Rolling back to SSL configuration

By default, TrueSight Infrastructure Management and its associated components use Transport Layer Security (TLS) versions earlier than TLS 1.2 to communicate with each other. BMC provides an option to upgrade the security in your enterprise environment by using TLS 1.2 to communicate with TrueSight Infrastructure Management components. If you have configured the system to be TLS 1.2 compliant and subsequently want to roll back to the default configuration the following section guides you to achieve the same. 

There are different communication channels established between the components of the TrueSight Infrastructure Management components. Perform the roll back operations per communication channel. Select the communication channel which you want to roll back and perform the tasks accordingly. To roll back to default configuration, complete the procedures by navigating the following tabs. The following table lists the abbreviations and their definitions used in the tabs.

AbbreviationDefinition
TSIMTrueSight Infrastructure Management
TSPSTrueSight Presentation Server
ISTrueSight Integration Service
PABMC PATROL Agent
IIWSBMC Impact Integration Web Services
PSBMC Publishing Server


Perform the following steps to roll back the Infrastructure Management Server to the Presentation Server communication to default configuration:

To configure the Presentation Server

  1. Navigate to the <Presentation Server Install Directory>\truesightpserver\bin directory, and run the following command to check whether the TrueSight Presentation Server is running. 

    tssh.bat server status

    Note

    Ensure that the TrueSight Presentation Server is running before proceeding further.

  2. Log on to the TrueSight console and select Administration> Components.

    Displays the components that are registered with the Presentation Server. Ensure that no TrueSight Infrastructure Management Server is registered with the TrueSight Presentation Server. If a TrueSight Infrastructure Management Server is registered delete the same. For more information, see To delete a component

  3. Set the property in the database by running the following command:

    tssh.bat properties set tsps.cell.conntype tcp
    tssh.bat properties set pronet.jms.conntype tcp
  4. Using a text editor, open mcell.dir file located in <Presentation Server Install Directory>\conf directory.

  5. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                              <name>             encryption key           <host>/<port>
    #gateway.gateway_subtype	   ts_event_gateway	           *TLS	               localhost:1900
    #cell                         pncell_tsim_server1          *TLS            tsim_server1.bmc.com:1828   
  6. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key         <host>/<port>
    gateway.gateway_subtype	     ts_event_gateway	        mc	               localhost:1900
    cell                         pncell_tsim_server1        mc            tsim_server1.bmc.com:1828   

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • Replace the localhostbythe computer name on which the Presentation Server is running
    • tsim_server1 is the name of TrueSight Infrastructure Management Server registered with the TrueSight Presentation Server. If there are multiple Infrastructure Management Server entries in the mcell.dir file, change the encryption key to mc for all such entries.
  7. Save and close the file.

  8. Stop the Presentation Server by running the following command:

    tssh.bat server stop

To configure the Infrastructure Management Server

  1. Navigate to the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory location.

  2. Open the tcp.activemq-rar.rar file and extract the amq-broker-config.xml file.

  3. Take a backup of the amq-broker-config.xml file.
  4. In the amq-broker-config.xml file, update the URI attribute of transportConnector property to the new port number as shown in the following example:

    Note

    In the preceding example the port number is set to 8093. If you are using a different port, then set the port number accordingly.

  5. After the change, save the amq-broker-config.xml file and add it to the tcp.activemq-rar.rar file in the <Infrastructure Management Server Install Directory>\pw\wildfly\store directory again.

  6. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory by running the following command:

    # Microsoft Windows operating system 
    $cd <Infrastructure Management Server Install Directory>\pw\pronto\bin 
    # Unix operating system 
    $cd <Infrastructure Management Server Install Directory>/pw/pronto/bin


  7. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:

    #Syntax perl switchTLSMode.pl -<on/off> -flow <communication channel> -tsps <TrueSight Presentation Server name> 
    
    #Example
    perl switchTLSMode.pl -off -flow event_and_data -tsps myserver.bmc.com

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • -on/off: off option disables TLS configuration and enables the defaulttcp/ssl configuration.
    • -flow: If the flow is set to event_and_data, the Infrastructure Management Server to Presentation Server is communication channel is selected.
    • TrueSight Presentation Server name: This is the fully qualified domain name (FQDN) of the computer where the Presentation Server is installed.

    • -h: This is an optional parameter, it displays the help for the the switchTLSMode.pl command

To start the servers

  1. Start the Presentation Server by running the following command:

    tssh.bat server start
  2. Start the Infrastructure Management Server by running the following command:

    pw system start

To register the Infrastructure Management Server with the Presentation Server

  1. Ensure that all the processes of the Infrastructure Management Server are up by running the following command:

    pw p l
  2. Register the Infrastructure Management Server with the Presentation Server. For more information, see Registering the component products with the Presentation Server .

