Selang is unable to connect to remote endpoints - ERROR: Failed to receive reply
search cancel

Selang is unable to connect to remote endpoints - ERROR: Failed to receive reply

book

Article ID: 135199

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Trying to selang from one Endoint into a remote Endpoint is returning negatively.


hostA:~ # selang -c "hosts hostB ; f deployments"

...

(hostB)

ERROR: Connection failed

ERROR: Failed to receive reply


What to check to find out the reason for this issue?

Environment

Release :

Component : CA ControlMinder, PAMSC

Resolution

Confirm that PIM on both boxes is setup with default values, i.e. default encryption key/method, communication_mode = non_ssl.


1.

Confirm in seos.ini on both boxes you have:

...

communication_mode = non_ssl

...



2.

Reset the encryption method to default. Run on both boxes:

# secons -s

# sechkey -m -sym default



3.

Confirm you are using the default encryption key on all hosts.

To find out run on all PIM hosts:

# sechkey -d -n


If it returns with:

...

Searching '/opt/CA/AccessControl/lib/libcrypt' for key...Not found.

Searching '/opt/CA/AccessControl/bin/seload' for key...Not found.

Searching '/opt/CA/AccessControl/lib/libcryptscr.so' for key...Not found.

...

the host is NOT using the default encryption key.


To reset the encryption key to default run:

# sechkey currentKey -d


It needs to return positively:

...

Searching '/opt/CA/AccessControl/lib/libcrypt' for key...Found and replaced.

Searching '/opt/CA/AccessControl/bin/seload' for key...Found and replaced.

Searching '/opt/CA/AccessControl/lib/libcryptscr.so' for key...Found and replaced.

...


If you do not know the currentKey then there is no other way than uninstalling and reinstalling PIM afresh on this host specifying the encryption key/method accordingly.



4.

Execute on each boxes, respectively:

hostA# ssh -p 8891 -v hostB


which should return:

...

debug1: Connection established.

...



5.

Confirm with a wireshark / tcpdump analysis between both boxes (or on one of the boxes)


Executing:

hostA:~ # selang -c "hosts hostB ; f deployments"


should return something like:

Source:

Transmission Control Protocol, Dst Port: 8891, (SYN)


Destination:

Transmission Control Protocol, Src Port: 8891, (SYN, ACK)