02-14-2011 05:47 AM
Hello,
I was following the below article while setting up a cluster containing two c360 appliances and ran into a issue at the final steps.
I created the cluster just fine and added the first box to the main group. Then proceeded to run prepjoin to add the second machine
to the cluster via CCS and ran into an authentication failed error when trying to join the second box to the cluster.
Once I am shown the public key after specifying an IP of a clustered machine and the CCS port number (2222), I then am hit with authentication
failed.
Anyone have an idea? I have double checked host names, IP addresses, connectivity between the two, CCS enabled on both appliances by telneting to 2222...
Thanks.
Chris
02-14-2011 02:10 PM
Hi Chris,
I think your connectivity is probably ok if your able to resolve the host and telnet on port 2222 to each appliance. It sounds as if there may be an issue with the hostkey. You may want to first verify the keys by going to logconfig > hostkeyconfig > fingerprint. Check and make sure the key your being presented with matches the one listed on the remote appliance.
In the following section step 2 is critical and you will typically see a failure like you described if this gets mixed up some how. ( I have done it a few times myself :-) )
02-15-2011 05:03 AM
Chris,
Sorry, I forgot to mention that I did the prepjoin steps on an already clustered member, then verified the key and then joined the new appliance to the cluster. The rsa-dss keys did in fact match up just fine. Maybe a call to support is needed.
Thanks,
Chris
02-15-2011 05:18 PM
Hi Chris,
Your right it may be a bit easier to diagnose this with an engineer especially with tools like webex at our disposal. Sounds like its probably something simple but like they say a picture is worth a thousand words. Feel free to contact us here at support we will be more than happy to help with this issue and any other questions you may have.
Christopher C Smith
CSE
Cisco IronPort Customer Support
02-16-2011 05:23 AM
Turns out that I did not commit my changes on the appliance that I ran prepjoin on that was already a cluster member. I'm assuming that this resulted in
the cluster not knowing about the new appliance joining.
I would also like to note the actual steps.
run prepjoin on cluster member.
add new member info
after messaged stating host added, hit enter twice to ensure you are back at <
Thanks again to Martin at support.
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide