Upgraded IGEL UMS 5.07 to 5.09 and cert is not working, is there any way I can get the old cert to work on my new server?

Hello guys! I upgraded UMS from 5.07.0 to version 5.09.100. Before the upgrade, I took a backup on both the whole computer and the cert. But I discovered that 5.09 only came in 64b version, so I could not do an upgrade. I created a new 64b Ubuntu 18.04 machine and installed UMS. My database is located on a SQL server, and when I connected UMS to the database it wanted to upgrade version, and so I did. When I tried to restore the cert, nothing happened. The problem is now that I have a completely new server, and it refuses to have anything with my Igels to do. Is there any way I can get the old cert to work on my new server, or am I doomed to reset all my Igels and reroll them?

Learn more, read the entire thread inside the IGEL Community o Slack

Hello Jörn, first: please use the 5.09.110 just to be up to date! Second: Stop the Igel Service on your new server, goto /opt/IGEL/RemoteManager/rmtcserver and replace the content with the files from your old server, Restart the Igel Service

That may help!

I went through the steps you described above. Now when trying to scan for my test client and add it to UMS. it ́s no longer complaining about the cert but shows this message:

Are the ports 30001, 30005, 9080/8443 opened? kb.igel.com/endpointmgmt-5.09/en/registration-of-a-thin-client-fails-4253316.html

As far as I can see 22, 5938, and 8443 is open. I have shut down the firewall, but no answer on 30001 and 30005. I run on a virtual machine with Ubuntu 18.04

Sounds like a network issue, difficult to debug through Slack. The UMS must reach TCP 30005 on device and the device 30001 on the UMS

I run a netstat -t an could not see any activity at all on 30001-5. I can se connections on 8443 to my computer ad a lot of connections around 35800-35904 for the sql server.

Did you changed the port config for 30001 on the UMS Administrator or left it on a standard? Do you use a Nat or something similar?

It must have been something Ubuntu-related. I didn’t have the time to sort it out, so I installed a 2016 server instead. Now the port problem seems to be sorted out, but the cert problem remains. I followed your instructions on the Win server but still get the invalid certificate thing when I try to register or import an Igel…

Would you be able to reset to factory defaults one endpoint and retry it? Just want to see if the registration itself fails or works.

Works perfectly. No problem to enroll the Igel.

Then, something went wrong during the Certificate Export / Import process. I assume you are using a actual Firmware version, so the signature algorithm shouldn’t be an issue. did you tried to reimport the backup on your Windows Server, did it worked there?

No, I had the same issue. Restore cert grayed out.

Sounds … weird… Can you send us a screenshot of how you are performing the certificate rollback? I tried it like usual and everything went right (UMS Console, UMS Administration, Certificate Management, Import Key Pair).

If you have access to your old backup of your machine, export them through UMS Administrator (I mean the application rmadmin.exe, if I remember right: through the menu certificates) and try to reupload this. If not successful I would recommend to raise a ticket at our support; a teamviewer Session may help quicker then Slack

I have never tried to use UMS Console, UMS Administration, Certificate Management to save or to reinstall the cert. I have always used UMS Administrator. But UMS Administrator seems to be version bound in some way. But I will try some more ways, and if I can’t get it to work I will send in a ticket.

Then, please give it a try; I’m pretty sure that it should be the source of your issue

The problem is that I can’t use Certificate management to get the cert on the original 32mb server because of the upgrade of the database. It seems that it is the same cert on the two new 64mb machines.

Can you compare the content of the 32Bit rmtcserver content with the 64Bit one? I would recommend to use a checksum to ensure that the file signature is exactly the same (or not)

I cant start the UMS consol on the 32mb machine. It can not connect to the database anymore due to the database upgrade.

It would be enough to compare the files from a File Explorer, if you haven’t access anymore.

They match…

what about the rest: server.pem and tc.keystore?

This is interesting… I checked the files before copying them to c:programIGELremotemanagerrmtcserver. And all the checksums match. But when I check after stopping the service, copying the files to the right location and start the service again, the checksums on tc.keystore differs.

Continue reading and comment on the thread ‘Upgraded IGEL UMS 5.07 to 5.09 and cert is not working, is there any way I can get the old cert to work on my new server?’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: