Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84444members
353646posts

cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

Solved
CYeowell_apc
Crewman
Crewman
0 Likes
4
335

cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

This was originally posted on APC forums on 10/17/2012


I am having problems access the NMC from computers with IE9 installed I get a certifcate warning, but clicking on continue to webpage option no longer works like it used to.
I can access the web gui from an old XP machine running IE8, a Windows 2003 server running IE8, or using and old Firefox 3.6.16 on a Windows 7 machine after adding an exception for the certifcate.
I have tried exporting the certificate on the XP machine and importing to the trusted root cerftificates store onthe IE 9 machine.
However, viewing the certificate after importing gives the message "the certificate integrity cannot be guaranteed and may have been altered".
The AP9617 and AP9619 cards are running 3.7.3 firmware.
The symptoms seems to indicate that IE9 is epxecting a different type of certificate.

The other problem that I'm having is that I tried installing PCNS 3.0.1 onto some new host servers (Windows 2008 R2 SP1 datacenter) also using IE9 and I can't get them to communicate with the NMC's using SSL. I have other servers running older versions that are communicating successfully. I had planned to upgrade to PCNS 3.0.1 on these servers, but I'm reluctant to do so as the old versions are working.

Does anyone have any suggestions on how to fix or even workaround this problem?

Tags (4)

Accepted Solutions
BillP
Administrator Administrator
Administrator
0 Likes
0
335

Re: cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

This reply was originally posted by Angela on APC forums on 10/22/2012


i found that the PowerChute Network Shutdown release notes has mention of this issue:

Problem/Issue:+
The UDP and TCP exceptions for PCNS are only applied to the active profile in the Windows Firewall (and only one profile can be active at a time). If the active profile is changed you will need to manually add exceptions for TCP ports 3052 and 6547 and UDP port 3052. 

Solution+
See http://technet.microsoft.com/en-us/library/cc722141%28WS.10%29.aspx and Firewall in the PCNS Installation help.

See Answer In Context

4 Replies 4
BillP
Administrator Administrator
Administrator
0 Likes
0
335

Re: cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

This reply was originally posted by Angela on APC forums on 10/18/2012


take a look at FA162031 @ http://www.apc.com/site/support/index.cfm/faq/

i think that is what happening to you..

CYeowell_apc
Crewman
Crewman
0 Likes
0
335

Re: cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

This was originally posted on APC forums on 10/18/2012


Thanks alot. Yes FA162031 is definitely what was causing the SSL issue. I had spend hours searching the APC site & the Internet in general and not found that. For now I've used the APC Security Wizard to generate a Root CA and some new SSL certs for my APC units.
I can now access the SSL interface of the units on all machines through IE (including the new host server)

However, PCNS 3.0.1 still complained about not being able to communicate with the NMC.
Netstat shows that the pcns server process is listening on the ports 3052 and 6547.

I turned on firewall logging and found that the UDP traffic from the NMC on port 3052 was being dropped. So I took a good look at the firewall rules created by the PCNS installation. For some reason although the PCNS installation had installed and enabled the rule, it had set the profile to public. As soon as I enabled the Domain profile in the rule PCNS established communications. I've no idea why the installation chose to enable the rules in the public profile, but it could be that my host machine has multiple networks for iSCSI, Live Migration and Cluster Shared Volumes for Hyper-V failover.

BillP
Administrator Administrator
Administrator
0 Likes
0
335

Re: cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

This reply was originally posted by Angela on APC forums on 10/19/2012


thank you for sharing that information and how you fixed it. i am going to pursue seeing if we know anything about this or at least mention it to the folks that handle PCNS directly to see if it is something we have control over or can at least mention it to customers like yourself that have similar issues.

BillP
Administrator Administrator
Administrator
0 Likes
0
336

Re: cannot access NMC AP9617/9 via SSL in IE9 or from PCNS

This reply was originally posted by Angela on APC forums on 10/22/2012


i found that the PowerChute Network Shutdown release notes has mention of this issue:

Problem/Issue:+
The UDP and TCP exceptions for PCNS are only applied to the active profile in the Windows Firewall (and only one profile can be active at a time). If the active profile is changed you will need to manually add exceptions for TCP ports 3052 and 6547 and UDP port 3052. 

Solution+
See http://technet.microsoft.com/en-us/library/cc722141%28WS.10%29.aspx and Firewall in the PCNS Installation help.