3 Replies Latest reply on Jul 19, 2019 2:23 PM by Bill Robinson

    Error in Initializing RBAC User and Role (SSO Proxy), errno = 1321 (Error in TLS protocol)

    Ricky Lourensius
      Share This:

      I'm getting the following error when launching network shelly putty or using NSH here custom command.

       

      Error in Initializing RBAC User and Role (SSO Proxy), errno = 1321 (Error in TLS protocol)

       

      I tried switching to different roles and computer and I still get the same error.

       

      I also tried running blcred cred -acquire and reconnecting TSAC.

       

      Tried changing environment from prod to test, and it works in test, but not in prod.

       

      Usually it gives me 2 roles to pick from, but now it's only giving me the error.

       

      Is there anything else I should try to solve this issue?

       

      Thank you for any help on this.

        • 1. Re: Error in Initializing RBAC User and Role (SSO Proxy), errno = 1321 (Error in TLS protocol)
          Bill Robinson

          in prod was this ever working ?

          is the nsh proxy running/configured on the prod appservers ?

          open a cmd window on your workstation.

            run 'blcred cred -list' make sure you have a valid credential

            show what's in the /C/Windows/rsc/secure file on your workstation

            start nsh from the cmd window, what do you see ?

            in the blcred output there should be one or more proxyserviceurls, make sure your workstation can connect to the fqdn/port listed in the url

          • 2. Re: Error in Initializing RBAC User and Role (SSO Proxy), errno = 1321 (Error in TLS protocol)
            Ricky Lourensius

            Hi Bill, thanks for your reply.

            It was working for me in prod and suddenly it is no longer working.

            It used to give me 2 roles to select when I launch NSH.

            I tried launching NSH from command prompt and getting the same error.

             

            default:port=4750:protocol=5:auth_profile=Prod:auth_profiles_file=/C/Program Files/BMC Software/BladeLogic/8.9/NSH/br/authenticationProfiles.xml:appserver_protocol=ssoproxy:tls_mode=encryption_only:encryption=tls

             

             

             

             

             

             

             

             

             

             

             

             

             

             

             

             

             

             

             

            I did run blcred cred -list and I have valid creds.

            What I noticed in test also, even after removing a couple roles from my account, it defaulted to the roles I deleted when I launched NSH in test.

             

            I also tried deleting my cached credentials.

             

            Is it safe to delete the bl_sessccfile from my roaming profile? I don't know if it has something to do with my authentication profile.

             

            Thanks again for any info.

            • 3. Re: Error in Initializing RBAC User and Role (SSO Proxy), errno = 1321 (Error in TLS protocol)
              Bill Robinson

              if you have 'auth_profile=Prod' then you are only going to be able to use nsh to connect to your prod nsh proxy unless you set the 'BL_AUTH_PROFILE_NAME' environment variable, and the 'nsh here' should override that w/ the env you are executing it from.

               

              so for Prod i would try running

              blcred cred -acquire -profile Prod -username <your user>

              blcred -list

              -> what does this show ?  do you see proxyservice urls in the credential:

              # blcred cred -list

              Username:         BLAdmin

              Authentication:   SRP

              Issuing Service:  service:authsvc.bladelogic:blauth://blapp894.example.com:9840

              [...]

              Destination URLs:

                  service:appsvc.bladelogic:blsess://blapp894.example.com:9841

                  service:appsvc.bladelogic:blsess://192.168.8.76:9841

                  service:proxysvc.bladelogic:blsess://blapp894.example.com:9842

                  service:proxysvc.bladelogic:blsess://192.168.8.76:9842

               

               

              What I noticed in test also, even after removing a couple roles from my account, it defaulted to the roles I deleted when I launched NSH in test.

               

              you mean you logged in as RBACAdmins in test and altered your user object ?  and did you then use blcred w/ a different profile (not 'Prod') ?

               

              is there anything in the appserver log for the proxy you are connecting to when you get the tls error on the client ?