7 Replies Latest reply on Aug 19, 2016 9:31 AM by Jim Campbell

    Encryption Configuration Error

    Jim Campbell

      Appserver and agent versions are 8.6sp1.  A few Windows targets ( about 10 out of a few thousand ) are giving the error 'Encryption Configuration Error: ServerNameHere if i try to do a verify.  Agentinfo just gives a generic 'I/O error' response.  The rscd.log on the targets show nothing unless I enable debug mode and then i see just:

       

      04/20/16 12:31:12.569 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): FIPS already enabled

      04/20/16 12:31:12.577 DEBUG    rscd -  AppServer_IP_Here 2144 SYSTEM (Not_available): (Not_available): Enabling keepalive on the connection

      04/20/16 12:31:12.588 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): Before first LookupAccountName in initFromUsernameDomain in RSCD_WinUser.cpp.  The domain string is : 'Server_Name_Here' ; The username string is : 'LocalAdmin_Name_Here'

      04/20/16 12:31:12.595 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): In refreshNames() in RSCD_WinUser.cpp.  The u_NTDomainUsername string is : 'Server_Name_Here\LocalAdmin_Name_Here' ; The u_UPN string is : 'LocalAdmin_Name_Here@Server_Name_Here'

      04/20/16 12:31:12.601 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): Before first LookupAccountName in initFromUsernameDomain in RSCD_WinUser.cpp.  The domain string is : 'Server_Name_Here' ; The username string is : 'BladeLogicRSCD'

      04/20/16 12:31:12.608 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): In refreshNames() in RSCD_WinUser.cpp.  The u_NTDomainUsername string is : 'Server_Name_Here\BladeLogicRSCD' ; The u_UPN string is : 'BladeLogicRSCD@Server_Name_Here'

      04/20/16 12:31:12.617 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): Before first LookupAccountName in initFromUsernameDomain in RSCD_WinUser.cpp.  The domain string is : 'Server_Name_Here' ; The username string is : 'BladeLogicRSCD'

      04/20/16 12:31:12.624 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): In refreshNames() in RSCD_WinUser.cpp.  The u_NTDomainUsername string is : 'Server_Name_Here\BladeLogicRSCD' ; The u_UPN string is : 'BladeLogicRSCD@Server_Name_Here'

      04/20/16 12:31:12.633 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): RSCD_WinUser:logonPassword - user name is 'BladeLogicRSCD'

      04/20/16 12:31:12.637 DEBUG    rscd -  Server_Name_Here 2144 SYSTEM (Not_available): (Not_available): RSCD_WinUser:logonPassword - domain name is 'Server_Name_Here'

      04/20/16 12:31:12.648 DEBUG    rscd -  AppServer_IP_Here 2144 BladeLogicRSCD@Server_Name_Here->LocalAdmin_Name_Here@Server_Name_Here:PrivilegeMapped (Role_Name_Here:User_Name_Here): agentinfo: ***** New connection *****

        • 1. Re: Encryption Configuration Error
          Jim Campbell

          Also disabling FIPS on the agent ( renaming openssl.cnf ) did not help.  If there is anything else that has to be done other than renaming the file on the target I may not be disabling it correctly.

          • 2. Re: Encryption Configuration Error
            Bill Robinson

            so it's after this bit:

            04/20/16 12:31:12.648 DEBUGrscd -  AppServer_IP_Here 2144 BladeLogicRSCD@Server_Name_Here->LocalAdmin_Name_Here@Server_Name_Here:PrivilegeMapped (Role_Name_Here:User_Name_Here): agentinfo: ***** New connection *****

             

            that you get the error in the gui w/ the verify ?  is there anything after the last line ?

            • 3. Re: Encryption Configuration Error
              Jim Campbell

              That was the log from an agentinfo.  This is what I get when I try a verify in the GUI ( which generates the 'Encryption Configuration Error' message ( and note that i have re-enabled FIPS as disabling it did not help ) :

               

              04/22/16 11:48:25.765 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): FIPS already enabled

              04/22/16 11:48:25.773 DEBUG    rscd -  AppServer_IP_Here 7704 SYSTEM (Not_available): (Not_available): Enabling keepalive on the connection

              04/22/16 11:48:25.777 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): Before first LookupAccountName in initFromUsernameDomain in RSCD_WinUser.cpp.  The domain string is : 'Server_Name_Here' ; The username string is : 'LocalAdmin_Here'

              04/22/16 11:48:25.785 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): In refreshNames() in RSCD_WinUser.cpp.  The u_NTDomainUsername string is : 'Server_Name_Here\LocalAdmin_Here' ; The u_UPN string is : 'LocalAdmin_Here@Server_Name_Here'

              04/22/16 11:48:25.791 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): Before first LookupAccountName in initFromUsernameDomain in RSCD_WinUser.cpp.  The domain string is : 'Server_Name_Here' ; The username string is : 'BladeLogicRSCD'

              04/22/16 11:48:25.799 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): In refreshNames() in RSCD_WinUser.cpp.  The u_NTDomainUsername string is : 'Server_Name_Here\BladeLogicRSCD' ; The u_UPN string is : 'BladeLogicRSCD@Server_Name_Here'

              04/22/16 11:48:25.806 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): Before first LookupAccountName in initFromUsernameDomain in RSCD_WinUser.cpp.  The domain string is : 'Server_Name_Here' ; The username string is : 'BladeLogicRSCD'

              04/22/16 11:48:25.814 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): In refreshNames() in RSCD_WinUser.cpp.  The u_NTDomainUsername string is : 'Server_Name_Here\BladeLogicRSCD' ; The u_UPN string is : 'BladeLogicRSCD@Server_Name_Here'

              04/22/16 11:48:25.823 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): RSCD_WinUser:logonPassword - user name is 'BladeLogicRSCD'

              04/22/16 11:48:25.827 DEBUG    rscd -  Server_Name_Here 7704 SYSTEM (Not_available): (Not_available): RSCD_WinUser:logonPassword - domain name is 'Server_Name_Here'

              04/22/16 11:48:25.837 DEBUG    rscd -  AppServer_IP_Here 7704 BladeLogicRSCD@Server_Name_Here->LocalAdmin_Here@Server_Name_Here:PrivilegeMapped (Role_Name_Here:User_Name_Here): CM: ***** New connection *****

               

              Nothing follows this until the next Housekeeping message.

              • 4. Re: Encryption Configuration Error
                Ankit Gupta

                Hi Jim,

                 

                for Windows target please try below steps.

                 

                Check at C:\Windows\temp and look for files starting with "bl_" .

                Remove them or move them all out of there and re-try.

                • 5. Re: Encryption Configuration Error
                  Jim Campbell

                  Just tried looking at this again - there are no files with bl_ in c:\windows\temp.

                   

                  Any other ideas?

                  • 6. Re: Encryption Configuration Error
                    Ankit Gupta

                    looks like something is wrong with role by which you are performing the task.

                    Are the targets is question is domain controllers?

                    Check for users, users.local, export and also check with the role is mapped to admin group on those targets.

                     

                    Regards

                    Ankit Gupta

                    • 7. Re: Encryption Configuration Error
                      Jim Campbell

                      As far as I can tell this ended up being a time issue.  A firewall was blocking NTP traffic and once this was resolved the Blade agent connection started working.