Perform the following steps to roll back the Integration Service to Infrastructure Management Server communication todefaultconfiguration. Select the steps based on the type of the Integration Service.

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the conntype value as ssltcpas shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp
  4. Set the conntype value to tcp as shown in the following code block:

    #Configuration settings to roll back the default configuration between Infrastructure Management Server to Local Integration Service
    pronet.apps.agent.conntype=tcp

    Note

    Modify the file present in the pw\custom\conf directory, if it is a local Integration Service.

  5. Save and close the file.

To configure the remote Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the conntype value as ssltcp as shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp
  4. Set the conntype value to tcp as shown in the following code block:

    pronet.apps.agent.conntype=tcp
  5. Save and close the file.

  6. Logon to the computer where the remote Integration Service is installed, and stop the Integration Service (Unix) by running the following command: 

    pw is stop
  7. To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the Integration Service changes from Started to (blank).

  8. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\conf directory.

  9. Comment out the instance of the code line having the conntype value as ssltcp as shown in the following code block:

    #pronet.apps.agent.conntype=ssltcp
  10. Set the conntype value to tcp as shown in the following code block:

    pronet.apps.agent.conntype=tcp

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service. 

  11. Save and close the file.

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start
  2. Start the Integration Service (Unix) by running the following command:

    pw is start
  3. To start the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

  4. Double-click the Services icon to launch the Services dialog box.
  5. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Restart
  6. Click Yes to close the warning message that is displayed. 
    The status for the Integration Service changes to Started from (blank).

    Note

    The Integration Service restart is applicable only to the remote Integration Service. The local Integration Serviceis restartedautomatically along with the Infrastructure Management Server.

The following section guides you to configure the Integration Service to Cell communication to enable default configuration. Choose the appropriate configuration steps based on the type (local / remote) of the Integration Service and the cell used.

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command: 

    pw system stop
  2. Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the encryptionkey value as *TLS as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=*TLS
  4. Set the encryptionkey value to mc as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=mc
  5. Save and close the file.

  6. Using a text editor, open mcell.dir file located in <Infrastructure Management Server Install directory>\pw\server\etc directory.

  7. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>               encryption key               <host>/<port>
    #cell_1                     pncell_tsim_server1           *TLS                   cell_1.bmc.com:1828
    #cell                            HA_Cell                  *TLS                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828
  8. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key            <host>/<port>
    cell_1                     pncell_tsim_server1           mc                 cell_1.bmc.com:1828
    cell                            HA_Cell                  mc                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828
    

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following notes:

    • cell_1 is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary High Availability cell host names.

To configure the remote Integration Service

  1. Logon to the computer where the remote Integration Service is installed, and stop the Integration Service (Unix) by running the following command: 

    pw is stop
  2. To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the Integration Service changes from Started to (blank).

  3. Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\pronto\conf directory.

  4. Comment out the instance of the code line having the encryptionkey value as *TLS as shown in the following code block:

    #pronet.apps.is.cell.encryptionkey=*TLS
  5. Set the encryptionkey value to mc as shown in the following code block:

    pronet.apps.is.cell.encryptionkey=mc

    Note

    Modify the file present in the agent\pronto\conf directory, if it is a remote Integration Service. 

  6. Save and close the file.

  7. Using a text editor, open mcell.dir file located in <Integration Service Install directory>\Agent\server\etc directory.

  8. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>               encryption key              <host>/<port>
    #cell_1                     pncell_tsim_server1           *TLS                 cell_1.bmc.com:1828
    #cell                            HA_Cell                  *TLS                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828
  9. Set the encryption key value to mc as shown in the following code block:

    #Type                            <name>             encryption key            <host>/<port>
    cell_1                     pncell_tsim_server1           mc                 cell_1.bmc.com:1828
    cell                            HA_Cell                  mc                 primaryhost.bmc.com:1828         secondaryhost.bmc.com:1828

    Parameter description

    Make the cell entries in the mcell.dir file based on the type of communication as explained in the following section:

    • cell_1 is the name of the default Infrastructure Management Cell or a remote cell. This entry indicates that the Integration Service is communicating with the default Infrastructure Management Cell or the remote cell.
    • HA_Cell is the name of the High Availability cell. This entry indicates that the Integration Service is communicating with the High Availability Cell. The primaryhost.bmc.com and secondaryhost.bmc.com are the primary and secondary High Availability cell host names.
  10. Save and close the file.

