Cluster peering fails on clusters with customized cipher suites in ONTAP 9.6 and later

Applies to

• ONTAP 9.6 and later
• For ONTAP 9.5RC1 through 9.5P2 (inclusive) go here
• Cipher
• Cluster peering

Issue

• Attempts to create a cluster peer fail with the below error message.

Error: command failed: Using peer-address XX.XXX.XX.X: An introductory RPC to the peer address "XX.XX.XX.XX" failed to connect: RPC: Remote system error
       [from mgwd on node "XXXXXXXXX" (VSID: -1) to xcintro at XX.XX.XX.XX].  Verify that the peer address is correct and try again.

• These errors may also appear for an existing cluster peer relationship after an upgrade to one of the releases mentioned in the "Applies to" section of this KB.
• MGWD log messages located in /etc/log/mlog/mgwd.log report error messages about missing Pre-Shared Key (PSK) cipher suites.

Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: ERR: mgwdmain: set_xc_dsmdb_rpc_services: called
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: NOTICE: RpcConnectionCache: SetUpSslOps: Set up SSL ops.
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: ERR: RpcConnectionCache: getXcContext: Could not find any PSK cipher suites (0).
Mon Jul 13 2020 12:58:30 +05:30 [kern_mgwd:info:1668] 0x81b004200: 0: ERR: RpcConnectionCache: SetUpTlsConnections: Could not get a client SSL context.

• InterclusterBrokenConnectionAlert in health monitoring
• cluster peer show the Availability of the Remote Cluster as Unavailable
• cluster peer health show is empty

::> cluster peer health show
This table is currently empty

• No response on Port 11104