SlideShare a Scribd company logo

HOW to fix a HMAC error

Download as DOC, PDF
K
Keke Vasquez-Tamali'i
1 of 3
HOW to fix a HMAC error: A HMAC error is a result of multiple Tivoli endpoints sharing the same IP address in the Endpoint Manager database. You will see in the SD4 Tivoli log the error: Operation unsuccessful. decrypt_data: HMAC does not match encrypted data! If you do a wadminep <endpointlabel> view_version you will see: decrypt_data: HMAC does not match encrypted data! To Fix: First verify that the Endpoint manager has the current IP address for the hostname that is giving you a HMAC. Ping the hostname and get its IP address. Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Next ping the IP address with the –a switch to resolve fully qualified DNS name. Example: C:>ping -a 171.184.104.36 Fully qualified DNS name Pinging B00028A30BAC6.nc.bankofamerica.com [171.184.104.36] with 32 bytes of data: Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Verify that the fully qualified DNS name matches the endpoint in which you pinged earlier. Now open a telnet session to the HUB or the regional TMR in which the EP lives Wep the endpoint label and notice the IP address {rtxtmr03:cdi}/tmp> wep B00028A30BAC6 object 1027514829.74851.517+#TMF_Endpoint::Endpoint# label B00028A30BAC6 version 106 id 99X401896T965690001818419200 gateway 1027514829.27863.21 pref_gateway 1027514829.27863.21 netload 131072 interp w32-ix86 login_mode desktop, variable protocol TCPIP Here is the IP Address that EP MGR shows-> address 171.184.104.36+9495 mac address (WOL) 00:07:40:79:7a:10 subnet mask (WOL) 255.255.255.0 policy 1027514829.1.10367 httpd tivoli:3>}svKuU alias OBJECT_NIL crypt_mode NONE upgrade_mode enable
last_login_time 2004/03/17-19:38:34 last_migration_time 2004/03/17-15:19:11 last_method_time 2004/03/17-21:27:50 {rtxtmr03:cdi}/tmp> Verify that the IP address that Endpoint Manager has corresponds with what you received in the Ping. If the IP address in EP MGR does NOT match the address you receive from a ping stop and start the endpoint of the host that is giving you an HMAC. This should refresh the EP manager data. If this does not fix please escalate to SWAT team member. Now all that is left is if EP manager and ping IP address are the same then that means that known to Tivoli there is another machine out there with the same IP address. You will need to find out which devices share the IP address in Endpoint Manager DB There are two ways to do this I would do both. Process 1 for finding machines that share an IP address in EP manager DB: Telnet to the Hub and run: epschk –n –e <hostname> B0010A482311E -------------- Matching label B0010A482311E#rvad09.reg.pr found for B0010A482311E B0010A482311E#rvad09.reg.pr oid is 1197421919.19127.517 B0010A482311E#rvad09.reg.pr version is 106 B0010A482311E#rvad09.reg.pr is currently on gateway crpatltwg03 B0010A482311E#rvad09.reg.pr has a preferred gateway crpatltwg03 B0010A482311E#rvad09.reg.pr is currently managed from rvatmr09 B0010A482311E#rvad09.reg.pr is currently reporting an IP of 171.133.228.107 and a port of 9495 Ping replies received from 171.133.228.107 B0010A482311E#rvad09.reg.pr is currently failing a view version with : HMAC B0010A482311E#rvad09.reg.pr is not really at 171.133.228.107 but B00D059CA87C0 with a matching hostname is. Not a true HMAC. B0010A482311E#rvad09.reg.pr had a last login time of 2004/02/09-16:08:11 Notice that the view version fails with: HMAC The next line tells you the device that shares that IP address in Endpoint manager. Process 2 for finding machines that share an IP address in EP manager DB Telnet to the regional TMR that the HMAC endpoint lives on. Run: cat /nb_tools/node1/tivoli/Current/Custom/scripts/data/epinfo_full.dat |grep <IPaddress> Example: {rvatmr06:cdi}/tmp> cat /nb_tools/node1/tivoli/Current/Custom/scripts/data/epinfo_full.dat |grep 171.184.104.35 The output of this command will tell you all devices that have attempted to login with the IP address given.
Now that we have discovered the machines that share an IP address in Tivoli it is time to resolve the problem. To resolve this problem ping both devices to verify that they are on. Look at the output to the ping commands and notice which one is wrong in EP MGR DB. Connect to that device and stop and start the service. If you start and stop the service and it does not resolve the problem. You may need to delete the endpoint that has the incorrect IP in EP MGR and bring it back into magi. For documentation on how to do this see the Delete_refresh_Endpoint.doc.

