Highlighted
Kerileeh Absent Member.
Absent Member.
2450 views

Time Sync maybe SSL Certs are problem

I just did a support pack 8 on my cluster. Now I am getting 'Some other node acquired the cluster lock key use of key ssl certificate dns' on one node and on the other node I get just the generic '2090 other node acquired the cluster lock key'. I have tried the pkidiag it says it fixed the problem on the one node and it didn't. I am going insane, any help would be appreciated.

---------------------------------------------------------------------------
PKIDiag 2.78 -- (compiled Jul 18 2005 17:19:11).
(Check the end of the log for the last repair results)
Current Time: Thu Apr 23 23:04:03 2009
User logged-in as: admin.rmin.
Fixing mode
Rename and create mode
Rename and create when necessary

--> Server Name = 'PENTAGON'
---------------------------------------------------------------------------

Step 1 Verifying the Server's link to the SAS Service Object.
Server 'PENTAGON.RMIN' points to SAS Service object 'SAS Service - PENTAGON.RMIN'
Step 1 succeeded.

Step 2 Verifying the SAS Service Object
SAS Service object 'SAS Service - PENTAGON.RMIN' is backlinked to server 'PENTAGON.RMIN'.
Step 2 succeeded.

Step 3 Verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - PENTAGON.RMIN'.
--->KMO DNS AG PENTAGON\.rminlan\.riss\.net - PENTAGON.RMIN is linked.
--->KMO Old1 SSL CertificateIP - PENTAGON.RMIN is linked.
--->KMO Old1 SSL CertificateDNS - PENTAGON.RMIN is linked.
--->KMO SSL CertificateIP - PENTAGON.RMIN is linked.
--->KMO SSL CertificateDNS - PENTAGON.RMIN is linked.
--->KMO AREA51 SERVER CERTIFICATE - PENTAGON.RMIN is linked.
Step 3 succeeded.

Step 4 Verifying the KMOs
---> Testing KMO 'SSL CertificateIP - PENTAGON.RMIN'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'SSL CertificateIP - NORFOLK.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateIP - NORAD.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - PENTAGON.RMIN'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'SSL CertificateDNS - NORFOLK.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'SSL CertificateDNS - NORAD.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'Old1 SSL CertificateIP - PENTAGON.RMIN'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'Old1 SSL CertificateDNS - PENTAGON.RMIN'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'IP AG 10\.12\.4\.10 - NORFOLK.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG PENTAGON\.rminlan\.riss\.net - PENTAGON.RMIN'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'DNS AG norfolk\.rminlan\.riss\.net - NORFOLK.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NORFOLK - NORFOLK.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'DNS AG NORAD\.rminlan\.riss\.net - NORAD.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.


---> Testing KMO 'AREA51 SERVER CERTIFICATE - PENTAGON.RMIN'.
Rights check -- OK.
Back link -- OK.
Private Key -- OK.

---> Testing KMO 'AREA51 SERVER CERTIFICATE - NORAD.RMIN'.
Rights check -- OK.
Back link -- Belongs to a different server -- Ignoring this KMO.

Step 4 succeeded.

Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - PENTAGON.RMIN'.
KMO 'DNS AG PENTAGON\.rminlan\.riss\.net - PENTAGON.RMIN' is linked.
KMO 'Old1 SSL CertificateIP - PENTAGON.RMIN' is linked.
KMO 'Old1 SSL CertificateDNS - PENTAGON.RMIN' is linked.
KMO 'SSL CertificateIP - PENTAGON.RMIN' is linked.
KMO 'SSL CertificateDNS - PENTAGON.RMIN' is linked.
KMO 'AREA51 SERVER CERTIFICATE - PENTAGON.RMIN' is linked.
Step 5 succeeded.

Step 6 Creating IP and DNS Certificates if necessary.
--> Number of Server IP addresses = 1
--> The default IP address is: 10.12.4.34
--> The KMO SSL CertificateIP's IP Address is: 10.12.4.34
----> The IP addresses match.
--> Number of Server DNS names for the IP address 10.12.4.34 = 1
--> The server's default DNS name is:
PENTAGON.rminlan.riss.net
--> The KMO SSL CertificateDNS's DNS name is: PENTAGON.rminlan.riss.net
----> The DNS names match.
Step 6 succeeded.


Note: Occasionally multiple problems will be solved with a single fix.

Fixable problems found: 0
Problems fixed: 0
Un-fixable problems found: 0
Labels (2)
0 Likes
2 Replies
ataubman Absent Member.
Absent Member.

Re: Time Sync maybe SSL Certs are problem

You appear to be conflating several issues here ... you mention timesync in your title but I see nothing about it in your post.

There is no such message as "Some other node acquired the cluster lock key use of key ssl certificate dns" AFAIK; there is "Some other node acquired the cluster lock" but that has nothing to do with keys.

That is a known problem with SP8, see TID 7003084.

Andrew C Taubman (Sorry, support is not provided via e-mail) Opinions expressed above are not necessarily those of Micro Focus.
0 Likes
Kerileeh Absent Member.
Absent Member.

Re: Time Sync maybe SSL Certs are problem

That is hepful thank you, I will give that I try. Been on line with Techsupport for the past 5 hours and still no resolution. FYI the time sync was resolved and it was an added thought from a previous post I had.


ataubman;1782690 wrote:
You appear to be conflating several issues here ... you mention timesync in your title but I see nothing about it in your post.

There is no such message as "Some other node acquired the cluster lock key use of key ssl certificate dns" AFAIK; there is "Some other node acquired the cluster lock" but that has nothing to do with keys.

That is a known problem with SP8, see TID 7003084.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.