HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario descargar pdf (Pagina 29)

NOTE: For devices that do not support this unification of Jetdirect and device CA certificates and still

place the Jetdirect CA certificate on the Networking tab under EWS, the first certificate in the list in

the policy will be installed under the Networking tab of the device, and all certificates will be placed

under the Security tab.

Security Manager by default will perform an append operation meaning if the certificates in the

policy are missing on the device, they will be installed, but existing certificates on the device not in

the policy will remain untouched. A replace operation can be performed by checking the box titled

Remove certificates from device not present in policy. If this box is checked, existing certificates on the

device not in the policy will be removed.

TROUBLESHOOTING CERTIFICATE REMEDIATIONS

Troubleshooting certificate installation failures is no different than troubleshooting most configuration

issues. The typical scenarios can cause failures such as name resolution issues, network connectivity

issues, traffic blocked by firewall, permissions, device issues, etc.

Security Manager uses DCOM over RPC to submit requests to the CA and retrieve certificates, just like

workstations do for auto-enrollment of certificates. Remote Procedure Call (RPC) is a mechanism that

allows Windows processes to communicate with one another, either between a client and server

across a network or within a single system. Numerous built-in Windows components utilize RPC.

RPC uses dynamic ports for communication between systems, but a static port (TCP port 135) must

also be used as a starting point for communication. The RPC endpoint mapper listens on this static

port.

In a typical RPC session, a client contacts a server's endpoint mapper on TCP port 135 and requests

the dynamic port number assigned to a particular service. The server responds with the IP address

and port number that the service registered with RPC when it started, and the client then contacts the

service on that IP address and port.

If the RPC server is unavailable, errors will occur indicating the certificate was not installed. Many

other reasons can cause a certificate to not install. For example, the RPC server's name may be

resolving to the wrong IP address, resulting in the client contacting the wrong server or attempting to

contact an IP address not currently in use. Alternatively, the server's name may not be resolving at all.

A firewall or other security application on the server, or a network firewall appliance between the

1 2 ... 24 25 26 27 28 29 30 31

Sin comentarios

HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario Pagina 29