Recommended

_.com_To_.co.in_Doc.docx
_.com_To_.co.in_Doc.docx_.com_To_.co.in_Doc.docx
_.com_To_.co.in_Doc.docxAkshay Sahatpure
 
Lab report
Lab reportLab report
Lab reportMd Selim Hossain
 
Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Laurent Bernaille
 
Optimizing kubernetes networking
Optimizing kubernetes networkingOptimizing kubernetes networking
Optimizing kubernetes networkingLaurent Bernaille
 
Ping
PingPing
PingNetProtocol Xpert
 
Dhcpsession
DhcpsessionDhcpsession
Dhcpsessionguest648519
 
Itep
ItepItep
ItepSofia Palawan
 
VolgaCTF | Bo0oM - DNS and attacks
VolgaCTF | Bo0oM - DNS and attacksVolgaCTF | Bo0oM - DNS and attacks
VolgaCTF | Bo0oM - DNS and attacksДмитрий Бумов
 

Recommended

_.com_To_.co.in_Doc.docx
_.com_To_.co.in_Doc.docx_.com_To_.co.in_Doc.docx
_.com_To_.co.in_Doc.docxAkshay Sahatpure
 
Lab report
Lab reportLab report
Lab reportMd Selim Hossain
 
Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Laurent Bernaille
 
Optimizing kubernetes networking
Optimizing kubernetes networkingOptimizing kubernetes networking
Optimizing kubernetes networkingLaurent Bernaille
 
Ping
PingPing
PingNetProtocol Xpert
 
Dhcpsession
DhcpsessionDhcpsession
Dhcpsessionguest648519
 
Itep
ItepItep
ItepSofia Palawan
 
VolgaCTF | Bo0oM - DNS and attacks
VolgaCTF | Bo0oM - DNS and attacksVolgaCTF | Bo0oM - DNS and attacks
VolgaCTF | Bo0oM - DNS and attacksДмитрий Бумов
 
Applications.docx
Applications.docxApplications.docx
Applications.docxssuserf7cd2b
 
How to add client computer into a domain using dhcp
How to add client computer into a domain using dhcpHow to add client computer into a domain using dhcp
How to add client computer into a domain using dhcpMac Picar
 
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...Vignesh kumar
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocolgueste98b36
 
P09
P09P09
P09guest2f03e6
 
Dhcp confg
Dhcp confgDhcp confg
Dhcp confgRincy Ranjith
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utilityVishal Kumar
 
Saad baig practical file
Saad baig practical fileSaad baig practical file
Saad baig practical fileSaadBaig33
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Download Mipdfcom
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup ReportsJiaul Hasan Jony
 
Configuring Dhcp Server, Scopes &amp; Superscopes
Configuring Dhcp Server, Scopes &amp; SuperscopesConfiguring Dhcp Server, Scopes &amp; Superscopes
Configuring Dhcp Server, Scopes &amp; Superscopesjocelyn_tanner
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
 
dhcp.pdf
dhcp.pdfdhcp.pdf
dhcp.pdfTekashiAi
 
DHCP Server Guaidlines using CISCO PACKET TRACER
DHCP Server Guaidlines using CISCO PACKET TRACERDHCP Server Guaidlines using CISCO PACKET TRACER
DHCP Server Guaidlines using CISCO PACKET TRACERCOMSATS Institute of Information Technology
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01maverick4489
 
DNS,SMTP and POP3
DNS,SMTP and POP3DNS,SMTP and POP3
DNS,SMTP and POP3Omar Faruk Sazib
 
main
mainmain
mainOmar Faruk Sazib
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus networkAalap Tripathy
 
Linux05 DHCP Server
Linux05 DHCP ServerLinux05 DHCP Server
Linux05 DHCP ServerJainul Musani
 

More Related Content

Similar to HOW to fix a HMAC error

How to add client computer into a domain using dhcp
How to add client computer into a domain using dhcpHow to add client computer into a domain using dhcp
How to add client computer into a domain using dhcpMac Picar
 
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...Vignesh kumar
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocolgueste98b36
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utilityVishal Kumar
 
Saad baig practical file
Saad baig practical fileSaad baig practical file
Saad baig practical fileSaadBaig33
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Download Mipdfcom
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup ReportsJiaul Hasan Jony
 
Configuring Dhcp Server, Scopes &amp; Superscopes
Configuring Dhcp Server, Scopes &amp; SuperscopesConfiguring Dhcp Server, Scopes &amp; Superscopes
Configuring Dhcp Server, Scopes &amp; Superscopesjocelyn_tanner
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01maverick4489
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus networkAalap Tripathy
 

Similar to HOW to fix a HMAC error (20)

Applications.docx
Applications.docxApplications.docx
Applications.docx
 
How to add client computer into a domain using dhcp
How to add client computer into a domain using dhcpHow to add client computer into a domain using dhcp
How to add client computer into a domain using dhcp
 
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
dhcp (dynamic host configuration protocol) very Cleare Explanation, Interview...
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
 
P09
P09P09
P09
 
Dhcp confg
Dhcp confgDhcp confg
Dhcp confg
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
 
Saad baig practical file
Saad baig practical fileSaad baig practical file
Saad baig practical file
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup Reports
 
Configuring Dhcp Server, Scopes &amp; Superscopes
Configuring Dhcp Server, Scopes &amp; SuperscopesConfiguring Dhcp Server, Scopes &amp; Superscopes
Configuring Dhcp Server, Scopes &amp; Superscopes
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
 
dhcp.pdf
dhcp.pdfdhcp.pdf
dhcp.pdf
 
DHCP Server Guaidlines using CISCO PACKET TRACER
DHCP Server Guaidlines using CISCO PACKET TRACERDHCP Server Guaidlines using CISCO PACKET TRACER
DHCP Server Guaidlines using CISCO PACKET TRACER
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01
 
