PureConnect

 View Only
Discussion Thread View
  • 1.  New Switch Pair and ServerGroup certificates issue impacting Switchover

    Posted 01-11-2022 11:50
    All,

    Again reaching out to our resident experts on a new issue that we're currently working through.

    We are standing up a new 2021 R4 switch pair and we ran into issues after running setup assistant. We learned that all the ports between both IC servers were not opened during our install. Long story short the switch pair is up and both servers do see each other, however the ServerGroup certificates aren't correct.

    Our current and functional switch pair shows SwitchoverA cert in the ServerGroup folder of the backup server (or SwitchoverB).

    This new and not working properly switch pair shows it's own SwitchoverB cert in this folder.

    We've attempted to run Setup Assistant >> Switchover on SwitchoverB and import the SwitchoverA cert + SwitchoverA Private key which does work however once we reboot the server IC never starts, it remains in a "Starting" status.

    Question is, has anyone encountered a similar issue? If so any suggestions on what to try?

    We may try reinstall Switchover again on SwitchoverA first then SwitchoverB second, to see if this resolves.

    Thanks all,
    #Implementation
    #PlatformAdministration
    #Security
    #SystemAdministration

    ------------------------------
    Shane
    ------------------------------


  • 2.  RE: New Switch Pair and ServerGroup certificates issue impacting Switchover

    Posted 01-11-2022 11:53
    What does the event viewer tell you is happening when the Interaction Center service is hung at starting on the backup IC server?





  • 3.  RE: New Switch Pair and ServerGroup certificates issue impacting Switchover

    Posted 01-11-2022 12:54
    The last event for IC on the backup server shows Switchover Service Event ID 11525 and says "Application Main: Switchover Event Error mode: Action service exiting'

    We see several errors saying 'Notifier refused connection request from server xx.xx.xxx.xx because SSL negotiations failed'
    Some of the above errors include the IP address of the primary or SwitchoverA server.

    Looking at Switchover log file, it shows several errors including 'Authentication Failed against the primary or SwitchoverA server name "Switchover service" Make sure the subsystem is authorized on the IC server.

    Not sure how much help the above is.

    Prior to the above, we just ran through Setup Assistant again on the backup and chose Switchover. >> SwitchoverB server, listed the proper SwitchoverA server. I then imported the ServerGroup .cer and PrivateKey again from SwitchoverA server. Then upon reboot, we're stuck at IC starting.

    ------------------------------
    Shane
    ------------------------------



  • 4.  RE: New Switch Pair and ServerGroup certificates issue impacting Switchover

    Posted 01-11-2022 13:35

    Since you've copied the servergroupcertificate.cer and privatekey.bin from your functional primary and then added the cert via setup assistant to your switchover B, have you checked the certificate directory on your switchover B server to ensure that it does have the correct certificate in the servergroup directory?

    If that is correct, then your next step could be have wireshark running during Interaction Center startup on your backup server to try to look at the SSL handshake and confirm what certificates are being presented.   This would give you a better indication as to why the negotiation is failing.



    ------------------------------
    Aaron Lael
    State of Utah - comments on this forum reflect my own personal opinions\observations and are separate from any entity I am otherwise involved in.
    ------------------------------