EEM servers not synchronizing due to SSL3_GET_SERVER_CERTIFICATE errors

book

Article ID: 223273

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Following errors are shown in the dxserver logs in both of 2 EEM servers: 

[email protected]:/opt/CA/SharedComponents/CADirectory/dxserver/logs# tail -5 itechpoz_alarm.log

[118] 20210831.125815.185 DSA_E2735 Multiwrite-DISP: Unable to synchronize with peer 'itechpoz-hostname2.net'
[112] 20210831.130825.049 DSA_E2735 Multiwrite-DISP: Unable to synchronize with peer 'itechpoz-hostname2.net'

[email protected]:/opt/CA/SharedComponents/CADirectory/dxserver/logs# tail -5 itechpoz_alarm.log

[113] 20210831.130012.136 DSA_E2735 Multiwrite-DISP: Unable to synchronize with peer 'itechpoz-hostname1.net'
[119] 20210831.131022.284 DSA_E2735 Multiwrite-DISP: Unable to synchronize with peer 'itechpoz--hostname1.net'

 

[email protected]:/opt/CA/SharedComponents/CADirectory/dxserver/logs# tail -10 itechpoz_warn_20210831.log

[113] 20210831.134658.559 WARN : ssld_ssl_request failed
[118] 20210831.134703.125 WARN : TLS/SSL handshake failed for call from xx.xxx.xxx.xxx:33308
[240] 20210831.134759.189 WARN : MW-DISP not in sync for 'itechpoz--hostname1.net'
[240] 20210831.134759.189 WARN : Attempting to send update to peer 'itechpoz-hostname1.net'
[116] 20210831.134759.197 WARN : Verify error 19: self signed certificate in certificate chain
[116] 20210831.134759.197 WARN : SSL Error
[116] 20210831.134759.197 WARN : 116:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:982:

[116] 20210831.134759.197 WARN : ssld_ssl_request failed
[112] 20210831.134804.202 WARN : TLS/SSL handshake failed for call from xx.xxx.xxx.xxx:33368

[email protected]:/opt/CA/SharedComponents/CADirectory/dxserver/logs# tail -10 itechpoz_warn_20210831.log

[119] 20210831.134501.570 WARN : ssld_ssl_request failed
[118] 20210831.134557.640 WARN : TLS/SSL handshake failed for call from xx.xxx.xxx.xx:50174
[240] 20210831.134602.475 WARN : MW-DISP not in sync for 'itechpoz--hostname2.net'
[240] 20210831.134602.475 WARN : Attempting to send update to peer 'itechpoz--hostname1.net'
[115] 20210831.134602.488 WARN : Verify error 19: self signed certificate in certificate chain
[115] 20210831.134602.489 WARN : SSL Error
[115] 20210831.134602.489 WARN : 115:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:982:

[115] 20210831.134602.489 WARN : ssld_ssl_request failed

 

Environment

Release : 11.3.6

Component : WA AE/AUTOSYS RELATED EEM

Resolution

1. remove secondary EEM from primary EEM
2. remove primary EEM from secondary EEM
3. regenerate 2048 keylength certificates on both EEM using modifycerts
4. on EEM1, run eiam-clustersetup and execute 'resetprimary'
5. on EEM1, add EEM2
6. on EEM2 run eiam-clustersetup -p <eem1_fqdn>

Additional Information

You can find more information on eiam-clustersetup on following url 

The Failover Tool Usage