To configure the default Infrastructure Management Cell

  1. Stop the cell service (Unix) by running the following command:

    mkill -n cellname
  2. To stop the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.

    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes from Started to (blank).

  3. Using a text editor, open mcell.conf file located in <Infrastructure Management Server Install Directory>\pw\server\etc\pncell_<TSIM_MACHINE_NAME> directory.

  4. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls
  5. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  6. Save and close the file.

To configure a remote Cell

  1. Logon to the computer where the remote cell is installed.

  2. Stop the cell service (Unix) by running the following command:

    mkill -n cellname
  3. To stop the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.

    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Stop
    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes from Started to (blank).

  4. Using a text editor, open mcell.conf file located in <Remote Cell Install Directory>\? directory.

  5. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls
  6. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  7. Save and close the file.

To start the servers

  1. Start the cell service by running the following command:

    mcell -n cellname
  2. To start the cell service (Microsoft Windows), navigate to Start > Settings > Control Panel.

    1. Double-click the Services icon to launch the Services dialog box.
    2. Locate the BMC TrueSight Event Manager cell_name or BMC TrueSight Event Manager HA_CELL on the list of services, highlight, then click Restart
    3. Click Yes to close the warning message that is displayed. 
      The status for the cell service changes to Started from (blank).

  3. Start the Integration Service (Unix) by running the following command:

    pw is start
  4. To start the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

  5. Double-click the Services icon to launch the Services dialog box.
  6. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Restart
  7. Click Yes to close the warning message that is displayed. 
    The status for the Integration Service changes to Started from (blank).

Note

The Integration Service restart is applicable only to the remote Integration Service. The local Integration Serviceis restartedautomatically along with the Infrastructure Management Server.

Perform the following steps to roll back the Infrastructure Management Server to Oracle database communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Navigate to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:

    #Syntax 
    perl switchTLSMode.pl -<on/off> -flow <communication channel> -dbport <Oracle Database port> -dbver <Oracle Database version> 
     
    #Example
    perl switchTLSMode.pl -off -flow oracle –dbport 1521 -dbver 11G

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • -on/off: off option disables TLS mode of communication and enables the defaulttcp/ssl configuration.
    • -flow: oracle option will select the Infrastructure Management Server to Oracle database communication channel.
    • -dbport: Provide the port number that is configured for the Oracle database communication.
    • -dbver: Provide the Oracle database version. There are two compatible Oracle database versions: 11G, 12C
  3. Start the Infrastructure Management Server by running the following command:

    pw system start

Perform the following steps to roll back the PATROL Agent to Integration Service communication to defaultconfiguration. 

To configure the remote Integration Service

  1. Stop the Integration Service (Unix) by running the following command: 

    pw is stop
  2. To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

  3. Double-click the Services icon to launch the Services dialog box.
  4. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop
  5. Click Yes to close the warning message that is displayed. 
    The status for the Integration Service changes from Started to (blank).

  6. Navigate to the <Remote Integration Service Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:

    # Microsoft Windows operating system
    $cd <Remote Integration Service install directory>\agent\patrol\common\security\config_v3.0
    
    # Unix operating system
    $cd <Remote Integration Service install directory>/agent/patrol/common/security/config_v3.0
  7. Run the following command:

    #Syntax
    set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
    #Example
    $set_unset_tls_IS.cmd <Remote Integration Service Install Directory> SET_TLS 2 -serverDbPath "C:\Certificates\server_db" -identity bmcpatrol

To configure the local Integration Service

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Navigate to the <Infrastructure Management Server Install Directory>\agent\patrol\common\security\config_v3.0 directory by running the following command:

    # Microsoft Windows operating system
    $cd <Infrastructure Management Server Install Directory>\pw\patrol\common\security\config_v3.0
    
    # Unix operating system
    $cd <Infrastructure Management Server Install Directory>/pw/patrol/common/security/config_v3.0
  3. Run the following command:

    #Syntax
    set_unset_tls_IS.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -identity <identity>
    #Example
    $set_unset_tls_IS.cmd <Infrastructure Management Server Install Directory>\pw  UNSET_TLS 2 -serverDbPath "C:\Certificates\server_db" -identity bmcpatrol

Parameter description

The following notes describe the key parameters used in the preceding command:

  • Use the set_unset_tls_IS.cmd script on the Microsoft Windows operating system, and the set_unset_tls_IS.sh script on the Unix operating system.
  • set_unset_tls.sh -h will display the help for the set_unset_tls_IS command.

