Re: 'Authentication Error' after configuring Cloni...

Alain_Ikula · ‎2018-05-24

Hello,

We have many clusters using ClusterXL and we'll like to use cloning groups to synchronize some features among cluster members. We have configured it using instructions from the Gaia R80.10 admin guide With exactly the same configuration, it works for some clusters but not for others. For those where it doesn't work, we have an 'Authentication Error' message (see enclosed). I've searched the support website but there's nothing pertinent there.

Do you guys have an idea of what could be the problem ?

Thanks in advance for your help.

Kind regards,

Alain

XBensemhoun · ‎2018-05-26

Hi, referring this admin guide; did you validate that communication through tcp/1129 are allowed on clusters for which you have this error? For such clusters, did you check status of ClusterXL?

Alain_Ikula · ‎2018-05-27

Hi Xavier,

Thanks a lot Xavier for your input. The cloning groups are configured for clusters members were ClusterXL is already activated and the status of all our clusters is OK. I can see in the logs that traffic on port TCP/1129 is correctly allowed between different clusters members. It's quite difficult to troubleshoot as we don't have specific logs related to cloning groups. Were can I look for further information regarding this 'Authentication Error' ?

Regards,

Alain

XBensemhoun · ‎2018-05-28

So, try How to debug cloning group issues

Waiting that, maybe try to delete the cloning group by removing all the members from it and re-create it (refer to sk109734 "Error writing to remote server: Could not write data to the socket " error from one member of a Clo...).

Alain_Ikula · ‎2018-05-29

Again, thank you for your support.

sk119496 will be needed when we open a TAC ticket. We'll do that after we finish the upgrade to R80.10.
sk109734 is for R77.30 and we're running R80.10. We tried it anyway but it didn't help.
In sk109734, we have a reference to sk105717 but I cannot access it because I my CCSE certificate is more than 2 years old (see below). Can you send me this sk as PDF ? My email address : alainikaz@hotmail.com.

Thanks !

Regards,

Alain

XBensemhoun · ‎2018-05-29

Done!

BTW, maybe executing sk119496 will already give you a clear idea of the reason?

Alain_Ikula · ‎2018-05-30

Thanks a lot Xavier for the PDF. Unfortunately, it's not relevant for us. I've tried sk119496 and in the files /var/log/cloningd.log and /var/log/messages, I see the error message "Unable to establish secure connection with x.x.x.x due to Password mismatch". I have this message even if I use very simple passwords on both members of the cluster. Any idea ?

Regards,

Alain

KennyManrique · ‎2018-08-30

One scenario where I had this issue was when "Host Access" was configured throuhg GAIA Portal and don't included the Sync interfaces on the list. Make sure you're not blocking the communication between the members because of this.

Regards.

Daniel_Taney · ‎2018-08-30

I don't know if this issue ever got resolved, but I just upgraded a cluster from R77.30 to R80.10 and starting having the same issue. I was seeing 'Authentication Error' logging repeatedly in SYSLOG. I tried to leaving the cloning group and re-joining to no avail. It seemed like the only solution I could come up with was to destroy the entire cloning group, create a new one, and re-join all the members.

I don't know if this is some kind of bug or not? But those steps seemed to resolve it for me.

R80 CCSA / CCSE

KennyManrique · ‎2018-08-30

It seems in case of upgrade from lower version, it breaks the Cloning Group and has to be recreated. Happened to me on every cluster I used Connectivity Upgrade. However, this is not listed as known limitation.

Regards.

jerryroy1 · ‎2019-05-10

what is default username for cloning group? cadmin or cgadmin?

'Authentication Error' after configuring Cloning groups