JumpingYang001
commented
2 hours ago @edwio we did a change: if current RSA key is 2048 and you manually run scx.sh --upgrade to upgrade omi/scx, it will re-generate the omi certificate and key with 3072 bit RSA key that is more secure than 2048 bit RSA key, you need to re-discover it or upgrade it on console. If you upgrade from OM server console instead of manually upgrade script on Linux box, you will not have the cert sign issue on OM console.
Another way to re-sign the cert on OM server if you have a bunch of Linux boxes, you can try below script,
# Import the Operations Manager module
Import-Module OperationsManager
# Connect to the SCOM management group
New-SCOMManagementGroupConnection -ComputerName omservername.DOMAIN.COM
# Get the list of Unix/Linux computers
$unixComputers = Get-SCOMMonitoringObject -Class (Get-SCOMClass -Name 'Microsoft.Unix.Computer')
$sPassphrase = ConvertTo-SecureString "***yourpassword***" -AsPlainText -Force
$NewWSCred = New-Object System.Management.Automation.PSCredential ("mydomain\myuser", $sPassphrase)
# Iterate over each Unix/Linux computer and run the Update Certificate task
foreach ($computer in $unixComputers) {
if($computer.HealthState -eq "Error"){
$task = Get-SCOMTask -DisplayName "UNIX/Linux Update Certificate Task"
if ($task) {
Start-SCOMTask -Task $task -Instance $computer -TaskCredentials
Write-Output "Update Certificate task started for $($computer.DisplayName)"
} else {
Write-Output "Update Certificate task not found for $($computer.DisplayName)"
}
}
}
Once upgrading existing SCX installation, to SCX v1.9.0-0 using the --upgrade flag:
sh ./scx-1.9.0-0.universalr.1.s.x64.sh –-upgrade --enable-opsmgrThe installation script is regenerating the omi certificate and key:Which should not happen, given the use of the --upgrade flag.