Cluster peering fails on clusters with customized cipher suites in ONTAP 9.6 and later
Applies to
- ONTAP 9.6 and later
- For ONTAP 9.5RC1 through 9.5P2 (inclusive) go here
- Cipher
- Cluster peering
Issue
- Attempts to create a cluster peer fail with the below error message.
Error: command failed: Using peer-address XX.XXX.XX.X: An introductory RPC to the peer address "XX.XX.XX.XX" failed to connect: RPC: Remote system error
[from mgwd on node "XXXXXXXXX" (VSID: -1) to xcintro at XX.XX.XX.XX]. Verify that the peer address is correct and try again.
- These errors may also appear for an existing cluster peer relationship after an upgrade to one of the releases mentioned in the "Applies to" section of this KB.
- MGWD log messages located in /etc/log/mlog/mgwd.log report error messages about missing Pre-Shared Key (PSK) cipher suites.
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: ERR: mgwdmain: set_xc_dsmdb_rpc_services: called
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: NOTICE: RpcConnectionCache: SetUpSslOps: Set up SSL ops.
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: ERR: RpcConnectionCache: getXcContext: Could not find any PSK cipher suites (0).
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: ERR: RpcConnectionCache: SetUpTlsConnections: Could not get a client SSL context.
InterclusterBrokenConnectionAlert
in health monitoringcluster peer show
the Availability of the Remote Cluster asUnavailable
cluster peer health show
is empty
::> cluster peer health show
This table is currently empty
- No response on Port 11104