Users Guide
• The cfgRacTuneHttpsPort property is changed (including when a cong -f <cong le> changes it).
• racresetcfg is used or a chassis conguration backup is restored.
• CMC is reset.
• A new SSL server certicate is uploaded.
My DNS server doesn’t register my CMC?
Some DNS servers only register names with a maximum of 31 characters.
When accessing the CMC Web interface, a security warning stating that the SSL certicate was issued by a certicate
authority that is not trusted is displayed.
CMC includes a default CMC server certicate to ensure network security for the web interface and remote RACADM features. This
certicate is not issued by a trusted certicate authority. To address this security concern, upload a CMC server certicate issued by
a trusted certicate authority (such as Thawte or Verisign).
Why is the following message displayed for unknown reasons?
Remote Access: SNMP Authentication Failure
As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, the get community
name = public and the set community name = private. By default, the community name for the CMC agent is public. When IT
Assistant sends out a set request, the CMC agent generates the SNMP authentication error because it only accepts requests from
community = public.
Change the CMC community name using RACADM. To see the CMC community name, use the following command:
racadm getconfig -g cfgOobSnmp
To set the CMC community name, use the following command:
racadm config -g cfgOobSnmp -o cfgOobSnmpAgentCommunity <community name>
To prevent SNMP authentication traps from being generated, enter input community names that are accepted by the agent. Since
CMC only allows one community name, enter the same get and set community name for IT Assistant discovery setup.
When accessing the CMC Web interface, a security warning stating that the host name of the SSL certicate does not match
the host name of CMC is displayed.
CMC includes a default CMC server certicate to ensure network security for the web interface and remote RACADM features.
When this certicate is used, the web browser displays a security warning if the default certicate does not match the host name of
CMC (for example, the IP address).
To address this security concern, upload a CMC server certicate issued to the IP address of CMC. When generating the certicate
signing request (CSR) to be used for issuing the certicate, ensure that the common name (CN) of the CSR matches the IP address
of CMC (for example, 192.168.0.120) or the registered DNS CMC name.
To ensure that the CSR matches the registered DNS CMC name:
1. In the left pane, click Chassis Overview.
2. Click Network.
The Network Conguration page appears.
3. Select the Register CMC on DNS option.
4. Type a CMC name in the DNS CMC Name eld.
5. Click Apply Changes.
Active Directory
Does Active Directory support CMC login across multiple trees?
Yes. The CMC’s Active Directory querying algorithm supports multiple trees in a single forest.
Does the login to CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run dierent
operating systems, such as Microsoft Windows 2000 or Windows Server 2003)?
Yes. In mixed mode, all objects used by the CMC querying process (among user, RAC Device Object, and Association Object) must
be in the same domain.
206