License Administration defaults to http in OnGuard 8.0 and above with invalid credentials

Last Modified on 02/09/2023 9:45 am EST

License Administration defaults to http in OnGuard 8.0 and later with invalid credentials

Symptom

  1. License Administration defaults to an http URL in OnGuard 8.0 and later.
  2. Customer is not able to log into License Administration and perform a license install; OnGuard displays a message indicating wrong credentials.
  3. The root certificates are not installed on the system.

Resolution

Explanation of the issue:

There may be a setting in the customer's environment that is blocking the http ports in the browser that is causing the login error. During installation, OnGuard will create the keystore and install the root. Because of the security settings, if the system is not allowing this then the above symptoms would show up in OnGuard.

How to confirm the issue:

  1. On the License Server computer, navigate in Windows Explorer to OnGuard_install_directory\LicenseServerConfig and check if the ls_server_cert.pkcs12 file is present.
  2. If you remove the "SSL_Enabled=false" flag from the LicenseServer section of the ACS.ini file, it will be put back when the License Server restarts.
  3. From the mmc.exe file we are not able to see the “LenelS2 OnGuard Common Trusted Root” in the “Trusted Root Certificate Authorities”.

Work around:

  1. Generate the certificates from the command line as administrator by running the command:
    "C:\Program Files (x86)\OnGuard\Certificates\lnl_app_server_certificate_installer.exe" -key=C:\ProgramData\Lnl\nginx\conf\ls_server_cert_key.pem -cert=C:\ProgramData\Lnl\nginx\conf\ls_server_cert.pem -keystore="C:\Program Files (x86)\OnGuard\LicenseServerConfig"

    Notes:
    a. This command assumes OnGuard is installed in the C: directory. For any other location, please update the command accordingly.
    b. If running this command results in an error that prompts to add common name, then add the following entry to the LicenseServer section of the ACS.ini file: “cn=<hostname>”
  2. Once the certificate is generated, edit the ACS.ini file and remove “SSL_Enabled=false”.

Applies To

OnGuard version 8.0 and later

Additional Information

Copyright © 2024 Carrier. All rights reserved. 

Related Articles

How would you rate this article?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted for approval.

© 2023 Carrier. All rights reserved