default values or the existing parameters are fine
ams-cert.pem, ams-pk.pem, ams-pk.pem.pass
javos-cert.pem, javos-pk.pem, javos-pk.pem.pass
Change directory to /opt/netiq/cgutils/bin and execute the following command
Reconfigure AMS profile
Change directory to /opt/netiq/ams/ams/security/profiles
Take a backup of 'profile_ams' file
Change directory to '/opt/netiq/ams/ams/security/profiles/profile_ams'
Delete ams-cert.pem, ams-pk.pem.pass & ams-pk.pem.pass
Change directory to /opt/netiq/ams/ams/bin
Execute the below command to regenerate the AMS profile
./ams_cert_setup.sh --setup --force
Enable AMS profile by executing the following command
./ams_cert_setup.sh --enable --profile=profile_ams
Reconfigure Javos profile
Change directory to /opt/netiq/cg/javos/security/profiles
Take backup of profile_javos
Change directory to /opt/netiq/cg/javos/security/profiles/profile_javos
Detele javos-cert.pem javos-pk.pem javos-pk.pem.pass files
Change direcotory to "/opt/netiq/cg/javos/bin" and execute the below command to regenerate Javos profile
Enable Javos profle by executing the below command
./javos_cert_setup.sh --enable --profile=profile_javos
Restart assets service using the below command that regenerates the default agent configurations
/etc/init.d/nq_assets restart