Reply
Accepted Solution

Grid problem - Not sync

asegrera
Techie
Posts: 1
5122     0

Hello,

 

My name is Alex and I've an Infoblox Grid built with 2 Infoblox 550-A (version 5.1r1-4-98146)

They're coneected to the LAN using the Lan interface and the HA interface in both of them.

I had a problem time ago but I didn't notice it since now. The HA interface of the pasive grid member was down.

I changed the switch port config and it is now up at L2 but the port doesn't work at L3 (I have not ping response from the HA interface).

I have another identic Infoblox 550-A configured in stand alone mode for a test that we did. I turned it on to do some tests with it but it don't works now. In the log appears this messages:

 

 

2016-05-03T12:57:15+02:00 daemon (none) openvpn-master[3190]: notice 10.10.0.2:1194 Re-using SSL/TLS context
2016-05-03T12:57:15+02:00 daemon (none) openvpn-master[3190]: err 10.10.0.2:1194 VERIFY ERROR: depth=1, error=certificate has expired: /C=US/ST=California/L=Sunnyvale/O=Infoblox__Inc/OU=Development/CN=VPN_CA/emailAddress=support@infoblox.com
2016-05-03T12:57:15+02:00 daemon (none) openvpn-master[3190]: err 10.10.0.2:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
2016-05-03T12:57:15+02:00 daemon (none) openvpn-master[3190]: err 10.10.0.2:1194 TLS Error: TLS object -> incoming plaintext read error
2016-05-03T12:57:15+02:00 daemon (none) openvpn-master[3190]: err 10.10.0.2:1194 TLS Error: TLS handshake failed

 

Can anyone help me to troubleshoot this problems?

 

Thanks,

 

Re: Grid problem - Not sync

[ Edited ]
Expert
Posts: 42
5123     0

 Hello Alex,

 

you are running a fairly old NIOS version (5.1r1..) which has an outdated VPN certificate.

 

see your line:

 

2016-05-03T12:57:15+02:00 daemon (none) openvpn-master[3190]: err 10.10.0.2:1194 VERIFY ERROR: depth=1, error=certificate has expired: /C=US/ST=California/L=Sunnyvale/O=Infoblox__Inc/OU=Development/CN=VPN_CA/emailAddress=support@infoblox.com

 

NIOS versions 5.1r2 and earlier contained a CA certificate that expires this month (April, 2014) which may cause grid members to drop off the grid and no longer be able to join back.

 

Please update to the latest supported NIOS Version like 6.12.17 for this appliance generation.

 

Also note that -A Appliances like Infoblox 550-A are end of life since the end of last year.

 

I hope I could help you.

Showing results for 
Search instead for 
Do you mean 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin