ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Management Center unable to communicate with CAS appliances

book

Article ID: 241614

calendar_today

Updated On:

Products

Management Center - VA CAS-VA CAS-S500 CAS-S400 CAS-S200

Issue/Introduction

- CAS recently upgrade from 2.4.x to 3.1.4.1

- When attempting to connect or manage CAS version 3.1.4.1 appliances via Management Center version 3.2.2.1,  error message is seen:

"failed to establish a secure connection"

And in Management Center network logs (Administration > Logs > Network_*.log), you will see the following error message:

[2022-05-11 17:29:57.836] INFO  http-nio-8080-exec-1   org.apache.http.impl.execchain.RetryExec  I/O exception (org.bouncycastle.tls.TlsFatalAlert) caught when processing request to {s}->https://CAS-IP:8082 : internal_error(80) 
[2022-05-11 17:29:57.836] INFO  http-nio-8080-exec-1   org.apache.http.impl.execchain.RetryExec    Retrying request to {s}->https://CAS-IP:8082 

Cause

 

CAS version 3.1.4.1 COE was updated and MC version 3.2.2.1 is running the older COE version, therefore there is a mismatch between the underlying Linux OS. 

Content Analysis behavior change from 2.4.x to 3.1.x.  This may happen when a Certificate Authority List has been added to CAS before the upgrade from 2.4.x to 3.1.x or when already running CAS 3.1.x 

Environment

Management Center 3.2.2.1 or older

CAS version 3.1.4.1 or newer that has Certificate Authority List uploaded 

 

 

Resolution

Solution: Upgrade Management Center to version 3.3.1.1 

Workaround:  Remove all Certificate Authority List from CAS UI  > Settings > Web Management by highlighting each certificate and click "Delete CA".     Save changes afterwards. 

 

Attachments