Technology Tips and News
Did you review this link?
If the account truly has full root access it should work. Set up logging in the /etc/sudoers file and see if that gives any clues.
Defaults logfile=/var/log/sudo.log
Regards,
-Steve
Hi,
When we try to discover a HP UX server, we are getting SSH Connection Error:
SSH connection error
Failed during SSH discovery. Exit code: 1
Standard Output: Sudo path: /usr/bin/
Standard Error: Sorry, user scomuxaa is not allowed to execute '/usr/bin/sh -c sh /tmp/scx-scomuxaa/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-scomuxaa; exit $EC' as root on xxxxx.
Exception Message:
The command "sh /tmp/scx-scomuxaa/GetOSVersion.sh" will not work when used with Sudo. We can execute this command on the unix server without using Sudo.
The user account I am using has sudo with root access. Are there any specific access permissions we need to discover and deploy agent?
Thanks in advance for your assistance!
Did you review this link?
If the account truly has full root access it should work. Set up logging in the /etc/sudoers file and see if that gives any clues.
Defaults logfile=/var/log/sudo.log
Regards,
-Steve
Did you review this link?
If the account truly has full root access it should work. Set up logging in the /etc/sudoers file and see if that gives any clues.
Defaults logfile=/var/log/sudo.log
Regards,
-Steve
Did you review this link?
If the account truly has full root access it should work. Set up logging in the /etc/sudoers file and see if that gives any clues.
Defaults logfile=/var/log/sudo.log
Regards,
-Steve
Did you review this link?
If the account truly has full root access it should work. Set up logging in the /etc/sudoers file and see if that gives any clues.
Defaults logfile=/var/log/sudo.log
Regards,
-Steve
Hello,
I have reviewed the link and also the account has sudo access.
If I discover by selecting "This account has privileged access" the server is discovered and shows under "manageable computers" but installation of agent will fail as expected with an access related error message.
When I discover by selecting "This account does not have privileged access" and select Sudo for elevation, the server is discovered under "Non-Actionable discoveries" with an SSH connection error.
Failed during SSH discovery. Exit code: 1
Standard Output: Sudo path: /usr/bin/
Standard Error: Sorry, user scomuxaa is not allowed to execute '/usr/bin/sh -c sh /tmp/scx-scomuxaa/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-scomuxaa; exit $EC' as root on xxxxx.
Our Unix admin says that when we enable Sudo, the command '/usr/bin/sh -c sh /tmp/scx-scomuxaa/GetOSVersion.sh' is executed using Sudo and hence it fails.
When I run this command from the console, runs perfectly without using Sudo. And fails when I run this script using Sudo.
If it runs as SUDO and fails then it sounds like SUDO is not configured properly to run the command. I'm not sure what else to tell you. Our agent must be installed with root privileges and if you cannot use the root account to do this then you need to give the non-root account SUDO rights to allow it to run the commands in the link I provided originally.
Did you setup logging in the /etc/sudoers file and if so what does it contain when you try to install the agent with SUDO elevation?
-Steve
If it runs as SUDO and fails then it sounds like SUDO is not configured properly to run the command. I'm not sure what else to tell you. Our agent must be installed with root privileges and if you cannot use the root account to do this then you need to give the non-root account SUDO rights to allow it to run the commands in the link I provided originally.
Did you setup logging in the /etc/sudoers file and if so what does it contain when you try to install the agent with SUDO elevation?
-Steve
If it runs as SUDO and fails then it sounds like SUDO is not configured properly to run the command. I'm not sure what else to tell you. Our agent must be installed with root privileges and if you cannot use the root account to do this then you need to give the non-root account SUDO rights to allow it to run the commands in the link I provided originally.
Did you setup logging in the /etc/sudoers file and if so what does it contain when you try to install the agent with SUDO elevation?
-Steve
If it runs as SUDO and fails then it sounds like SUDO is not configured properly to run the command. I'm not sure what else to tell you. Our agent must be installed with root privileges and if you cannot use the root account to do this then you need to give the non-root account SUDO rights to allow it to run the commands in the link I provided originally.
Did you setup logging in the /etc/sudoers file and if so what does it contain when you try to install the agent with SUDO elevation?
-Steve
If your having issues with the push install and permissions try:
1. Using the root credentials to perform the install (this only does the install as you can then configure the runas account with then scom account)
2. Elevate the scom account to root access and then try the push agent install then once installed drop the root access to the scom account.
3. Manually run the install. This will be a bit longer as you need to manually sign certificates but should work.
Our unix engineers had the same issue using the suggested sudoers file in the link below. The issue here is that MS only make suggestions for Unix/Linux systems but as there are so many flavours they may not always work.
I have tested methods 1, 2 and 3 when using the sudoers file from MS for HP-UX servers wasn't working.
Hi,
Our Unix admin was finally able to follow a written document (the link provided above) and now, I'm able to deploy agents and monitor.
Thank you for your time!
Hi All,
Firstly thanks for the help that you all had given to get it working on the Linux boxes, but now, we seem to have run into another roadblock, it works perfectly while using the same creds on the Linux boxes, but unfortunately it is failing when it comes to the UNIX boxes. It is able to install and monitor fine on the Unix boxes when using the root account, however when we try to use the scom account, it keeps teliing us that "The agent responded to the request but the WSMan connection failed due to: Access is Denied."
