No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

No GUI for N2510 tool

Publication Date:  2018-01-29 Views:  129 Downloads:  0
Issue Description

There is a problem with the N2510 tool. The server is well installed and the customer can join and connect to it with ‘ssh’.

But it’s impossible to connect via the GUI.

 

Handling Process

Got the general information about the customer’s system and found out that the customer is using software version V200R016, he can’t login via web and that the port is well listened as described below:

 

vma-prdnms-33:~# netstat -anp | grep 8081

tcp        0     0:::8081                :::*                   LISTEN      29348/java



Root Cause

The root cause is linked to the Internet browser. The customer used a low security key (cipher ) on the server. This default cipher is not adapted to the browser. Proposed to the client a higher encryption mode with a stronger encryption protocol, as seen below in the “Solution” chapter. This is a well-known issue for the N2510 tool. 



Solution


1.     Stop the web client service of N2510.

# su - nmsuser

# svc_adm -cmd
stopsvc las_web

# exit

2. To backup the old configuration file server.xml

# cd
/opt/n2510/server/tomcat/conf

# ls -l
  (record the file operation rights)

# cp -f server.xml
/opt/n2510/server/server.xml.bk




3. Change ciphers of “server.xml” file.

Find the ciphers in the file.(it is likely at Line 90 like this):

ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA"

Replace the content
with the following contents:

ciphers="SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"

note: after modify,
make sure the server.xml operation right and ownership are the same as before.

4.     
Start the web client service of N2510 .

# su - nmsuser

# svc_adm -cmd
startsvc las_web

# exit

Rollback solution:
 back off ciphers configuration according to backup file:
/opt/n2510/server/server.xml.bk



END

Contribute Articles
Huawei Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.