Network Management

Hello Community,

so do you know what's the fully requeriments for HPE IMC 7.3v to install on windows server 2012 R2.

I've readed the documents requeriments and I got this error:

 the database server address null is not address of the localhost, it may have the Windows SSL cipher suite that migh cause IMC runtime and database errors.

I've attached the screen error.

so maybe I forget some requeriments hope your comments

Regards!

Please check this one:

Windows updates causing IMC running exceptions

Symptom

The IMC database might fail to be connected after any of the following Windows updates are installed:

• KB3172605

• KB3172614

• KB3161608

• KB3161606

• KB3156418

The iMC\client\log\imcforeground.log and iMC\deploy\log\dma.log logs show the following error messages:

• 2016-09-30 23:40:03 [ERROR] [Database Checking Thread] [com.h3c.imc.deploy.dma.EnvPanel::a(1160)] Access database error

• com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:322f5985-33eb-4bb4-b476-6ecb256a2cd8.

Analysis

Microsoft confirmed that the previously mentioned updates added the TLS_DHE_RSA_WITH_AES_256_CBC_SHA and TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher suites but the cipher suites have problems that can cause database connection failure.

The two new cipher suites were added for compatibility with early applications that use RC4 (https://en.wikipedia.org/wiki/RC4), which is not used by industry at present. The two cipher suites use 512-bit encryption. Microsoft considers that 512-bit encryption is not secure enough, and another Windows update (https://support.microsoft.com/en-us/kb/3061518) forces the server to use 1024-bit encryption, resulting in decryption failure on IMC.

Solution

On the IMC database server, check whether the Windows updates that contain the two problem cipher suites are installed and the two cipher suites are enabled:

a. Copy the MSKBsC.zip file from the tools/MSKBsC directory of IMC to any path of the database server.

b. Decompress and run the file to test the environment.

c. Check the test result:

− If the Check pass message is displayed, the environment does not have the problem, and you can use IMC normally.

− If the Check does not pass, you need to repair it message is displayed, the problem exists and you must repair the problem. For more information, see "Repairing the problem on the database server."

− If the Check does not pass, the server has joined a domain message is displayed, the problem exists and you must repair the problem on the database server and make sure the two problem cipher suites are disabled on the domain server. For more information, see "Repairing the problem on the database server" and "Repairing the problem on the domain server."

Repairing the problem on the database server

1. Enter gpedit.msc in the CLI or search field to open the Local Group Policy Editor.

2. In the left pane of the editor, click Local Computer Policy, and then select Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.

3. In the right pane of the editor, double-click SSL Cipher Suite Order.

4. Select Enabled.

5. Under Options > SSL Cipher Suites, copy the contents into a text file (example: Notepad) as a backup copy.

6. In the SSL Cipher Suite field, locate and delete the following two ciphers by strictly following the operation guide in the Help area of the preceding figure: a. TLS_DHE_RSA_WITH_AES_256_CBC_SHA

b. TLS_DHE_RSA_WITH_AES_128_CBC_SHA

** Caution: Many of the ciphers are similar in context, so be sure the cipher matches exactly before deleting. **

7. Click Apply, and then click OK.

8. Reboot the computer.

Repairing the problem on the domain server

If you need to repair the problem on the domain server, contact the administrator of the domain server to perform the repair, using the following method.

1. Open the Control Panel > Administrative Tools > Group Policy Management. Expand the domain where the IMC database server resides. In Group Policy Objects, find the group policy object to which the IMC database server belongs. Right-click Edit to open the Group Policy Management Editor.

2. In the left pane of the editor, select Computer Configuration > Policy > Administrative Templates > Network > SSL Configuration Settings.

