Highlighted
Regular Contributor.
Regular Contributor.
1067 views

certificate

Jump to solution

issue : Secure communication protocol negotiation error when trying to establish a connection.
Check the validity of certificates and their configuration.

tired : telnet successfully

             tried to run

./omnicc -secure_comm -configure_peer DNSSRV Error getting certificate from the peer 'dnssrv'.

Failed get peer certificate but the host is already exempted.

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello @sumananim,

Please share the output of openssl s_client -connect <CellManager>:5565 from client and openssl s_client -connect <Client>:5565 from Cell Manager.

Regards,
Sebastian Koehler

---
Please use the Like button below, if you find this post useful.

View solution in original post

0 Likes
7 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello @sumananim,

Is the client running the same INET port as the Cell Manager (e.g. 5555 or 5565)? If this is the case please login to the host dnssrv and run the two commands omnicc -secure_comm -regenerate_cert and omnicc -secure_comm -configure_peer <CellManager>.

After that run omnicc -secure_comm -configure_peer dnssrv on the Cell Manager.

Regards,
Sebastian Koehler

---
Please use the Like button below, if you find this post useful.
0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

from the client side, it is working fine but from cellmgr it is showing an error.

After i  remove client cmd(omnicc -secure_comm -remove_peer) from cellmgr but not able to run below cmd:

./omnicc -secure_comm -configure_peer DNSSRV

Error getting certificate from the peer 'dnssrv'.

Failed get peer certificate but the host is already exempted.

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello @sumananim,

I have seen this only if the name resolution is not working (forward and reverse) OR there is a firewall blocking between the CM and client.

You need to have the Data Protector INET port (e.g. 5555/TCP) open between the client in both directions.

Regards,
Sebastian Koehler

---
Please use the Like button below, if you find this post useful.
0 Likes
Highlighted
Regular Contributor.
Regular Contributor.
We are using Data protector 10.3.
Telnet with clients and hosts are working fine 5565.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello @sumananim,

Please share the output of openssl s_client -connect <CellManager>:5565 from client and openssl s_client -connect <Client>:5565 from Cell Manager.

Regards,
Sebastian Koehler

---
Please use the Like button below, if you find this post useful.

View solution in original post

0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

After opening  port 5565 from Client to host. I'm able to connect with client.

Thanks for you help and support.

0 Likes
Highlighted
Super Contributor.
Super Contributor.

@Sebastian.Koehler 

I upgraded to DP v10.30 in November 2019 and I'm encountering same issue with several of my backups.

Clients indicate they cannot communicate to my Media Agents but when we try the failed backup a few minutes later they run successfully.   I have tried the many variations of the "omnicc -secure_comm @" from the CM, the MAs and the clients.  I uninstall DP on clients and did fresh DP installation but to no avail.  Is this a bug that Microfocus needs to investigate?   BTW: I stuck to using port 5555 even after the migration to DP v10.30.

[Critical] From: BDA-NET@xxxxxx04.xxd.com "/var" Time: 1/12/2020 11:19:45 AM
Cannot connect to Media Agent on system xxxma04.xxd.com, port 71092 (Secure communication protocol negotiation error when trying to establish a connection.
Check the validity of certificates and their configuration.
) => aborting.

[Critical] From: VBDA@xxxxx04.xxd.com "/var" Time: 1/12/2020 11:19:45 AM
Unexpected close reading NET message => aborting.

Thanks,

MO.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.