Security

Guys,

 

Got 4 cppm nodes - all mgt interfages on the same management DMZ. Two are for DMZ, two for internal auth.

 

Internal cppm nodes will be used for publisher and backup publisher.

 

I install certs trusted from the company pki - all OK.  Install PKI roots and intermediates too.

 

I go to the three remaining nodes and click make subscriber.

 

Type in IP and PW, and start the sync up.   I get sync error on initial setup.

 

Policy propagates ok thoughout the cluster, but now I get "Failed to verify server certificate(s)"

From the publisher I cannot view the IPs etc. for the three subscribers.

 

Constant error at every 30min sync interval, eventual the subscriber drops off.

 

The subscribers are now using self signed certs too.

 

Any ideas?

Source	Cluster
Level	ERROR
Category	Replication
Action	Failed
Timestamp	Jan 13, 2014 13:00:01 GMT
Description	Node with IP=172.29.244.157 out of sync by 31 minutes

Is NTP and timezones set correctly?

all ok cluster wide I ahve changed the timzone however to it reflects london and not guernsey, I guess in terms of time they are on the time zone - but I can cross that off the list now if you like

 

thanks for the feedback btw

No joy, contacting TAC

 

I'll post up the result

Entry in the original VM config backup causing the make subscriber to fail. TAC have reproduced. Incidentally this was a 6.2vm to 6.2appliance import. Got a call this afternoon with TAC for a fix. Serious kudos to TAC ... There should be a kudos button for them in this forum!!!!

Thank you for giving a status update. It helps others if they run into the same issue. :)

Specifically this was due to endpoint entries in cppm referencing a null vlaue, which within the postgre sql database referenced a tag that had no actual use.  when the subscribers added to the cluster and the database was replayed the clustering failed.  (clearly I cannot take a pinch of credit)

 

guy on the phone completely nailed the problem and now my cluster is working perfectly... kudos TAC!