Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oliver_Marzok
Explorer

Access to Gaia Portal (WebUI) after R80.20 upgrade

Hello,


after upgrading the gateway cluster, consisting of two SG5400HPP, from R80.10 with Jumbo Hotfix Take 154 to R80.20 (with jumbo hotfix take 33) we couldn't reach the GAiA Portal (Admin WebGUI) anymore. We got a certificate error like before, because of a private certificate (from the ICA), but the certificate error now said that it's for a different system. Afterwards, we renewed the certificate by the ICA (gateway cluster object properties --> IPSec VPN) and even added additional informationen like other IPs an the DNS name, but this didn't solved the problem. We could only reach the GAiA Portal via the external IP, but because it's not facing towards the internal side, the standby member isn't reachable. The cluster members still weren't reachbable from the mgmt interface by the admin server (same network as mgmt interface --> mgmt network). Only access via SSH was possible.
We had to fallback via snapshot to R80.10 and afterwards the GAiA Portal was reachable immediately from the mgmt network again.

Are there any differences in the configuration (needed) in R80.20 comparing to R80.10 to solve this issue?

Best regards

0 Kudos
7 Replies
Jerry
Mentor
Mentor

tellpm process:httpd2
tellpm process:httpd2 t

works now?

Jerry
0 Kudos
Oliver_Marzok
Explorer

Hello Jerry,

yes, the processes were running. The portal was accessible from the external site like described.
It's seems there're differences in the configuration and dependencies of the certificate in R80.20.

0 Kudos
Jerry
Mentor
Mentor

httpd2 is equally the same on R80.20 afaik. guys, can you please confirm that?

when you set the WebUI what ports have you specified for it?

Jerry
0 Kudos
Oliver_Marzok
Explorer

The service is the same, yes.

We didn't changed the Port. It's still the default one 443, only added a path (.../admin).

On R80.10 it's working, and worked immediatly after the fallback to R80.10, but on R80.20 (even after certifcate renewal) it's not working.

0 Kudos
Jerry
Mentor
Mentor

ok.now I gotcha. change the port from 443 to 4434 and restart the daemon:

tellpm process:httpd2
tellpm process:httpd2 t

make sure that there are no more sockets on tcp/443 running on the same GW.

I had this before and by customizing port it has solved itself plus, bear in mind that tcp/443 is shared on GAIA and for WebUI should be rather NOT USED (my own experience sorry).

is the MAB running there too? if yes - you've got all the answers, if not - please change port to any custom one but 443 and restart httpd2. Cert is another story, easy to re-deploy Smiley Happy 

Jerry
Oliver_Marzok
Explorer

Thank you very much, Jerry. That's sounds realy good.

MAB isn't running, but I think that on R80.20 based on new features, there're more shared services with tcp/443. That would explain why on R80.10 everything is fine and on R80.20 we have issues.

I will first try this at other customers in a few weeks and come back to this one when R80.20 works fine on the others.

0 Kudos
Jerry
Mentor
Mentor

great stuff. let us know please.

best

J.

Jerry
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events