no SMT repos available for specific client

SUSE Linux Enterprise Server SLES Configure-Administer
1

Hi there,
got problems registering to SMT server:

[CODE]Server 1, not working:

./clientSetup4SMT.sh --host smt

Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
All services have been refreshed.
All repositories have been refreshed.
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)

zypper lr

| Alias | Name | Enabled | Refresh

–±-------------------------------------------------±-------------------------------------------------±--------±-------
1 | Novell-Open-Enterprise-Server-11_11.0-1.320 | Novell Open Enterprise Server 11 | Yes | No
2 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | Yes | No[/CODE]

Server 2, is working:

[CODE]# ./clientSetup4SMT.sh --host smt
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
Refreshing service ‘SMT-http_smt’.
All services have been refreshed.
Repository ‘OES11-Pool’ is up to date.
Repository ‘OES11-Updates’ is up to date.
Repository ‘SLES11-SP1-Pool’ is up to date.
Repository ‘SLES11-SP1-Updates’ is up to date.
All repositories have been refreshed.
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)

zypper lr

| Alias | Name | Enabled | Refresh

–±-------------------------------------------------±-------------------------------------------------±--------±-------
1 | Novell-Open-Enterprise-Server-11_11.0-1.320 | Novell Open Enterprise Server 11 | Yes | No
2 | SMT-http_smt:OES11-Pool | OES11-Pool | Yes | Yes
3 | SMT-http_smt:OES11-Updates | OES11-Updates | Yes | Yes
4 | SMT-http_smt:SLES11-SP1-Pool | SLES11-SP1-Pool | Yes | Yes
5 | SMT-http_smt:SLES11-SP1-Updates | SLES11-SP1-Updates | Yes | Yes
6 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | Yes | No[/CODE]

Both servers are exactly the same:

rpm -qa | sort | md5sum

8ad0e3dfa82b88029e065dd15590619e -

The SMT GUID is NOT the same obviously, I have checked that! (They are not exact clones)

The first server does not appear in the client list on the SMT server.

What else can I check??

Thanks
Marki

2

Hi
Are there any clues in the /root/.suse_register.log?

3

[QUOTE=malcolmlewis;4414]Hi
Are there any clues in the /root/.suse_register.log?[/QUOTE]

You tell me (tried suse_register manually):

# suse_register -d 2 -i
Execute Command: /usr/bin/zypper ref --service
All services have been refreshed.
All repositories have been refreshed.
GUID:f238276d7af34366.....
Execute command: /usr/bin/zypper --no-refresh --quiet --xmlout --non-interactive products --installed-only
Execute command exit(0):
installed products:           $VAR1 = [
          [
            'SUSE_SLES',
            '11.1',
            '',
            'x86_64'
          ],
          [
            'Open_Enterprise_Server',
            '11',
            'cd',
            'x86_64'
          ]
        ];

Execute command: /usr/bin/lscpu
Execute command exit(0):
Execute command: /usr/sbin/hwinfo --gfxcard
Execute command exit(0):
Execute command: /usr/bin/zypper --non-interactive targetos
Execute command exit(0):
list-parameters:   0
xml-output:        0
no-optional:       0
batch:             0
forcereg:          0
no-hw-data:        0
log:               /root/.suse_register.log
locale:            undef
no-proxy:          0
yastcall:          0
arg: $VAR1 = {
          'timezone' => {
                          'kind' => 'mandatory',
                          'value' => '...',
                          'flag' => 'i',
                          'description' => 'Timezone'
                        },
          'ostarget' => {
                          'kind' => 'mandatory',
                          'value' => 'sle-11-x86_64',
                          'flag' => 'i',
                          'description' => 'Target operating system identifier'
                        },
          'processor' => {
                           'kind' => 'mandatory',
                           'value' => 'x86_64',
                           'flag' => 'i',
                           'description' => 'Processor type'
                         },
          'platform' => {
                          'kind' => 'mandatory',
                          'value' => 'x86_64',
                          'flag' => 'i',
                          'description' => 'Hardware platform type'
                        }
        };

extra-curl-option:$VAR1 = [];

URL:               https://smt/center/regsvc
listParams:        command=listparams
register:          command=register
lang:              POSIX
initialDomain:     .xxx
SEND DATA to URI: https://smt/center/regsvc?command=listproducts&lang=en-US&version=1.0:


About to connect() to smt port 443 (#0)
  Trying 130.1.1.93...
connected
Connected to smt (130.1.1.93) port 443 (#0)
successfully set certificate verify locations:
  CAfile: none
  CApath: /etc/ssl/certs/
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Closing connection #0
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)

Command

/usr/bin/zypper ref --service

seems to work on one host but not the other.

4

Ok forget it. I guess ignoring the error about the SSL conversation was a mistake:
The server certificate on the SMT server had expired.

Not sure why SMT chose not to display anything anymore on one but not the other client/server.

In fact, after the issue of the expired SSL server certificate was fixed, clientSetup4SMT/suse_register said

WARNING: Some repositories were manually disabled. They are not restored.
         If you want to restore them, call suse_register with the --restore-repos parameter.

which I did and everything was fine again.