VM SSL error caught during wrap data

[Robert Ward <rw...@gmail.com>]

Hello all,

I have been struggling with this.

2020-02-04 23:59:53,904 ERROR [c.c.u.n.Link] (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during wrap data: null cert chain, for local address=/192.168.30.2:8250, remote address=/192.168.30.53:49126.
2020-02-04 23:59:53,928 ERROR [c.c.u.n.Link] (AgentManager-SSLHandshakeHandler-7:null) (logid:) SSL error caught during wrap data: null cert chain, for local address=/192.168.30.2:8250, remote address=/192.168.30.58:35316.

I've tried all my troubleshooting bag of tricks but have come up empty. Can someone enlighten me on how to resolve this?

Thanks,

Robert

Re: VM SSL error caught during wrap data

[Robert Ward <rw...@gmail.com>]

Hi Richard,

New install...was working on a new layout with the mngt, primary, and secondary storage networks on their own interfaces/subnets.

30.2 = mngt server
30.53 = systemvm
30.58 = storagevm

It started with troubleshooting why ports 3922/443 would not listen. In one of the attempts to troubleshoot I deleted and rebuilt both vm's and that's when the ssl issue raised it's ugly head.

I found that rebooting both the mngt and agent servers (at the same time) fixed the problem but thanks so much for the tip! I'll add that to my troubleshooting bag.

Thanks,

Robert



On 2020/02/06 09:54:24, Richard Lawley <ri...@richardlawley.com> wrote: 
> What did you do leading up to this problem?  Is this a new
> install/upgrade?  If upgrade, from what to what?  I presume 192.168.30.2 is
> your mgmt server - what are 192.168.30.53/.58?
> 
> You can temporarily disable strictness which is akin to disabling SSL
> validation by changing the setting ca.plugin.root.auth.strictness to false
> (no restart needed when setting to false, restarted needed when setting it
> back to true).  I've seen this problem before when my hosts or system VMs
> were connecting to the mgmt server via NAT - the IP they appear to connect
> from does not match the IP in the certificate they're presenting.
> 
> Regards,
> 
> Richard
> 
> On Wed, 5 Feb 2020 at 17:06, Robert Ward <rw...@gmail.com> wrote:
> 
> > Hello all,
> >
> > I have been struggling with this.
> >
> > 2020-02-04 23:59:53,904 ERROR [c.c.u.n.Link]
> > (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during
> > wrap data: null cert chain, for local address=/192.168.30.2:8250, remote
> > address=/192.168.30.53:49126.
> > 2020-02-04 23:59:53,928 ERROR [c.c.u.n.Link]
> > (AgentManager-SSLHandshakeHandler-7:null) (logid:) SSL error caught during
> > wrap data: null cert chain, for local address=/192.168.30.2:8250, remote
> > address=/192.168.30.58:35316.
> >
> > I've tried all my troubleshooting bag of tricks but have come up empty.
> > Can someone enlighten me on how to resolve this?
> >
> > Thanks,
> >
> > Robert
> >
> >
> >
> >
> 

Re: VM SSL error caught during wrap data

[Richard Lawley <ri...@richardlawley.com>]

What did you do leading up to this problem?  Is this a new
install/upgrade?  If upgrade, from what to what?  I presume 192.168.30.2 is
your mgmt server - what are 192.168.30.53/.58?

You can temporarily disable strictness which is akin to disabling SSL
validation by changing the setting ca.plugin.root.auth.strictness to false
(no restart needed when setting to false, restarted needed when setting it
back to true).  I've seen this problem before when my hosts or system VMs
were connecting to the mgmt server via NAT - the IP they appear to connect
from does not match the IP in the certificate they're presenting.

Regards,

Richard

On Wed, 5 Feb 2020 at 17:06, Robert Ward <rw...@gmail.com> wrote:

> Hello all,
>
> I have been struggling with this.
>
> 2020-02-04 23:59:53,904 ERROR [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-4:null) (logid:) SSL error caught during
> wrap data: null cert chain, for local address=/192.168.30.2:8250, remote
> address=/192.168.30.53:49126.
> 2020-02-04 23:59:53,928 ERROR [c.c.u.n.Link]
> (AgentManager-SSLHandshakeHandler-7:null) (logid:) SSL error caught during
> wrap data: null cert chain, for local address=/192.168.30.2:8250, remote
> address=/192.168.30.58:35316.
>
> I've tried all my troubleshooting bag of tricks but have come up empty.
> Can someone enlighten me on how to resolve this?
>
> Thanks,
>
> Robert
>
>
>
>