No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Maintenance Guide 07

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Login

Login

What Can I Do If Data Fails to Be Downloaded from eSight When I Use Internet Explorer

Question

An export failure occurs or the current page is redirected to the eSight home page when I export files or download controls to the local device.

Answer

The problem occurs because the Automatic prompting for file downloads function of Internet Explorer is disabled. To solve the problem, enable this function.

  1. Open the Internet Explorer.
  2. Choose Tools> Internet Options.

  3. In the Internet Options dialog box, click the Security tab and then Custom level.

  4. Choose Downloads> Automatic prompting for file downloads > Enable.

  5. Click OK.
  6. Log in to eSight again.

What Do I Do If the eSight Displays a Security Certificate Error During Login

Symptom

Internet Explorer or Mozilla Firefox displays a message indicating that the security certificate is incorrect when you log in to the eSight.

  • The following figure shows the security certificate error prompted by Internet Explorer.

  • The following figure shows the security certificate error prompted by Firefox.

  • The following figure shows the security certificate error prompted by Chrome.

Possible Causes

The security certificate is incorrect or is not installed, you need to install a valid security certificate.

Procedure
  • Method 1: Deploy the certificated authorized by the Certificate Authority (CA) to eSight.
    1. Contact the eSight server administrator to apply for a certificate from the CA.
    2. Deploy the certificates issued by the CA to the eSight.
    NOTE:

    When you access the eSight using a domain name, you must apply this method (of applying for a certificate corresponding to the domain name and deploying the certificate) to resolve the incorrect security certificate issue prompted by the browser.

  • Method 2: Set the certificate of the eSight to a trust certificate of the browser.
    • Install the security certificate in Internet Explorer.
      1. Copy the eSight installation directory/AppBase/etc/certificate/application/ca/ca.crt to a local directory.
      2. Open the IE explore, login the eSight, click Tools > Internet Options.
      3. In the Internet Options dialog box, select the Certificate on the Content tab page.
      4. In the Select Certificate Store dialog box, select Trusted Root Certification Authorities and click Import.
      5. Click Next.
      6. Click Browse, select the ca.crt.
      7. Click Next.
      8. Select Place all certificates in the following store and click Browse.
      9. In the Select Certificate Store dialog box, select Trusted Root Certification Authorities and click OK.
      10. Click Next.
      11. In the Certificate Import Wizard dialog box, click Finish.
      12. In the Security Warning dialog box, click Yes.
      13. In the Certificate Import Wizard dialog box, click OK.
      14. Close Internet Explorer and open it again to log in to the eSight.

        The security certificate error page is displayed due to the invalid certificate. Click Continue to this website (not recommended). The eSight login page is displayed for you to log in to the eSight.

    • Install the security certificate in Mozilla Firefox.
      1. Copy the eSight installation directory/AppBase/etc/certificate/application/ca/ca.crt to a local directory.
      2. Choose Open menu > Options on the menu bar of Mozilla Firefox.
      3. Click Advanced, and choose Certificates tab.
      4. Click View Certificates.
      5. Choose Authorities tab in the Certificate Manager window.
      6. Click Import, choose the security certificate, and click Open.
      7. Choose Trust this CA to identify websites. in the Downloading Certificate window, and click OK.
      8. Click OK.
      9. Close Mozilla Firefox and open it again to log in to the eSight.
    • Install the security certificate in Chrome.
      1. Copy the eSight installation directory/AppBase/etc/certificate/application/ca/ca.crt file from the eSight server to the local PC.
      2. Choose Settings from the menu bar of the browser.
      3. Click Manage certificates under HTTPS/SSL.
      4. Click the Trusted Root Certification Authorities tab in the Certificates dialog box and click Import.
      5. In the Certificate Import Wizard dialog box, click Next.
      6. Click Browse and select the CA certificate ca.crt of eSight.
      7. Click Next.
      8. Select Place all certificates in the following store and click Browse.
      9. In the Select Certificate Store dialog box, select Trusted Root Certification Authorities and click OK.
      10. Click Next.
      11. In the Certificate Import Wizard dialog box, click Finish.
      12. If your browser version is Chrome 58 or later, perform the following operations:

        Log in to the server as the root user and run the following command:

        if [ ! -d /etc/opt/chrome/policies/managed ];then mkdir -p /etc/opt/chrome/policies/managed; fi

        echo "{ \"EnableCommonNameFallbackForLocalAnchors\": true }" >> /etc/opt/chrome/policies/managed/secure.json

      13. Close the Chrome browser, open the Chrome browser again, and log in to the eSight.
Suggestion and Summary

Method 1 is recommended. Method 2 may do not work in some scenario because browser versions differ.

NOTE:
  • If eSight login via multiple subnetworks has been enabled, the Certificate Error will not be reported when you use the eSight installation IP address to log in to eSight.
  • If eSight is deployed in a remote HA mode, the Certificate Error will not be reported when you use the installation IP address of the active eSight server to log in to eSight.

