Troubleshooting Windows proxies
If you have installed a Windows proxy and it fails to connect, there are a number of checks that you should make before contacting Customer Support.
Checking the SSL keys
The appliance and Windows proxy communicate through an encrypted channel. In order for the Windows proxy to communicate with the appliance, both ends require the presence of a certificate authority file and an SSL (Secure Sockets Layer) key file.
The appliance needs the following:
ca_01.pem– The certificate authority.
appliance_key_01.pem– The key for the appliance.
The Windows proxy needs the following:
ca_01.pem– The same certificate authority file as the appliance, copied to the Windows proxy.
slave_key_01.pem– The same key file as the appliance, renamed and copied to the Windows proxy.
Check the following:
- The files exist at both ends in the corresponding
etcdirectories. Examples of these are:
/usr/tideway/var/slaves/<ip address>__4323/etcon the appliance.
C:\Program Files\BMC Software\ADDM Proxy_Typewhere
Proxy_Typeis one of the following:
Credential(8.3 SP1 and earlier proxies)
C:\Program Files\BMC Software\ADDM Proxy\etcon the proxy host (8.3 SP2 and later proxies)
- The files were present at the time that the process started.
- The certificate authority on both the appliance and the Windows proxy are the same.
Checking for an omniORB.cfg file
The communication between appliance and Windows proxy uses the omniORB CORBA implementation. Configuration of omniORB can affect communication. omniORB's configuration is stored in
C:\omniORB.cfg. In a normal Windows proxy install, that file is not present. If it is present, its contents may prevent communication with the Windows proxy, or may cause other problems.
Restricting appliances that can connect
omniORB can be configured to only permit connections from particular IP addresses. This is achieved by adding a line of this form in
That tells omniORB that only the specified IP address can connect with SSL. The IP address should be the IP address of the appliance. If multiple appliances are to use the same Windows proxy, one
serverTransportRule line for each should be added.