Active IQ Unified Manager Discussions

W2K8 and DFM40 installation notes

emanuel
5,545 Views

This may or may not be a question

I installed a new 32-bit version of Windows 2008 server enterprise; 4GB RAM - for functional testing only.

I installed DFM 4.0 and attempted to log in and here is where the fun started; I did the following to help unclog the access to DFM

The Windows Firewall seems to be the bad here

- I enabled Remote Desktop

- I enabled File Sharing and Primting ( which seems to enable ICMP )

- I enabled a couple of other things i thought that looked like remote access

But I still could not log in locally or remotely as a localhost/Administrator ... BUT i could run commands like DFM SERVICE STOP ( which requires local Administrator rights )


So I stopped the Windows Firewall - and I was able to log in remotely as Administrator and my admin user and access the GUI and execute operations as expected BUT still when connected locally as the host/Administrator account - cannot execute operations on the GUI.

You see it autheticates you; but the moment you try to execte an operation ( like setting an option ), it comes back and says you are not a part of GlobalDFMRead which is not true because ...

C:\Users\Administrator>dfm user role list administrator
Role Id Role Name
------- -------------------------
30      GlobalFullControl

so i am cruious if there is a section in the install guide for recommendations on "switches" in a W2K8 host.

8 REPLIES 8

prasads
5,545 Views

when connected locally as the host/Administrator account - cannot execute operations on the GUI.

You mean in the web browser you clicked on "Log In", entered the credentials

& still not able to view a thing?

emanuel
5,545 Views

Yes, connected as the local administrator through an RDP session,

connecting to the welcome screen for OM, selecting LOG IN on the upper right hand corner.

I pass the creds and it accepts them but then in the application ... it says I do not have authority.

prasads
5,545 Views

Hi,

This could most probably be a browser issue.

Try clearing the browser cache or with a different browser itself.

Just re-tested & re-confirmed that with Win2K8 & DFM 4.0, it works fine.

Regards,

Prasad

emanuel
5,545 Views

Well I cheated.  I installed Firefox and life is good; it is a browser issue and it was driving me crazy.

As a consultant I should be able to point out to a customer, here are the items you need to make Protection Manager work on W2K8 on a fresh install of W2K8 but I need to continue to work on that issue because just trying to get FireFox on the box with all the security settings ( the enhanced security settings ) was nearly impossible.

The work-around is to log in as the Administrator ( no other user regardless of group membership ) and download firefox.

emanuel
5,545 Views

Hello all

This issue is rearing its head again.  An email thread resurfed today with woes on installing DFM on W2K8 and again there were problems.

We cannot control what MSFT does but we need to come up with a work around on installing DFM on W2K8 with as little pain as possible ... if it comes down to packaging Firefox with DFM then so be it.  I believe all we need is a list of steps, what to click, what to dial, what to select when installing W2K8 to make it play nice with DFM.  It amazes me when I install W2K8 and I am the local administrator in a workgroup that I am still crippled to use IE to view DFM and goto the NOW site.  Firefox solved that problem.

I will be encouraging others to come into these forums to voice their comments.

===================

email thread

===================

G’day,

I had exactly the same issue today with dfm 4.0 and after installing firefox, the issue is gone J

Thanks for the tip,

Laurent

From: Lazer, Joshey
Sent: Monday, May 17, 2010 6:28 PM
To: Caria, Remy; Bond, Andrew; Synodinos, Emanuel; Richardson, Mike
Cc: c-dl-ses; c-dl-ps
Subject: RE: Permission denied on Operations Manager

Is it IE7.0 ?

Once we too had a similar problem (and strugled a lot) but not in DFM .. in some other application and finally solved by adding the server in IE's "trusted  sites" (internet options --> security --> trusted site ).

-Joshey


From: Caria, Remy
Sent: Monday, May 17, 2010 9:29 PM
To: Bond, Andrew; Synodinos, Emanuel; Richardson, Mike
Cc: c-dl-ses; c-dl-ps
Subject: RE: Permission denied on Operations Manager

Thank you all for your answers.

