DX Unified Infrastructure Management

  • Private Community

  • 1.  Illegal SID

    Posted Sep 25, 2017 11:58 AM

    When trying to open a probe on a robot based server (linux) from my hub server I get the message 'Illegal SID - You must login to the appropriate domain to access the probe'.

     

    I found details on the community page for TEC000002804 but that made no difference. What I did find was that in the hub log that there is a message of;

    'SID is issued to another IP (sid=10.100.129.10 [list=|10.100.129.20|] req=10.100.124.53)' 

    The hub IP is the 10.100.129.10, i am assuming this message is saying that the SID is with 10.100.124.53?

     

    Any thoughts would be appreciated.

     

    Thank you



  • 2.  Re: Illegal SID

    Posted Sep 25, 2017 04:07 PM

    Hello,

     

    This error indicates a problem with security settings.  Follow these steps to synchrnize security files between the tunnel server and tunnel client.

    1. Stop the Nimsoft service on the tunnel server
    2. Go to $NIMROOT\hub folder (where $NIMROOT=Nimsoft install location)
    3. Delete all files named security prefix (security.cfg, security.dat, security.bak)
    4. Start the Nimsoft service on the tunnel server
    To check if security.cfg file has been synced up, you can do one/both of the following:
    1. In Infrastructure Manager click on Nimsoft domain in the left navigation area and check under Security column on the right hand.  The value for your hub should be Enabled.
    2. Check the version value in security.cfg file on new hub.It should be the same version number as can be found in security.cfg on the existing/primary hub.
    You may also need to do the following:
    1. Un-checking “Disable IP Validation” in hub GUI on tunnel server
    2. Using hub probe call back “hubsec_setup_put” on tunnel server add “ignore_ip = yes” (key=ignore_ip , value=yes)
    3. On tunnel client's hub.cfg, add “check_cn = no” under tunnel entry or using hub GUI un-check “Check Server common name” in tunnel client entry

    Verify the above setting by using " hubsec_setup_get" callback with key as ignore_ip



  • 3.  Re: Illegal SID

    Posted Sep 26, 2017 03:54 AM

    Thank you for the response, I had tried all of those things except changing "key=ignore_ip" which I did and it fixed the issue.

     

    Thank you for the responses



  • 4.  Re: Illegal SID
    Best Answer

    Broadcom Employee
    Posted Sep 25, 2017 09:33 PM

    Hello hazard

     

    Also check /etc/hosts in linux server for name ip resolution

     

    Setup tunnels between hubs and disable ip validation on this hub

     

    Check in robot.cfg, robotip and robotip_alias are correctly set if there is a NAT between hub and this robot on Linux server since this error is from hub

     

    https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/controller/controller-im-configuration#controllerIMConfiguration-NAT