Could you let us know what more should be done, I have also enabled logging on the account, and do see that there is a connection from the SCOM server to the UNIX server, however the access is not given as the creds are read as being invalid.
The following is the code from the sudoers file:
scomuxaa ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-*/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-*; /opt/microsoft/scx/bin/too
ls/scxadmin -restart, \
#/bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*;
exit $EC, \
#/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem,
\
#/bin/sh -c rpm -e scx, \
#/bin/sh -c /usr/sbin/swremove scx, \
#/bin/sh -c echo *, \
#/bin/sh -c /bin/rpm -F --force /tmp/scx-*/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm;
EC=$?; cd /
tmp; rm -rf /tmp/scx-*; exit $EC, \
#/bin/sh -c /bin/rpm -U --force /tmp/scx-*/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm;
EC=$?; cd /
tmp; rm -rf /tmp/scx-*; exit $EC, \
#/opt/microsoft/scx/bin/scxlogfilereader -p, \
#/usr/bin/uncompress -f /tmp/scx-scomuxaa/scx-*; /usr/sbin/swinstall
-s /tmp/scx-scomuxaa/scx-* scx; EC=$?; cd /tmp;
rm -rf /tmp/scx-scomuxaa; exit $EC
scomuxaa ALL=(ALL) NOPASSWD: ALL, !/usr/bin/su -
Defaults:scomuxaa !requiretty
Hi All,
Firstly thanks for the help that you all had given to get it working on the Linux boxes, but now, we seem to have run into another roadblock, it works perfectly while using the same creds on the Linux boxes, but unfortunately it is failing when it comes to the UNIX boxes. It is able to install and monitor fine on the Unix boxes when using the root account, however when we try to use the scom account, it keeps teliing us that "The agent responded to the request but the WSMan connection failed due to: Access is Denied."
Could you let us know what more should be done, I have also enabled logging on the account, and do see that there is a connection from the SCOM server to the UNIX server, however the access is not given as the creds are read as being invalid.
The following is the code from the sudoers file:
scomuxaa ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-*/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-*; /opt/microsoft/scx/bin/too
ls/scxadmin -restart, \
#/bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*;
exit $EC, \
#/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem,
\
#/bin/sh -c rpm -e scx, \
#/bin/sh -c /usr/sbin/swremove scx, \
#/bin/sh -c echo *, \
#/bin/sh -c /bin/rpm -F --force /tmp/scx-*/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm;
EC=$?; cd /
tmp; rm -rf /tmp/scx-*; exit $EC, \
#/bin/sh -c /bin/rpm -U --force /tmp/scx-*/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm;
EC=$?; cd /
tmp; rm -rf /tmp/scx-*; exit $EC, \
#/opt/microsoft/scx/bin/scxlogfilereader -p, \
#/usr/bin/uncompress -f /tmp/scx-scomuxaa/scx-*; /usr/sbin/swinstall
-s /tmp/scx-scomuxaa/scx-* scx; EC=$?; cd /tmp;
rm -rf /tmp/scx-scomuxaa; exit $EC
scomuxaa ALL=(ALL) NOPASSWD: ALL, !/usr/bin/su -
Defaults:scomuxaa !requiretty
Hi All,
Firstly thanks for the help that you all had given to get it working on the Linux boxes, but now, we seem to have run into another roadblock, it works perfectly while using the same creds on the Linux boxes, but unfortunately it is failing when it comes to the UNIX boxes. It is able to install and monitor fine on the Unix boxes when using the root account, however when we try to use the scom account, it keeps teliing us that "The agent responded to the request but the WSMan connection failed due to: Access is Denied."
Could you let us know what more should be done, I have also enabled logging on the account, and do see that there is a connection from the SCOM server to the UNIX server, however the access is not given as the creds are read as being invalid.
The following is the code from the sudoers file:
scomuxaa ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-*/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-*; /opt/microsoft/scx/bin/too
ls/scxadmin -restart, \
#/bin/sh -c sh /tmp/scx-*/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-*;
exit $EC, \
#/bin/sh -c cat /etc/opt/microsoft/scx/ssl/scx.pem,
\
#/bin/sh -c rpm -e scx, \
#/bin/sh -c /usr/sbin/swremove scx, \
#/bin/sh -c echo *, \
#/bin/sh -c /bin/rpm -F --force /tmp/scx-*/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm;
EC=$?; cd /
tmp; rm -rf /tmp/scx-*; exit $EC, \
#/bin/sh -c /bin/rpm -U --force /tmp/scx-*/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].rhel.[0-9].x[6-8][4-6].rpm;
EC=$?; cd /
tmp; rm -rf /tmp/scx-*; exit $EC, \
#/opt/microsoft/scx/bin/scxlogfilereader -p, \
#/usr/bin/uncompress -f /tmp/scx-scomuxaa/scx-*; /usr/sbin/swinstall
-s /tmp/scx-scomuxaa/scx-* scx; EC=$?; cd /tmp;
rm -rf /tmp/scx-scomuxaa; exit $EC
scomuxaa ALL=(ALL) NOPASSWD: ALL, !/usr/bin/su -
Defaults:scomuxaa !requiretty
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier