Software Defined Networking (SDN)

Reply
New Contributor

Network Optimizer

Have the latest revs of SDN and Network Optimizer app installed. This requires the Microsoft SDN applications to get installed on my Skype for Business setup. Microsoft SDN Listeners on the Front Ends and the SDN Managers on two other servers. DNS load balancing is done for the two manager host records (sdnmgrpool.domain.com) along with a SQL DB to keep those manager configs in sync and for failover purposes.

 

I appear to have everything operational with the exception of the Microsoft SDN Managers talking to the Aruba SDN controller over SSL. Following from page 113 of the Aruba SDN Admin guide, generated a cert, had my internal Windows CA sign, and replaced the self-signed certificate in the keystore and imported the root CA in both the keystore and truststore as perscribed.

 

Also following https://msdn.microsoft.com/en-us/library/office/dn785201(v=office.16).aspx as well as the Microsoft documentation for their SDN v.2.4 and have no idea the parameters needed for the client certificate the Aruba SDN controller is looking for. Have tried several iterations and attempts and still cannot get them talking.

 

Anyone have any insight or advice on this?

New Contributor

Re: Network Optimizer

Hi Tankster,

 

From the problem statement it mostly looks like a SSL protocol version incompatibility between SFB Front end server and HP VAN SDN Controller.

All communication logs (including failures) between SDN DialogListener service on Front End server and the external controller (here SDN VAN Controller) are logged into a log file whose path is configurable on DialogListener installation. It defaults to "C:\Users\<NT username>\AppData\Local\Temp\1\SDN".

 

If you happen to see in "DialogListener.txt" the error message - "InternalServerError: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel"  it means SSL protocol incompatibility. In most cases you may need to enable TLSv1.2 on Front End server and SDN Manager servers.

 

Here is a brief summary on how to enable TLS1.2.
1. Download and install the latest version of .NET Framework (version 4.6 or higher)
2. Add a registry key for TLS v1.2
3. Add sub-registry keys for Client and Server connections under a TLS v1.2
4. Add DWORDs with name “DisabledByDefault” and “Enabled” under Client and Server registry keys and set their values to 0x00000000 and 0x00000001 respectively.
5. Reboot the machine.
6. The above steps have to executed on FE and LSM servers.


In case if this doesn't solve your problem, please post us the contents of DialogListener.txt log file.

 

Regards,

Veerendra

New Contributor

Re: Network Optimizer

Correct me if I'm wrong, but don't Listeners on the FEs only talk to the Managers? On that communication, I chose to use http over the default port of 9333 and this, and according to the logs, is working great (no issue whatsoever). It is the Managers alone that talk to the Aruba SDN controller and it is in that Manager log where it attempts to send info to the submituri=https://sdncontroller.domain.com:8443/... rest of the link statement, that I get the SSL/TLS secure channel error.

 

Your line of thinking about the TLS 1.2 still might hold true though in regards to the Manager and SDN Controller, so thank you very much for that. Will look closer into that and post back with my results. Thanks again.

New Contributor

Re: Network Optimizer

Just to follow back up with your mentioning of enabling TLS 1.2, the servers I am running on for this scenario are 2012 R2 and according to https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx, TLS 1.2 as well as several other SSL and TLS protocols are in fact, enabled by default. So don't believe this is my issue.

 

Would appreciate any further avenues of insight as I have exausted all I can think to look at. Thanks. 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: