Performance Management SslConfig fails with error connecting to MySql database
search cancel

Performance Management SslConfig fails with error connecting to MySql database


Article ID: 207819


Updated On:


CA Performance Management - Usage and Administration DX NetOps


When running the SslConfig script to set up SSL for HTTPS access an error is received.

This is an environment where the DX NetOps Performance Management Performance Center and the MySql database are installed on different hosts.

When running the ./SslConfig command as instructed from the (default path) /opt/CA/PerformanceCenter directory the following error is observed:

Cannot connect to the database: nested exception is java.sql.SQLException: null,  message from server: "Host '<IP-or-HostName_for_MySql_Host>' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'"


All supported DX NetOps Performance Management releases


The system time on the Performance Center and MySql host servers are not aligned and are out of sync. This time difference was present when MySql was installed.

By default we configure MySql with SSL encryption.

As a result of the time difference the connection request from the SslConfig script is rejected due to time not matching between requestor (PC host SslConfig command) and recipient, the MySql host.


Fix the system time on the two hosts to ensure they are time aligned. Maintain this via time sync tools.

Once that is resolved there are two options to resolve this.

The simplest if this is a new install is to reinstall Performance Center. Reinstall it on the Performance Center services host, and reinstall it on the MySql remote host.

See below in Additional Information for option 2.

Additional Information

NOTE: This is an untested workaround.

After fixing the time on the servers reboot them thus restarting their respective Performance Center and MySql services. After confirming the services are running post reboot run the following command on the MySql host from the (default path) /opt/CA/MySql directory.

./bin/mysqld --initialize-insecure --user=mysql --datadir=$MYSQL_DATA_FOLDER$

Run this passing the same /tmp/mysqldata as the --datadir value. It will create new *.pem files for everything using the correct current time.

Next stop the MySql services on the MySql host (stop Performance Center services first!). While MySql is down copy all the new /tmp/mysqldata/*.pem files to the (default path) /opt/CA/MySql/data directory.

When done copying the files start the MySql service and the SslConfig command should now run without error.