What Do I Do If the eSight Interface Layout Is Incorrect After Login

Symptom

The interface layout is incorrect. For example, After I log in to the client and choose System> System Management > User Management from the main menu, the User page layout is incorrect.

Possible Causes

The compatibility view mode is set for Windows Internet Explorer 8. The correct view mode is standard view.

Procedure
  1. Open Windows Internet Explorer 8, and choose Tools > Compatibility View Settings from the menu bar.

    If the menu bar is unavailable, press Alt to display it.

  2. In the Compatibility View Settings dialog box, deselect Include updated website lists from Microsoft, Display intranet sites in Compatibility view, and Display all websites in Compatibility View.

  3. Click Close.

    The page is automatically refreshed, and the interface layout becomes normal.

How Do I Do If the Maintenance Tool Cannot Be Accessed When the Local Server is Forcibly Set as the Primary Server

Question

How do I do if the maintenance tool cannot be accessed when the local server is forcibly set as the primary server?

Answer
  1. Log in to the primary server as the ossuser user.
  2. Run the following commands to forcibly set the local server as the primary server:

    cd /opt/eSight/mttools/tools

    ./force_primary.sh

  3. If the following information is displayed, the commands are executed successfully:

    force primary finish.

How Do I Disable the HTTP Port for Accessing eSight

Question
You can disable the HTTP port for accessing eSight. Disabling the HTTP port exerts the following impacts:
  • The HTTP port 8080 cannot be used to access eSight.
  • The HTTP port 8088 cannot be used to access the maintenance tool.
  • The HTTP port 8087 cannot be used for single sign-on (SSO) authentication.
Answer
  • You are advised to back up the files before modifying them.
  • For a high-availability system, the following operations should be performed on the active server.
  1. Stop eSight.
  2. Modify the sso.xml file.

    1. Access the Installation directory/AppBase/etc/oms.sso directory.
    2. Open the sso.xml file and change the content of the <param/> label of the name="close-http-port" attribute to true. The following is an example:
      <param name="close-http-port">true</param>

  3. Modify the esightsso.ssoclient.ext.xml file.

    1. Access the Installation directory/AppBase/etc/oms.sso/ext directory.
    2. Open the esightsso.ssoclient.ext.xml file, find the <param/> label of the name="private" attribute, change http in the URL to https, and change the port number to 31942.

      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.

      <?xml version="1.0" encoding="UTF-8"?>
      <config name="oms">
          <!-- Single Sign On -->
          <config name="sso">
              <config name="client">
                  <param name="enabled">true</param>
                  <param name="isShowWhiteListPage">false</param>
              </config>
              <config name="servers">
                  <config name="server">
                      <param name="entryAddressMapping">10.120.46.158</param>
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
                  <config name="server">
                      <param name="entryAddressMapping">10.120.46.158</param>
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
              </config>
          </config>
      </config>

  4. Modify the ssoclient.xml file.

    1. Access the Installation directory/AppBase/etc/oms.sso directory.
    2. Open the ssoclient.xml file, find the <param/> label of the name="private" attribute, change http in the URL to https, and change the port number to 31942.

      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.

      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <config name="oms">
          <!-- Single Sign On -->
          <config name="sso">
              <config name="client">
                  <param name="enabled">false</param>
                  <param name="isLocalsso">true</param>
                  <param name="isShowWhiteListPage">false</param>
              </config>
              <config name="servers">
                  <config name="upper_layer_server">
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
                  <config name="server">
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
              </config>
          </config>
      </config>

  5. Modify the nginx.conf file.

    1. Access the Installation directory/AppBase/3rdparty/nginx/conf directory.
    2. Open the nginx.conf file, find the following content, and use the number sign (#) to comment it out.
      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.
      #server {
              #nginx.........
      #        listen   10.120.46.158:8080;
      #        server_name  localhost;
      #        rewrite ^(.*)$  https://$host:31943$1 permanent;
      #        if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE)$ )
      #{
      #            return 444;
      #}
      #}

  6. Modify the roa.inst.xml file.

    1. Access the Installation directory/mttools/etc/iemp.framework directory.
    2. Open the roa.inst.xml file, find the following content, and use the <!-- --> symbol to comment it out.

      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.

      <!--connector name="httpport" type="http">
                <property name="ip" value="10.120.46.158" />
                <property name="port" value="8088" />
                <property name="maxAcceptor" value="5" /
      </connector-->
      
      
      <!--connector name="httpIPV6port" type="http" allowedModel="ipall">
      ?<property name="ip" value="2000:0:0:0:0:0:0:83" />
      ?<property name="port" value="8088" />
      ?<property name="ipModel" value="ipall" />
      ?<property name="maxAcceptor" value="5" />
      </connector-->
      

  7. Start eSight for the modification to take effect.
Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044373

Views: 25097

Downloads: 74

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next