That seems to be an IE problem, as the command line runs. The collect seems to be ok. I checked the igroups, volumes, aggregates… The users are

C:\>dfm user list

Id    Administrator          Email                    Pager

----- ---------------------- ------------------------ ------------------------

31    Everyone

32    SHOWPARIS\administrator

That is correct. However, the SHOWPARIS\administrator is denied.

Is there any security tuning I can do at the Win2k8 level, or IE?

Thanks a lot.

Rémy Caria

Rémy Caria

System Engineer

Standard : +33 1 49 01 18 00

Phone     : +33 1 49 01 19 08

Mobile     : +33 6 89 81 78 03

Fax         : +33 1 49 01   18 02

P N'imprimez ce mail que si nécessaire.

    Please consider your environmental responsibility before printing this e-mail.

From: Bond, Andrew
Sent: lundi 17 mai 2010 17:45
To: Synodinos, Emanuel; Richardson, Mike
Cc: Caria, Remy; c-dl-ses; c-dl-ps
Subject: Re: Permission denied on Operations Manager

IIRC 'dfm user list' will tell you who the administrator is.


From: Synodinos, Emanuel
To: Richardson, Mike
Cc: Caria, Remy; c-dl-ses; c-dl-ps
Sent: Mon May 17 16:42:25 2010
Subject: Re: Permission denied on Operations Manager

It will authenticate based on how your host box does ... Local group or domain.

W2k8 is ... Interesting because te OS is very locked down.  I am curious to see how your installation proceeds.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Emanuel Synodinos - NetApp PSC

Cell - 408-307-3937

Email - emanuel@netapp.com

-- sent from moblie phone --

~~~~~~~~~~~~~~~~~~~~~~~~~~


On May 17, 2010, at 8:39, "Richardson, Mike" <Mike.Richardson@netapp.com> wrote:

I believe you have to log in with the username you installed DFM with...it is the only default admin added when you install.  Then you can add the others.

Mike Richardson

Professional Services Consultant

http://blogs.netapp.com/dropzone/

NetApp

913.220.2018 Direct

913.461.4479 Mobile

Mike.Richardson@netapp.com

www.netapp.com

From: Caria, Remy
Sent: Monday, May 17, 2010 10:25 AM
To: c-dl-ses; c-dl-ps
Subject: Permission denied on Operations Manager

Hi all,

Sorry for the wide distribution.

As I did a fresh install of Operations Manager 4.0 (core license) on a Win2k8 system, in a VMWare VM, I can not access to the DFM DB. That error occurs…

Permission denied

17 mai 17:17

<image001.png>

You must have the capability to perform the Global DFM Database Read operation in order to access this page. Log in as an administrator to try again.

So, I log in with a domain admin (who is also a local admin), and I then get that message…

Permission denied

17 mai 17:20

<image002.png>

Logged   in as SHOWPARIS\administrator.

<image001.png>

You must have the capability to perform the Global DFM Database Read operation in order to access this page. Log in as an administrator to try again.

No item menu is available. All the DFM services are running with the “localsystem” account. I tried with the local admin account and get the same.

Any idea?

Thanks.

Rémy Caria

<image003.png>

Rémy   Caria

System Engineer

Standard : +33   1 49 01 18 00

Phone       : +33 1 49 01 19 08

Mobile       : +33 6 89 81 78 03

Fax           : +33 1 49 01 18 02

P N'imprimez ce mail que si nécessaire.

    Please consider your environmental responsibility before printing this e-mail.

konnerth
5,545 Views

FYI, we encountered this repeated login problem with DFM 4 running on OEL/RHEL, and finally determined it was due to a proxy server between the browser client and  the DFM server.  So check for configured proxy servers as well as transparent proxies in the network that may affect the authentication.  And as noted elsewhere in this thread, browser cookie configurations may also affect this.

---Karl

emanuel
5,545 Views

I am very determined to write up a doc that shows exactly when steps you need to get DFM on a W2K8 system; i am going to be tackling some of these soon

marlon_soudatt
5,545 Views

I just ran into this problem. My solution was to add the DFM server to IE trusted sites.

Public