Trying to selang from one Endoint into a remote Endpoint is returning negatively.
hostA:~ # selang -c "hosts hostB ; f deployments"
...
(hostB)
ERROR: Connection failed
ERROR: Failed to receive reply
What to check to find out the reason for this issue?
Release : All existing PIM/PAMSC endpoints as of October 2023.
Component : CA ControlMinder, PAMSC
This is caused due to mismatch of the encryption key or method in the source (host A) and target (host B)
Confirm that PIM on both boxes is setup with default values, i.e. default encryption key/method, communication_mode = non_ssl.
1.
Confirm in seos.ini on both boxes you have:
...
communication_mode = non_ssl
...
2.
Reset the encryption method to default. Run on both boxes:
# secons -s
# sechkey -m -sym default
3.
Confirm you are using the default encryption key on all hosts.
To find out run on all PIM hosts:
# sechkey -d -n
If it returns with:
...
Searching '/opt/CA/AccessControl/lib/libcrypt' for key...Not found.
Searching '/opt/CA/AccessControl/bin/seload' for key...Not found.
Searching '/opt/CA/AccessControl/lib/libcryptscr.so' for key...Not found.
...
the host is NOT using the default encryption key.
To reset the encryption key to default run:
# sechkey currentKey -d
It needs to return positively:
...
Searching '/opt/CA/AccessControl/lib/libcrypt' for key...Found and replaced.
Searching '/opt/CA/AccessControl/bin/seload' for key...Found and replaced.
Searching '/opt/CA/AccessControl/lib/libcryptscr.so' for key...Found and replaced.
...
If you do not know the currentKey then there is no other way than uninstalling and reinstalling PIM afresh on this host specifying the encryption key/method accordingly.
4.
Execute on each boxes, respectively:
hostA# ssh -p 8891 -v hostB
which should return:
...
debug1: Connection established.
...
5.
Confirm with a wireshark / tcpdump analysis between both boxes (or on one of the boxes)
Executing:
hostA:~ # selang -c "hosts hostB ; f deployments"
should return something like:
Source:
Transmission Control Protocol, Dst Port: 8891, (SYN)
Destination:
Transmission Control Protocol, Src Port: 8891, (SYN, ACK)