DCS legacy RHEL agent lost communication after upgrade of DCS Management Server to version 6.9.2 or 6.9.3
search cancel

DCS legacy RHEL agent lost communication after upgrade of DCS Management Server to version 6.9.2 or 6.9.3

book

Article ID: 254412

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

After DCS Management Server upgrade to version 6.9.2 or 6.9.3, the DCS legacy Agent installed on Red Hat Enterprise Linux  OS changed the status to offline in the UMC. 

Communication test with sisipsconfig.sh -t shows the results as below:

Could not connect to server: CURLE_SSL_CONNECT_ERROR. Your target port may be pointing to an IIS Server and not the SCSP Mgmt Server.

 

 

 

 

 

 

Environment

Release : 6.9.2

Cause

After upgrade to 6.9.2 server.xml protocols and ciphers were updated and legacy RHEL5 can't communicate as result. 

Resolution

If you require DCS Legacy 5.2.9 Agents to communicate with DCS Management Server the following changes are required SSS-Agent-Service service name in server.xml located under {install drive}:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf

#1 Ciphers:

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

#2 Protocols

TLSv1 under sslEnabledProtocols

<Service name="SSS-Agent-Service">

        <Connector SSLEnabled="true" acceptCount="25" disableUploadTimeout="true" enableLookups="false" maxKeepAliveRequests="1" maxThreads="200" minSpareThreads="50" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true">

            <SSLHostConfig certificateVerification="none" ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" protocols="TLSv1.2+TLSv1.3" sslProtocol="TLS">

                <Certificate certificateKeystoreFile="C:\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl" certificateKeystorePassword="RANDOMLETTERSANDNUMBERSHERE" certificateKeystoreType="PKCS12"/>

Additional Information

Once you've made these adjustments, restart the "Symantec Data Center Security Server Manager service":

Powered by Wolken Software