DNS,SMTP and POP3
DNS,SMTP and POP3DNS,SMTP and POP3
DNS,SMTP and POP3
 
main
mainmain
main
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
 
Linux05 DHCP Server
Linux05 DHCP ServerLinux05 DHCP Server
Linux05 DHCP Server
 

HOW to fix a HMAC error

  • 1. HOW to fix a HMAC error: A HMAC error is a result of multiple Tivoli endpoints sharing the same IP address in the Endpoint Manager database. You will see in the SD4 Tivoli log the error: Operation unsuccessful. decrypt_data: HMAC does not match encrypted data! If you do a wadminep <endpointlabel> view_version you will see: decrypt_data: HMAC does not match encrypted data! To Fix: First verify that the Endpoint manager has the current IP address for the hostname that is giving you a HMAC. Ping the hostname and get its IP address. Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Next ping the IP address with the –a switch to resolve fully qualified DNS name. Example: C:>ping -a 171.184.104.36 Fully qualified DNS name Pinging B00028A30BAC6.nc.bankofamerica.com [171.184.104.36] with 32 bytes of data: Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Reply from 171.184.104.36: bytes=32 time<1ms TTL=128 Verify that the fully qualified DNS name matches the endpoint in which you pinged earlier. Now open a telnet session to the HUB or the regional TMR in which the EP lives Wep the endpoint label and notice the IP address {rtxtmr03:cdi}/tmp> wep B00028A30BAC6 object 1027514829.74851.517+#TMF_Endpoint::Endpoint# label B00028A30BAC6 version 106 id 99X401896T965690001818419200 gateway 1027514829.27863.21 pref_gateway 1027514829.27863.21 netload 131072 interp w32-ix86 login_mode desktop, variable protocol TCPIP Here is the IP Address that EP MGR shows-> address 171.184.104.36+9495 mac address (WOL) 00:07:40:79:7a:10 subnet mask (WOL) 255.255.255.0 policy 1027514829.1.10367 httpd tivoli:3>}svKuU alias OBJECT_NIL crypt_mode NONE upgrade_mode enable
  • 2. last_login_time 2004/03/17-19:38:34 last_migration_time 2004/03/17-15:19:11 last_method_time 2004/03/17-21:27:50 {rtxtmr03:cdi}/tmp> Verify that the IP address that Endpoint Manager has corresponds with what you received in the Ping. If the IP address in EP MGR does NOT match the address you receive from a ping stop and start the endpoint of the host that is giving you an HMAC. This should refresh the EP manager data. If this does not fix please escalate to SWAT team member. Now all that is left is if EP manager and ping IP address are the same then that means that known to Tivoli there is another machine out there with the same IP address. You will need to find out which devices share the IP address in Endpoint Manager DB There are two ways to do this I would do both. Process 1 for finding machines that share an IP address in EP manager DB: Telnet to the Hub and run: epschk –n –e <hostname> B0010A482311E -------------- Matching label B0010A482311E#rvad09.reg.pr found for B0010A482311E B0010A482311E#rvad09.reg.pr oid is 1197421919.19127.517 B0010A482311E#rvad09.reg.pr version is 106 B0010A482311E#rvad09.reg.pr is currently on gateway crpatltwg03 B0010A482311E#rvad09.reg.pr has a preferred gateway crpatltwg03 B0010A482311E#rvad09.reg.pr is currently managed from rvatmr09 B0010A482311E#rvad09.reg.pr is currently reporting an IP of 171.133.228.107 and a port of 9495 Ping replies received from 171.133.228.107 B0010A482311E#rvad09.reg.pr is currently failing a view version with : HMAC B0010A482311E#rvad09.reg.pr is not really at 171.133.228.107 but B00D059CA87C0 with a matching hostname is. Not a true HMAC. B0010A482311E#rvad09.reg.pr had a last login time of 2004/02/09-16:08:11 Notice that the view version fails with: HMAC The next line tells you the device that shares that IP address in Endpoint manager. Process 2 for finding machines that share an IP address in EP manager DB Telnet to the regional TMR that the HMAC endpoint lives on. Run: cat /nb_tools/node1/tivoli/Current/Custom/scripts/data/epinfo_full.dat |grep <IPaddress> Example: {rvatmr06:cdi}/tmp> cat /nb_tools/node1/tivoli/Current/Custom/scripts/data/epinfo_full.dat |grep 171.184.104.35 The output of this command will tell you all devices that have attempted to login with the IP address given.
  • 3. Now that we have discovered the machines that share an IP address in Tivoli it is time to resolve the problem. To resolve this problem ping both devices to verify that they are on. Look at the output to the ping commands and notice which one is wrong in EP MGR DB. Connect to that device and stop and start the service. If you start and stop the service and it does not resolve the problem. You may need to delete the endpoint that has the incorrect IP in EP MGR and bring it back into magi. For documentation on how to do this see the Delete_refresh_Endpoint.doc.