After applying 6.7.0.b398 to your Management Server (NAC) and, more importantly, Execution Servers (NES) the agents may become unreachable. This article will describe:
Noted in the "Enhancements" portion of the Release Notes for 6.7.3, this cumulative patch upgrades the NES and Agents with a new Keystore to replace an expired certificate. The "Known Issues" portion of the Release Notes goes on to explain that the agents will become unreachable when the execution server and agents are configured to use an encrypted connection.
Prior to applying the 6.7.3 (6.7.0.b398) you should configure your agents and execution servers to not use encryption. The agent and execution server needs to be restarted when changing its setting from true to false (and vice versa).
Release : 6.7
Component : CA RELEASE AUTOMATION AGENT
Before we get into what you can do to prevent/workaround your agents becoming unreachable it is worth noting the following:
If your agents are configured to communicate securely you will need to do the following before applying 6.7.3 to prevent the agent from becoming unreachable once 6.7.3 is applied to the NES:
The attached export_NolioB398.zip contains:
1 Server Type:
To use (applies to both processes):
Once all of your NES and Agents have had their security/enabled property configured to false and have been restarted, apply cumulative fix 6.7.3 (aka 6.7.0.b398) to your management and execution servers. Then, upgrade all agents. Once all agents have been upgraded you can configure the NES and Agents to communicate securely.
If your Execution Servers (NES) and Agents were configured to communicate securely and you applied 6.7.3 to your NES then it will not be able to establish a connection to the agents. As noted in the Release Notes:
Two solutions are available:
There is a third option/workaround that could be used temporarily. However, it is important to note that this is only temporary and you will need to revert these changes before configuring the NES and Agents to communicate securely again. This workaround should only be necessary if you have already applied 6.7.3 to your execution servers and now your agents are unreachable as a result of them being configured to communicate securely.
The above steps backup the new/updated certificate files applied after applying 6.7.3. Once these files have been backed up, you can restore the old certificates to restore the connection with the agents. To restore the old certificate files:
Once the agents are reachable you need to follow an appropriate path outlined in the "Preventing Unreachable Agents Prior to 6.7.3" section above. However, once you are done upgrading all agents to 6.7.3 you will need to restore the new certificates on the NES. Configuring the NES and Agents to communicate securely will not work until the NES has their new certificates restored.