  • There are six command line arguments for the set_unset_tls_IS script as explained in the following section:
    • $BMC_ROOT: The directory where the Integration Service is installed.
    • SET_TLS / UNSET_TLS: The second command line argument can either beSET_TLS,or UNSET_TLS. If you select SET_TLS, the Integration Service is configured in TLS mode. If you select UNSET_TLS, the Integration Service is configured in Non-TLS mode.
    • security_level: There are five security levels: 0,1,2,3,4. The current value of this variable represents the security level at which the Integration Service is running.
    • serverDbPath: The directory where the server certificates are present. This argument is mandatory for all the security_levels of the Integration Service.
    • identity: The certificate identity. If you do not specify any valuetothis argument, the default value is set tobmcpatrol.

To configure the PATROL Agent

By default, the PATROL Agent uses either Transmission Control Protocol (TCP) or Secure Sockets Layer (SSL) protocol for communication. BMC provides an option to configure the PATROL Agent to enable TLS 1.2. If you have configured the system to be TLS 1.2 compliant and subsequently want to roll back to the default configuration the following section guides you to achieve the same. 

  1. Navigate to the config_v3.0 folder by running the following command:

    # Microsoft Windows operating system
    $cd <PATROL Agent installation directory>\common\security\config_v3.0
     
    # Unix operating system
    $cd <PATROL Agent installation directory>/common/security/config_v3.0
  2. Run the script to disableTLS mode as shown in the following code block:

    #Syntax
    set_unset_tls.cmd <$BMC_ROOT> <SET_TLS;UNSET_TLS> <security_level> -serverDbPath <serverDbPath> -clientDbPath <clientDbPath> -identity <identity>
    #Example
    $set_unset_tls.cmd "C:\Program Files (x86)\BMC Software" UNSET_TLS 0 -serverDbPath "C:\Certificates\server_db" -clientDbPath "C:\Certificates\client_db" -identity bmcpatrol

    Notes

    • Use set_unset_tls.cmd script on the Microsoft Windows operating system, and set_unset_tls.sh script on the Unix operating system.
    • When you run the set_unset_tls.sh script on AIX and HP-UX operating systems to enable TLS 1.2, the system creates symbolic links for Mozilla NSS v3.20 libraries in the default system library directory /usr/lib.

    • set_unset_tls.sh -h will display the help for the set_unset_tls command.
    • There are six command line arguments for the set_unset_tls script as explained in the following section:
      • BMC_ROOT: The directory where the PATROL Agent is installed.
      • SET_TLS / UNSET_TLS: The second command line argument can either be SET_TLS, or UNSET_TLS. If you select SET_TLS, the PATROL Agent is configured in TLS mode. If you select UNSET_TLS, the PATROL Agent is configured in Non-TLS mode.
      • security_level: There are four security levels: 0,1,2,3.
      • serverDbPath: The directory where the server certificates are present. This argument is mandatory if the security_level is set to 3.
      • clientDbPath: The directory where the client certificates are present. This argument is mandatory if the security_level is set to 3.
      • identity: The certificate identity. If you do not specify any value to this argument, the default value is set to bmcpatrol.

To start the servers

Restart the following servers based on the Integration Service type.

To start the local Integration Service

  1. Start the Infrastructure Management Server by running the following command:

    pw system start

    The Integration Service is restarted along with the Infrastructure Management Server.

To start the remote Integration Service

  1. Start the remote Integration Service (Unix) by running the following command:

    pw is start
  2. To start the remote Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.

  3. Double-click the Services icon to launch the Services dialog box.
  4. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Restart
  5. Click Yes to close the warning message that is displayed. 
    The status for the Integration Service changes from blank to (started).

To start the PATROL Agent

  1. Start the PATROL Agent by running the following command:

    patrolagent -p 9090

Perform the following steps to roll back the Infrastructure Management Server to BMC Impact Integration Web Services (IIWS) communication todefaultconfiguration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\server\etc directory.

  3. Comment out the instance of the code line having the encryption key value as *TLS as shown in the following code block:

    #gateway.imcomm    IIWSGatewayServer    *TLS    IIWSGatewayServer.bmc.com:1859
  4. Set the encryption key as shown in the following code block:

    gateway.imcomm    IIWSGatewayServer    mc    IIWSGatewayServer.bmc.com:1859

    Note

     IIWSGatewayServer is the name of the host computer where the BMC Impact Integration Web Services is installed.

