Re: Expressway Cluter failure

jonathan.salter · ‎11-06-2018

Trying to set up a cluster (8.11.2) and I am getting this error when I try setting up the primary.

Certificate: Invalid (No Subject Alternate Names matched)

FQDN- plxpressc01.cscinfo.com

Here is the info from the cert:

X509v3 Subject Alternative Name: 
                DNS:plxpressc01.cscinfo.com, DNS:amrs-xpressc-cluster.cscinfo.com, DNS:plxpressc02.cscinfo.com

Any ideas?

Please remember to rate useful posts, click on the stars below.

dana.tong · ‎11-06-2018

Do you have valid certificates installed? both CA and server certificate?

Does it work when you set TLS Verification Mode to Permissive?

Is that output from the certificate? or from the Expressway Core?

jonathan.salter · ‎11-07-2018

Yes valid cert. Server and Trust are uploaded.

That is the information in the Certificate

Please remember to rate useful posts, click on the stars below.

Gregory Brunn · ‎11-07-2018

Jon,

So does it work when your are not enforcing TLS on the clustering?

It just fails when you are trying to enforce correct?

jonathan.salter · ‎11-07-2018

So once I saw the cert error I stopped, I am going to push forward today to see if I can get the cluster up .

Please remember to rate useful posts, click on the stars below.

Gregory Brunn · ‎11-07-2018

I am in the middle of a clustering issue my self. My 2cents get the cluster working without the certs first then come back to the cert issue.

Gregory Brunn · ‎11-07-2018

How did you make out today on your cluster. No mater what I do I can't shake that error I am having. Co worker running 8.11.3 got same error on expressway-c

Gregory Brunn · ‎11-08-2018

https://tools.cisco.com/security/centehttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsdr/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd

Just a heads up they pulled the software images... Probably going to let this be for a little until they fix the images.

jonathan.salter · ‎11-19-2018

Hey sorry I am so late updating.....

Problem was a routing issue, I am using dual interfaces and the cluster communication was going out the external interface not the one towards the Core.

I put static routes in to send the traffic out the correct Lan and cluster came right up.

Please remember to rate useful posts, click on the stars below.

Gregory Brunn · ‎11-19-2018

Yeah read that in the guide for Expressway E for public IPs.
Still having my replication issue on the Expressway -C

jonathan.salter · ‎11-19-2018

@Gregory Brunn wrote:
Yeah read that in the guide for Expressway E for public IPs.
Still having my replication issue on the Expressway -C

What error are you receiving?

Please remember to rate useful posts, click on the stars below.

Gregory Brunn · ‎11-19-2018

It is in tacs hands now. Basically replication failure.
First one was the cosmetic bug (they thought) but now replication is failing.