Unable to Register for RHEL 7.6 on VMWare Fusion behind firewall

Latest response

I installed RHEL 7.6 inside VMWare Fusion on host MacOS and I'm unable to register to the subscription service. I'm pretty sure the reason is because I'm behind a firewall. Just seeing if there is a way around that.

Steps to Reproduce
- Start subscription-manager-gui
- Click [Register]
- System Registration Window pops-up
- Click [Next]
- Pop Up: CA certificate for subscription service not installed

Responses

The registration to the subscription service uses HTTPS. I don't think your firewall will block that ;) How is your network configured in VMware Fusion? Do you use host-only networking? If yes, then your VM cannot communicate to the outside world.

Thank you for your response. So when I configured RedHet in VMWare Fusion I had it use the same networking as the host which MAC in my case. As far as connecting to the outside world I tested it by pinging google.com and was getting a response. So it does look like I can communicate with the outside world.

No I mean that the VM settings for network should be NAT or bridged. Can you do a 'curl ifconfig.co' and see if you get a response with your public IP?

I executed the 'curl' command you suggested and it responds back with an IP that I don't think is the public IP because it is not in the 'ifconfig -a' of the host machine or the VM. What is this IP supposed to be?

It is never showing your VM or host IP, it shows the public IP from your provider.

Hi Ankur,

Can you try telnet subscription.rhn.redhat.com 443?

Also check out the article below?

https://access.redhat.com/solutions/189533

Regards,

Jan Gerrit Kootstra

Jan thanks for responding and the info. I can't use telnet because it is not on the system. I can't install it because there are no yum respositories because I haven't registered. Seems like a chicken/egg problem.

Hi Ankur,

When replying to a question of the team that tries to help you, please show the output of the commands beside your conclusions. We, including you, might find some crucial information is the output.

Regards,

Jan Gerrit Kootstra

Don't be to hard on him Jan Gerrit :P

I gently said please :)

I didn't post the "curl" output Christiaan asked for on purpose because not sure if I'm allowed to post IPs for security reasons.

There you go:

$ telnet subscription.rhn.redhat.com 443 bash: telnet: command not found...

ok, you have not installed the telnet client yet, let us test the connection using curl:

curl -k https://subscription.rhn.redhat.com

It's not that I haven't installed 'telnet' yet there's no way for me to install it without a yum repository and for that I need to register. Correct me if I'm wrong? If there is a way around this please let me know.

Hi Ankur,

You can make a local yum repository using a DVD iso.

e.g.

mkdir /media/dvd

mount -o loop /path/to/DVD.iso /media/dvd

cd /media/dvd/Packages

yum install createrepo

You may need to solve some dependencies, add the missing packages on the yum install command line.

create the repo:

cd /media/dvd

createrepo -v -d .

Now create the /etc/yum.repo.d/mydvd.repo

echo '[mydvd]' > /etc/yum.repo.d/mydvd.repo

echo 'name=mydvd' >>/etc/yum.repo.d/mydvd.repo

echo 'baseurl=file:///media/dvd' >>/etc/yum.repo.d/mydvd.repo

echo 'enabled=1' >>/etc/yum.repo.d/mydvd.repo

echo 'gpgcheck=1' >>/etc/yum.repo.d/mydvd.repo

Now you can install packages from the DVD iso.

Regards,

Jan Gerrit Kootstra

Thank you Jan Gerrit, for providing these clear and comprehensive instructions ! :)

Regards,
Christian

Seems there is no response:

$ curl -k https://subscription.rhn.redhat.com

$

Can you do a ping to subscription.rhn.redhat.com? It should respond with IP 209.132.183.107.

To see if the internal firewall is the cause:

iptables -L

Hi Ankur,

I followed this discussion and I have to say that Jan Gerrit is definitely right ... if you want us to (successfully) assist you - you
indeed need to provide more information about what (exactly) you have done. Your problem can be related to "this and that"
and guessing will only fill up the thread with possibilities which might, or might not solve your problem. First things first : Did
you agree to the terms and conditions ? Secondly : Registering a system and attaching a subscription by using the GUI often
fails. Please do it by using the command line (terminal). As Christiaan van Aken mentioned : The settings for network should
be NAT or bridged and - most probably these settings are already configured correctly out-of-the box in VMware Fusion ... :)

Regards,
Christian

If you guys can post the cmd line register function that would be great.

Hi Ankur,

To clean everything (from your earlier attempts) :

sudo subscription-manager remove --all
sudo subscription-manager unregister
sudo subscription-manager clean

To register the system execute these commands :

sudo subscription-manager register
sudo subscription-manager refresh

Search for the (correct and matching) Pool ID :

sudo subscription-manager list --available

And now attach the system to your subscription :

sudo subscription-manager attach --pool=<Pool-ID>

Cheers :)
Christian

Hi Ankur,

It's me again ... something just came to my mind : Did you by chance forget to set "automatically enable network on boot" ?
I mean did you configure "Automatically connect to this network" in the Anaconda installer during the installation process ?

If not - enable network for the adapter in the system settings (we know you have a GUI installed) and set it to automatically
connect on boot. Well, it's just kinda guessing but I think you'll now understand what I meant with "it can be this and that". :)

Regards,
Christian

Hi Ankur,

Can you show the output of:

ip a s

e.g. output inet your ip address/your prefix brd your broadcast address scope global noprefixroute your network device name

and

ip route

e.g. output default via your gateway dev your network device name proto static metric 100

Other lines for static routes must be analysed by yourself.

ping -c 10 your gateway

Only statics are relevant, not the lines with ip addresses

Regards,

Jan Gerrit Kootstra