IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Agent Installation on a Windows server hosted on Microsoft Azure but joined to the on-prem Domain

  • 1.  Agent Installation on a Windows server hosted on Microsoft Azure but joined to the on-prem Domain

    Posted Mon November 27, 2023 11:53 AM
      |   view attached

    Hi All,

    I tried installing the GIM agent on a windows server hosted on azure but joined to the on-premise domain via the normal GIM agent installation method but the GIM agent isn't showing on the Guardium GUI after the installation was successful on the server side.

    We did some telnets and the firewall showed traffic was going and coming but the GIM is still not showing on the gui.

    I looked at the logs on the server side and below is the error message it is generating;

    16:11:11, Fri Nov 24, 2023  : -I- send_to_gim_server:: GIM Listener hash info : 
    $VAR1 = {
              'key' => 'C:\\Program Files (x86)\\Guardium\\Guardium Installation Manager/GIM/current/gimListenerServer.key.pem',
              'ca' => 'C:\\Program Files (x86)\\Guardium\\Guardium Installation Manager/GIM/current/gim_ca.pem',
              'cert' => 'C:\\Program Files (x86)\\Guardium\\Guardium Installation Manager/GIM/current/gimListenerServer.cert.pem',
              'port' => '8446'
            };
    16:11:11, Fri Nov 24, 2023  : -I- send_to_gim_server:: command constructed for gim GimConnector:
    "C:\Program Files (x86)\Guardium\Guardium Installation Manager/GIM/current/GimConnector" -s 172.27.15.253 -p 8446 -r "C:\Program Files (x86)\Guardium\Guardium Installation Manager"  -k "C:\Program Files (x86)\Guardium\Guardium Installation Manager/GIM/current/gimListenerServer.key.pem" -t "C:\Program Files (x86)\Guardium\Guardium Installation Manager/GIM/current/gimListenerServer.cert.pem"  -a "C:\Program Files (x86)\Guardium\Guardium Installation Manager/GIM/current/gim_ca.pem"  -o tmp1c.txt  -i tmpc.txt -c 600 -z 
    16:11:11, Fri Nov 24, 2023  : -I- send_to_gim_server:: Setting debug environment to 1
    16:11:12, Fri Nov 24, 2023  : -I- send_to_gim_server:: Waiting for response from GimConnector:
    16:11:12, Fri Nov 24, 2023  : -I- 21128:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:.\crypto\rsa\rsa_pk1.c:124:
    21128:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:701:
    21128:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn1\a_verify.c:218:
    21128:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:.\ssl\s3_clnt.c:1269:
     from gimconnector
    16:11:12, Fri Nov 24, 2023  : -I- send_to_gim_server:: GimConnector returned with error code 1
    16:11:12, Fri Nov 24, 2023  : -I- send_to_gim_server:: Detected HTTP error ... reading it from file tmp1c.txt
    16:11:12, Fri Nov 24, 2023  : -I- send_to_gim_server::Processed response:
    $VAR1 = {
              'code' => 400,
              'body' => '21128:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:.\\crypto\\rsa\\rsa_pk1.c:124:
    21128:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:.\\crypto\\rsa\\rsa_eay.c:701:
    21128:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\\crypto\\asn1\\a_verify.c:218:
    21128:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:.\\ssl\\s3_clnt.c:1269:
    ',
              'header' => 'HTTP/1.1 400 HTTP_BAD_REQUEST'
            };
     
    16:11:12, Fri Nov 24, 2023  : -E- GIM Client failed to register (400, 21128:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:.\crypto\rsa\rsa_pk1.c:124:
    21128:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:701:
    21128:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn1\a_verify.c:218:
    21128:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:.\ssl\s3_clnt.c:1269:
    )
    16:11:12, Fri Nov 24, 2023  : GIM Service failed to register with server
    16:11:12, Fri Nov 24, 2023  : Calling an initial Win32CheckForUpdates
    16:11:13, Fri Nov 24, 2023  : -E- GIM Client failed to register (400, 16628:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:.\crypto\rsa\rsa_pk1.c:124:
    16628:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:701:
    16628:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn1\a_verify.c:218:
    16628:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:.\ssl\s3_clnt.c:1269:
    )
    I have attached the complete gim log file.
    Thanks in anticipation of your assistance


    ------------------------------
    Oluwadamilola Olowojolu
    ------------------------------

    Attachment(s)

    log
    GIM_log.log   46 KB 1 version


  • 2.  RE: Agent Installation on a Windows server hosted on Microsoft Azure but joined to the on-prem Domain

    Posted Tue November 28, 2023 01:44 AM

    It looks like you may be missing the certificate files. If you have another working GIM client in your environment look for the certificate files under c:\Program Files(x86)\Guardium Installation Manager. They should be in the GIM\Current folder with a .pem extension. Copy them over to the same folder in the new DB server



    ------------------------------
    Olufemi "Femi" Adalemo
    ------------------------------

    Original Message


  • 3.  RE: Agent Installation on a Windows server hosted on Microsoft Azure but joined to the on-prem Domain

    Posted Tue November 28, 2023 02:59 AM

    Hello Olufemi,

    Thank you for the recommendation. The installation is a fresh one and that was the first DB we were onboarding, but I discovered that the GIM agent we installed had SHA256 while the Guardium collector didn't as it was just version 11.5 so I upgraded it to V11.5 P530 and I was able to see the GIM on the GUI.



    ------------------------------
    Oluwadamilola Olowojolu
    ------------------------------

    Original Message