No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight cannot connect to SMTP server

Publication Date:  2017-10-17 Views:  399 Downloads:  0
Issue Description

Customer wants to configure SMTP server to be able to send alarms and events to administrator Gmail. Parameters already set but we got below error 
eSight network software version V300R006




Handling Process

1- Ping to Smtp server and telnet to Smpt ports are reachable  

2- We checked whether Client Email address is valid and can send and recieve emails normally 

3- We checked required TLS/SSL parameters requried for Gmail Server smtp.google.com as per google support site
https://support.google.com/a/answer/176600?hl=en

4- Capture packets while try to authentication with smtp server. we we found that only port 25 can be captured but other ports 465 with TLS or SSL cannot be captured
and TLS required 



5- Checked smtp server requirements, we found the servers need email certificate to be able to authentication between client and server. we uploaded email
Certificate to eSight as following and email server communication worked fine




Root Cause

 Email servers using TLS/SSL needs email certificate in order to be able to communicate with email server. please use steps mentioned to solve your issue 
 

Solution

Upload Email server Certificate to eSight :

1.Config mail server info in eSight. (ps: if use ssl mode, pls confirm mail server ssl port info, different mail server use different port.)

2.Export email server certificate

 Export the root certificate(Huawei certificate as an example) is as follows:

(1)   (1) Click View certificates button to open the certificate window then choose the Certification Path tab.

(2)   (2) Choose the root certificate and click the View Certificate button,as the follow picture 1 and 2


(3)  (3)  In the new window click the Details tab and click the Copy to File… button



(4)    In the Certificate Export Wizard window choose the Base-64 encoded X.509(.CER) and click Nexutton


(5)   (5) Then  according to the default procedure, Click Next, Until the end

3.Import certificate to eSight certificate library

Need to import the certificate to the eSight certificate library.

1)      Login eSight server,and to ‘[eSight directory]\jre\bin’ path,and run the following command to import the certificate:

Windows:

Keytool.exe -import -trustcacerts -alias AliasName -file Certificate storage location -keystore the eSight certificate library location -storepass Certificate Password

Example

Keytool.exe –import –trustcacerts –alias server –file C:\server.cer  –keystore

“D:\eSight\AppBase\etc\certificate\serverKeyStore” –storepass Changeme_123

Linux:

./keytool –import –trustcacerts –alias server –file /opt/server.cer –keystore

“/opt/eSight/AppBase/etc/ certificate/ serverKeyStore” –storepass Changeme_123



Note:

After you import the certificate,make sure that the certificate path is already added in the ‘eSight\AppBase\etc\oms. core\emailconfig. properties’ configuration file, such as 

If it is not configured, please add it manually. 


Suggestions

You can let customer get the email certificate for any SMTP server he wants to use from his side as Huawei does not provide such certificates

END