PM 12.31 Proxy Mode

Hello,

 

I tried to setup a PM proxy node and get an error when I try to create the certificate

 

"C:\Program Files (x86)\F-Secure\Management Server 5\bin>fspmp-enroll-tls-certificate.bat apwienet05.wienet.ads
Enter Policy Manager user to authorize certificate enrollment: admin
Enter password:
Error: error creating bean with name 'trustedCertificatesService' defined in com.fsecure.fspms.certenroll.EnrollmentToolConfig: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.fsecure.fspms.proxy.TrustedCertificatesService]: Factory method 'trustedCertificatesService' threw exception; nested exception is java.io.UncheckedIOException: java.net.UnknownHostException: spwienet05.wienet.ads"

 

I used the admin account and the password of the central management server.

Registry settings and all the other things mentioned in https://community.f-secure.com/t5/Business/Setting-up-Policy-Manager-as/ta-p/91824 are done

Best Answer

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee
    Accepted Answer

    Hello ChinaDragon,

    As I see you have specified argument for the fspmp-enroll-tls-certificate.bat, but it does not need any. It reads data from additional_java_args. According to exception, you've specified spwienet05.wienet.ads in the upstreamPmHost property, but use apwienet05.wienet.ads as an argument. Please check the address in additional_java_args and try again.

    Laksh

Comments

  • ok .. it was a long night yesterday ...setting up this new server in Denmark ;-)

     

    Certificate is enrolled now ... I think I'll go home soon and will get some sleep ...

    A-Grinkevitch
  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    > PM 12.32

     

    Is it possible to download that special product version? I would like to upgrade my PM 12.31 server, but cannot find the package anywhere on F-Secure's website...

     

    Thanks in advance, BR: Tamas Feher, Hungary.

    Ben
  • it is no extra package ... just install the normal policy manager 12.31 without console and follow the posted instructions

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Hello etomcat,

     

    12.32 was not ever released. 12.31 is the latest one, but it has one hotfix package... Probably, that was called 12.32, or yet another side effect of ChinaDragon's long night :)

    Ben
  • Smiley Happy yes sorry - I changed the subject already Smiley Happy

     

    Benetomcat
  • foxfox Posts: 20

    I tried to install 12.40 proxy as instructed in https://community.f-secure.com/t5/Business/Setting-up-Policy-Manager-as/ta-p/91824, but got problems when running script:

     

    fspmp-enroll-tls-certificate.bat
    Policy Manager Server is not configured to run as a proxy.

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Hello fox,

    What are the additional_java_args you've specified at step 5? Seems some of them are missing.

  • foxfox Posts: 20

    -DupstreamPmHost=x.x.x.x -DupstreamPmPort=443 -DadminPubLocation="C:\Program Files (x86)\F-Secure\Management Server 5\data\admin.pub"

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Thanks, seems your args are correct ones.

    BTW, do you specify these args and run fspmp-enroll-tls-certificate.bat at the host intended to run as proxy? You should run it there, but not at the Master Policy Manager host...

  • foxfox Posts: 20

    I specify these args and run fspmp-enroll-tls-certificate.bat at the host intended to run as proxy.

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Could you please collect fsdiag from both master PM and proxy node. There is "F-Secure Support Tool" link in the F-Secure Policy Manger start menu group. Please use this tool to gather fsdiags and forward them via F-Secure Support to dev teams.

    TIA

This discussion has been closed.