Centralized user management problems

Use this information to solve problems with a chassis that is configured in the IBM® Flex System Manager management software to use the central management node user registry.

Table 1. Centralized user management problems and corrective actions
Problem description Corrective action
The IBM Flex System Manager management node fails, and you are not able to manage a chassis because it is configured for centralized user management. If you want to restore account-management functions on the Chassis Management Module (CMM) until the management node is restored or replaced, complete the procedure described in Recovering chassis management with a CMM after a management node failure.
You cannot log in to the CMM with the RECOVERY_ID account. The RECOVERY_ID account is only valid when a CMM is configured for centralized user management. If you cannot log in with the RECOVERY_ID account, the CMM must have centralized user management disabled. Use an account in the local CMM user registry to access the CMM and other components in the chassis.
After you changed the IP address (in the management network settings) for a management node that is managing one or more chassis in centralized user management mode, all of the chassis that were previously accessed and managed by the IBM Flex System Manager are now inaccessible (you might see the value No Access in the chassis Status column in the web interface).

If you change the IP address of the management node from the command-line interface or from the web interface, the LDAP SSL certificate is out-of-sync with the centrally-managed chassis, and you cannot access the CMM with IBM Flex System Manager credentials.

  1. Open a CMM command-line interface session, and log in with the RECOVERY_ID account.
    Note: The password for the RECOVERY_ID account was set when you selected the chassis for management on the Management Domain page.
    If this is the first time that you have used the RECOVERY_ID account to log in to the CMM, you must change the password.
  2. If you are prompted, type the new password for the RECOVERY_ID account.
  3. Run the following command to identify the IP address of the management node: ldapcfg -T mm[p]
    In the output that is generated, note the IP address beside the i1 parameter; this is the management node IP address in the CMM user registry configuration.
    Note: If the i1 parameter shows the old management node IP address, run the following command to update the CMM configuration with the new management node IP address: 
    ldapcfg -i1 <new_IP_address> -T mm[p]
    where <new_IP_address> is the new management node IP address.
  4. Run the following command to import the management node certificate: 
    sslcfg -tc1 import -u https://<IP_address>/FRMServerCert.der -T mm[p]
    where <IP_address> is the new management node IP address that you identified in the previous step.
  5. For each chassis that you want to access, from the Chassis Manager page in the management software web interface, select the chassis; then click Actions > Security > Request Access. The Request Access page opens.
  6. Click OK.
After you started managing a chassis in centralized user management mode, the default USERID management software user account became locked. This can occur when the management software user account is duplicated on the CMM, and the CMM is put in centralized user management mode. You can use the pe user account to unlock any user account. To unlock the user account, complete the following steps:
  1. From the management software command-line interface, log in with the user name pe and the pe account password.
    Note: When you completed the Management Server Setup wizard, the password for the pe account was automatically set to be the same as the password for the system-level user account (the default system-level user account is USERID).
  2. Run the following command:
    smcli unlockuser -u <user_name>
    where user_name is the locked user name.
You added a new compute node or storage node to a chassis that is in centralized management mode, but the node has the access state No access in the IBM Flex System Manager management software and CMM Chassis Map views. You cannot access the node directly or through the request-access action in the management software.

The problem might be caused by a new compute node firmware is not at the latest level.

To fix this problem, complete the following steps:
  1. Change the user management mode of the chassis in which the new node is installed to decentralized user management. See Changing the user management mode of a managed chassis for more information.
  2. Update the compute node firmware. See Updating systems for more information.
  3. Change the user management mode of the chassis to centralized user management.
Parent topic: Troubleshooting the management software