Symptoms
Login to OA CP gives an error for all users except admin:
You do not have the necessary permissions. Please contact your account administrator for assistance.
In /var/log/poa-ui.log on UI server, the following error can be found:
2016-08-29 21:05:45,907 xec-3 DEBUG CORBA #518: Plesk._hubStub.acquire_own_cred(undefined) >>> entry
2016-08-29 21:05:45,967 xec-3 DEBUG CORBA #518: Plesk._hubStub.acquire_own_cred(undefined) <<< exit [60] by exception: IDL:omg.org/CORBA/NO_PERMISSION:1.0
2016-08-29 21:05:45,968 xec-3 DEBUG ERR org.omg.CORBA.NO_PERMISSION: Server Exception: Unknown vendor (0x9c40000) Minor Code: 9 vmcid: 0x9c40000 minor code: 9 completed: No
2016-08-29 21:05:45,968 xec-3 DEBUG ERR at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
2016-08-29 21:05:45,968 xec-3 DEBUG ERR at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
UI server is configured with one IP address as the backnet, but uses frontnet address to connect to OA MN:
[root@ui ~]# ip r g 10.10.20.20
10.10.20.20 via 10.10.21.1 dev eth0 src 10.10.21.21
cache mtu 1500 advmss 1460 hoplimit 64
[root@ui ~]# grep 10.10.22.21 /usr/local/pem/etc/pleskd.props
communication.ip=10.10.22.21
orb.endpoint.addresses=10.10.22.21
Cause
OA compares the IP address of arriving UI request with the communication IP set for the node through OA Agent settings and forbids such access in case the IPs do not match. The behavior will be changed in scope of POA-86786 request.
Resolution
Add the correct rule on UI server to communication with OA MN over the same network as the communication IP address assigned to OA Agent on UI server.
# ip route add 10.10.20.20 via 10.10.22.1 dev eth1 src 10.10.22.21
To make the change permanent, save it as /etc/sysconfig/network-scripts/route-eth1 file:
10.10.20.20 via 10.10.22.1 dev eth1 src 10.10.22.21
Note: eth1 interface is shown as an example, the real-life interface name may be different.