  5. Save and close the file.

To configure the BMC Impact Integrations Web Services server

  1. Navigate to the  <Impact Web Services installation directory>\tomcat\webapps\imws\WEB-INF\etc directory by running the following command:

    # Microsoft Windows operating system 
    $cd <Impact Web Services installation directory>\tomcat\webapps\imws\WEB-INF\etc
    
    # Unix operating system 
    $cd <Impact Web Services installation directory>/tomcat/webapps/imws/WEB-INF/etc
  2. Using a text editor, open the mcell.dir file.
  3. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #type                                     Name                              encryption key                       <Host>:1828
    #gateway.imcomm                         IIWSGatewayServer                       *TLS                           localhost:1859
    #cell                                   pncell_tsim_server                      *TLS                           tsim_server.bmc.com:1828
  4. Set the encryption key value to mc as shown in the following code block:

    #syntax
    #type                                     Name                            encryption key                       <Host>:1828
    #example
    gateway.imcomm                         IIWSGatewayServer                       mc                           localhost:1859
    cell                                   pncell_tsim_server                      mc                           tsim_server.bmc.com:1828

    Note

    • Replace the localhostbythe computer name where the IIWS server is installed.
    • tsim_server is the name of the host computer where the Infrastructure Management Server is installed.
  5. Save and close the file.

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start
  2. Restart the IIWS server by running the following commands:

    1. From the desktop or Start menu, navigate to Services.

    2. To stop the server, select the BMC Impact Integration Web Services service, and right-click to open the menu. The service name is BMCIWS, and the display name is Impact Integration Web Service.

    3. To stop the application server, select Stop.

Perform the following steps to roll back the Infrastructure Management Server to BMC TrueSight Operations Management Reporting communication to default configuration.

To configure the Infrastructure Management Server

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.

  3. Comment out the instance of the code line having the encryption key value as *TLS as shown in the following code block:

     #Type                            <name>             encryption key             <host>/<port>
     #cell	                      ts_event_gateway	        *TLS	                localhost:1900   
  4. Set the encryption key value to mc as shown in the following code block:

     #Type                            <name>             encryption key         <host>/<port>
     cell	                      ts_event_gateway	        mc	                localhost:1900   
  5. Save and close the file.

To configure the BMC TrueSight Operations Management Reporting

  1. Stop the Reporting engine service. For more information, see Stopping the Reporting Engine service .

  2. Navigate to the reportsCLIdirectory by running the following command:

    # Microsoft Windows operating system 
    $cd <TrueSight Operations Management Reporting Install directory>\bin\reportsCLI
    
    # Unix operating system 
    $cd <TrueSight Operations Management Reporting Install directory>/bin/reportsCLI
  3. Run the command as shown in the following code block:

    TLSConfig disable -keystore <keystorefile> -keystorepassword <keystore password> -truststore <truststorefile> -truststorepassword <truststore password>

    Parameter description

    The following notes describe the key parameters used in the preceding command:

    • <keystorefile>: The path and the file name of thekeystore
    • <keystore password>: Password for thekeystore
    • <truststorefile>: The path and the file name of thetruststore
    • <truststore password>: Password for thetruststore

To start the servers

  1. Start the Infrastructure Management Server by running the following command:

    pw system start
  2. Restart the TrueSight Operations Management Reporting component. For more information, see Starting the TrueSight Operations Management Reporting Engine service

Perform the following steps to roll back the Publishing Server to Infrastructure Management server communication to default configuration.

  1. Stop the Infrastructure Management Server by running the following command:

    pw system stop
  2. Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.

  3. Comment out the instances of the code lines having the encryption key value as *TLS as shown in the following code block:

    #Type                            <name>              encryption key                    <host>/<port>
    #cell	                      pncell_hostname	         *TLS	                 pncell_hostname.bmc.com:1828
    #gateway.imcomm              gw_ps_pncell_hostname       *TLS                      hostname.bmc.com:1839
  4. Set the encryption key value to mc as shown in the following code block:

     #Type                            <name>             encryption key               <host>/<port>
     cell	                      pncell_hostname	        mc	                 pncell_hostname.bmc.com:1828
    gateway.imcomm              gw_ps_pncell_hostname       mc                      hostname.bmc.com:1839
  5. Save and close the file.

  6. Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
  7. Comment out the instance of the code line having the ServerTransportProtocol value as tls as shown in the following code block:

    #ServerTransportProtocol=tls
  8. Set the properties as shown in the following code block:

    ServerTransportProtocol=tcp
    ServerCertificateFileName=mcell.crt
    ServerPrivateKeyFileName=mcell.key
  9. Save and close the file.

  10. Start the Infrastructure Management Server by running the following command:

    pw system start

Was this page helpful? Yes No Submitting... Thank you

Comments