search cancel

Non-TLS Agent not connecting to second TLS Gateway

book

Article ID: 241282

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

We are working on enabling TLS Gateway for our non-TLS Agents.

We have configured two TLS Gateways on two different servers and enabled the CP function.

When using telnet to connect to each answers

> telnet <server1> 2220
Trying 10.20.40.30...
Connected to <server1>
Escape character is '^]'.
00000207UC4:global001NAT A0000151UCTLSGTW.1 AUTOMIC 21...CP 0001<server1>:2220;<server2>:2220^

It responds with the two defined TLS Gateway CP ports.

The agent is configured to connect to :

cp=<server1>:2220

... and upon start, it takes notice of the other TLS Gateway as well:

20220408/111923.573 -          (CP_LIST)                            
20220408/111923.573 -          2220=<server2>

However, after stopping one of the TLS Gateways:

  • The agent disconnects from the Automation Engine and doesn't try to reconnect via the second TLS gateway
  • Even after restarting the Agent, it fails to connect

Cause

The cp_port defined for each TLS Gateway has to be unique in the entire environment because the port is the used as the key.

cp_port=2220 together with 2220=<server2> in the CP list is not understood by the Agent. 

Environment

Release : 21.0

Component : TLS gateway

Resolution

The version 21.0 TLS gateway, when acting like a CP, requires a unique cp_port for each TLS Gateway as long as it's connected to the same Automic system.  Server1 with a TLS Gateway will requires one port, Server2 with a TLS Gateway requires a different port to be used.  This is the same as CP ports in version 12.3 and before and in version 21.0 for the "traditional" CP.