Automatically signing in, Configuring the cms – HP Systems Insight Manager User Manual

to Systems Insight Manager, SMH, Integrated Lights-Out (iLO), Onboard Administrator, and all
web servers you browse to.

Each time you receive an Untrusted Connection warning in Firefox, you must add a permanent
security exception to avoid seeing the warning again for that host. Note that if you browse to a
single system using its short host name, fully qualified Domain Name Service (FQDN), and IP
address (for example, three different ways), you must add three security exceptions.

With Internet Explorer, you must install the SSL certificate into the Trusted Root Certification
Authorities certificate store, but the browser will continue to warn you (by default) when details in
the certificate do not match (for example, browsing by short host name when the full host name is
in the certificate). To avoid certificate errors when names do not match, the following setting must
be turned off: Internet Explorer

→Advanced→Security→Warn about certificate address mismatch.

If you do not install the SSL certificate in Internet Explorer 8, these warnings appear for each pop-up
window that appears in Systems Insight Manager.

Automatically signing in

You can sign in to Systems Insight Manager using the same account with which you are logged
in on your desktop, bypassing the Systems Insight Manager sign-in page. If user groups are
configured for Systems Insight Manager, membership in these groups is accepted and treated the
same as if you manually signed in.

Configuring the CMS

•

Systems Insight Manager must be running on a Windows CMS that is a member of a Windows
domain. The browsing system must be a member of the same domain.

•

The Systems Insight Manager service account must be a domain account; local accounts can
not be used.

•

The CMS must be registered with an SPN in the domain, which requires a domain administrator
to configure. From any system that is a member of the domain, the domain administrator can
run the setspn.exe utility from the Windows Support Tools. For example:

setspn -a HTTP/<cms_fqdn> <sim_service_account>

Where HTTP is in all capital letters, <cms_fqdn> is the FQDN of the CMS, and
<sim_service_account> is the domain account under which Systems Insight Manager service
runs.

IMPORTANT:

Automatic sign-in fails if the SPN registered more than once. If you change

the name of the Systems Insight Manager service account, you must first delete the SPN
associated with the old service account name, and then register the new service account name:

setspn -d HTTP/<cms_fqdn> <old_sim_service_account>

setspn -a HTTP/<cms_fqdn> <new_sim_service_account>

NOTE:

Local accounts cannot be used for Systems Insight Manager service account if

automatic sign-in is desired.

•

The automatic sign-in feature must be enabled in Systems Insight Manager in the
globalsettings.props

file. You can use the mxglobalsettings command, or directly

modify the file. Set the value for the AutomaticSignIn property to 1. Restarting Systems Insight
Manager is not necessary.

Signing in and using the graphical user interface

19