3. In the right pane of the editor, double-click SSL Cipher Suite Order.

4. Select Enabled.

5. Under Options > SSL Cipher Suites, copy the contents into a text file (example: Notepad) as a backup copy.

6. In the SSL Cipher Suite field, locate and delete the following two ciphers by strictly following the operation guide in the Help area of the preceding figure: a. TLS_DHE_RSA_WITH_AES_256_CBC_SHA

b. TLS_DHE_RSA_WITH_AES_128_CBC_SHA

** Caution: Many of the ciphers are similar in context, so be sure the cipher matches exactly before deleting. **

7. Click Apply, and then click OK.

Some picture in this document I could not copy. So if you want have the complete document, please email me.

Best Regards!

I've Solved installing also the management SQL Server Tools in the Host IMC

I've the same error message.

But the solution doesn't work for me because i have i fresh install of Server 2012 R2.

It's a testingenvironment for IMC and windows server isn't activated. The solution to delete the cipher doesn't work also becouse i don'nt have the cipher as listed.

IMC it self isn't still installed.

When i run the installer from IMC i get this here:

Start checking installation environments...

Checking ports occupied...
Passed

Checking physical memory size...
Passed

Checking database installation...
Database or database client is not installed on this computer. Checking prerequisites for embedded database...
    OS Version and Patch: Meet the requirements.
    .Net Framework 2.0 SP2: Not Installed
    Free space on system partition (more than 512MB): Passed
Checking failed. Please fix the problems before you go on.

Server2012R2 has .Net Framework >4 installed and should be compatible with .Net2. Trying to install .Net2 doesn't work because i get the message from the .Net installer ".Net Framework 3.5 (includes 2.0 and 2.5)" can't installed.

So what's to do in this fresh installation of server2012R2?

Regards Sebastian

HPE SUPPORT SOFTWARE:

Hi,

i don't know what you mean?.

Windows Server 2012 R2 64Bit .

Blank installation. Nothing installed yet and i won't because it is a testing environment.

Hi, you must activate   "  .Net Framework 2.0" on your server, otherwise imc could not be installed. And if you want use a remote database, I mean the database is on another server, than you must also install the MS  SQL client on the imc server itself.

Please have a look in the imc deployment guides for the different installation option, you can find the guide here:  http://h20565.www2.hpe.com/portal/site/hpsc/template.PAGE/public/psi/manualsResults/?sp4ts.oid=4176535&spf_p.tpst=psiContentResults&spf_p.prp_psiContentResults=wsrp-navigationalState%3Daction%253Dmanualslist%257Ccontentid%253DSetup-and-install-general%257Clang%253Den&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Regards, Inge

Okay, but how do i activate .Net Framewaork 2.0? SQL server should be the Expressversion on the same maschine.

I cant add a feature or role that is called .Net Framework 2.x because it's not there.

Trying to donwload from here https://www.microsoft.com/de-de/download/details.aspx?id=1639

resolv into a error 404, Site not there.

So maybe there is an update imc installer? I will try it again to download IMC.

You mst install the feature on the windows server. .Net 2 is included in .Net Framework 3.5. Please read carefully all tips which pop up if the installation works.

First i get this message (see attachment). The instructions shows me to delete some ciphers, but these ciphers aren't there. I check this. I copy all of them into editor and search for them. So what should i do? There isn't installed a databaseserver, so i can't put anything into the path of the databaseserver.

In next step it shows me .Net Framework 2.0 SP2 isn't installed. But it isn't there to add as feature. It should be in Framework 3.5, ?

If this won't work, i try a other OS.

please contact me directly: inge.bias@hpe.com, so that we can fix your problem in a short way.

Hello , I have the same problem , IMC isntallation is looking for .net Framework 2.0 SP2 . How can I fix it please?

Thank you!

Ricard

Hi Richard, before you install imc, you must add the feature .net Framework 2.0 SP2 on the server itself. Go to Server-Manager >> Manage and add a Feature. Follow the assistend and add feature .net Framework 3.5 where 2.0 is included. Typicalle only .NET Framework 4.5 is installed.

Please read carefully all the hints, you need the install folder of the server to add this feature.