Data Center Security

I have imported the UMC CA root cert and my firefox browser is showing up with a green lock. I managed
to get the DCS:SA server registered to the UMC after upgrading the UMC to the correct version.

After logging on to the UMC console, I click on Assets and now I get this message:

System Error: Unable to connect to DCS: Server. Ensure that you have accepted the DCS: Server certificate in the web browser. If the problem persists, contact service administrator.

How do I get this to work? Do I have to connect to the DCS:SA server on a specific port to get the certificate? If so, what is the URL and port number?

I suspect that the port isnt opened on the firewall.

Any help is appreciated in advance.

Thanks

Hi ThaveshinP,

I had the same problem and then I checed the FF Certificates and under the Authorities I did not have the Symantec root certificate.

Can you check also and verify if you have it there? Under FF tools->options->advanced->view certificates->authorities you should find Symantec cert similar to this:

Hi Vladx,

Is this certificate for the DCS:SA server? I will check the revert back to you.

What happens if I don't have it , just in case? How do get the certificate added as shown in your screenshot?

That is UMC root certificate, instructions how to install it are here: https://support.symantec.com/en_US/article.HOWTO124635.html

It is important that you select the root certificate, not the underlying one:

Yes, installed the cert and now I have the green lock. I can logon to the UMC and successfully registered my DCS:SA server but the moment i want to read the assets - I still get this error message(see attached).

I have engaged support, but they have yet to come back with a solution.

Hi Thaveshin,

We have just ovecome an access issue giving exactly this error callout. In our case the issue was due to DB security hardening. The literature (at least what we read) did not indicate that the DCS and UMC DCS and UMC ARE running queries on connect to validate versions of SQL server, roles, etc. Our DBAs removed had all PUBLIC access (sys.objects, sys.configurations, etc) rights on the Database. The impact was that the DCS/UMC were unable to complete the connect query to the Database and we got the message you are getting.

This also prevented the Java Console from logging in. It rejected the credentials because it couldn't check them in the Database.

I hope this might be of some help. 

John

Hello All,

I am having the same issue. But in my case, I do have the certificate installed, no firewall in between because they are on the same network, no personal firewall, and the DB server is not hardened..

anyone?

Thanks,

JoPe.

I might have found my solution.

I noticed that my certificate stated the IP address, instead of the qualified name. I was using the qualified name in my url to access the management portal, which fails. I then used the IP address in the URL to access the management portal, same as what the certificates states, and it worked. I was able to access the portal, and finally see my assets.

Double check what the certificate states as the trusted source, and use that same data in the url to access the management portal.

Thanks,

JoPe