Selang is unable to connect to remote endpoints - ERROR: Failed to receive reply
search cancel

Selang is unable to connect to remote endpoints - ERROR: Failed to receive reply

book

Article ID: 135199

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Trying to selang from one Endoint into a remote Endpoint is returning negatively.

hostA:~ # selang -c "hosts hostB ; f deployments"

...

(hostB)

ERROR: Connection failed

ERROR: Failed to receive reply

What to check to find out the reason for this issue?

Environment

Release : All existing PIM/PAMSC endpoints as of October 2023.

Component : CA ControlMinder, PAMSC

Cause

This is caused due to mismatch of the encryption key or method in the source (host A) and target (host B)

Resolution

Confirm that PIM on both boxes is setup with default values, i.e. default encryption key/method, communication_mode = non_ssl.

1.

Confirm in seos.ini on both boxes you have:

...

communication_mode = non_ssl

...

2.

Reset the encryption method to default. Run on both boxes:

# secons -s

# sechkey -m -sym default

3.

Confirm you are using the default encryption key on all hosts.

To find out run on all PIM hosts:

# sechkey -d -n

 

If it returns with:

...

Searching '/opt/CA/AccessControl/lib/libcrypt' for key...Not found.

Searching '/opt/CA/AccessControl/bin/seload' for key...Not found.

Searching '/opt/CA/AccessControl/lib/libcryptscr.so' for key...Not found.

...

the host is NOT using the default encryption key.

 

To reset the encryption key to default run:

# sechkey currentKey -d

 

It needs to return positively:

...

Searching '/opt/CA/AccessControl/lib/libcrypt' for key...Found and replaced.

Searching '/opt/CA/AccessControl/bin/seload' for key...Found and replaced.

Searching '/opt/CA/AccessControl/lib/libcryptscr.so' for key...Found and replaced.

...

 

If you do not know the currentKey then there is no other way than uninstalling and reinstalling PIM afresh on this host specifying the encryption key/method accordingly.



4.

Execute on each boxes, respectively:

hostA# ssh -p 8891 -v hostB

 

which should return:

...

debug1: Connection established.

...

5.

Confirm with a wireshark / tcpdump analysis between both boxes (or on one of the boxes)

Executing:

hostA:~ # selang -c "hosts hostB ; f deployments"

 

should return something like:

Source:

Transmission Control Protocol, Dst Port: 8891, (SYN)

 

Destination:

Transmission Control Protocol, Src Port: 8891, (SYN, ACK)

Powered by Wolken Software