PM 12.31 Proxy Mode

Hello,

I tried to setup a PM proxy node and get an error when I try to create the certificate

"C:\Program Files (x86)\F-Secure\Management Server 5\bin>fspmp-enroll-tls-certificate.bat apwienet05.wienet.ads
Enter Policy Manager user to authorize certificate enrollment: admin
Enter password:
Error: error creating bean with name 'trustedCertificatesService' defined in com.fsecure.fspms.certenroll.EnrollmentToolConfig: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.fsecure.fspms.proxy.TrustedCertificatesService]: Factory method 'trustedCertificatesService' threw exception; nested exception is java.io.UncheckedIOException: java.net.UnknownHostException: spwienet05.wienet.ads"

I used the admin account and the password of the central management server.

Registry settings and all the other things mentioned in https://community.f-secure.com/t5/Business/Setting-up-Policy-Manager-as/ta-p/91824 are done

Find more posts tagged with

Comments

A_Grinkevitch

Could you please collect fsdiag from both master PM and proxy node. There is "F-Secure Support Tool" link in the F-Secure Policy Manger start menu group. Please use this tool to gather fsdiags and forward them via F-Secure Support to dev teams.

TIA

fox

I specify these args and run fspmp-enroll-tls-certificate.bat at the host intended to run as proxy.

A_Grinkevitch

Thanks, seems your args are correct ones.

BTW, do you specify these args and run fspmp-enroll-tls-certificate.bat at the host intended to run as proxy? You should run it there, but not at the Master Policy Manager host...

fox

-DupstreamPmHost=x.x.x.x -DupstreamPmPort=443 -DadminPubLocation="C:\Program Files (x86)\F-Secure\Management Server 5\data\admin.pub"

A_Grinkevitch

Hello fox,

What are the additional_java_args you've specified at step 5? Seems some of them are missing.

fox

I tried to install 12.40 proxy as instructed in https://community.f-secure.com/t5/Business/Setting-up-Policy-Manager-as/ta-p/91824, but got problems when running script:

fspmp-enroll-tls-certificate.bat
Policy Manager Server is not configured to run as a proxy.

unknown

Smiley Happy yes sorry - I changed the subject already

A_Grinkevitch

Hello etomcat,

12.32 was not ever released. 12.31 is the latest one, but it has one hotfix package... Probably, that was called 12.32, or yet another side effect of ChinaDragon's long night

unknown

it is no extra package ... just install the normal policy manager 12.31 without console and follow the posted instructions

etomcat

Hello,

> PM 12.32

Is it possible to download that special product version? I would like to upgrade my PM 12.31 server, but cannot find the package anywhere on F-Secure's website...

Thanks in advance, BR: Tamas Feher, Hungary.

unknown

ok .. it was a long night yesterday ...setting up this new server in Denmark ;-)

Certificate is enrolled now ... I think I'll go home soon and will get some sleep ...

A_Grinkevitch

Hello ChinaDragon,

As I see you have specified argument for the fspmp-enroll-tls-certificate.bat, but it does not need any. It reads data from additional_java_args. According to exception, you've specified spwienet05.wienet.ads in the upstreamPmHost property, but use apwienet05.wienet.ads as an argument. Please check the address in additional_java_args and try again.