Cluster peering failing with cpeer.psk.cluster.revoked:error

Last updated

Apr 28, 2025
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 79

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: dp

Last Updated:: 4/28/2025, 1:37:16 PM

Applies to

ONTAP 9.x
Cluster Peering
Cipher Suites

Issue

New created cluster peer is in unavailable state.

source::> cluster peer show

Peer Cluster Name Cluster Serial Number Availability Authentication

------------------------- --------------------- -------------- --------------

destination 1-80-xxxxxx Unavailable ok

destination::> cluster peer show

Peer Cluster Name Cluster Serial Number Availability Authentication

------------------------- --------------------- -------------- --------------

source 1-80-xxxxxx Unavailable ok

cluster peer ping is reachable to each other from all the nodes of the both cluster.

source::*> cluster peer ping -destination-cluster destination

Node: source_node1 Destination Cluster: destination

Destination Node IP Address Count TTL RTT(ms) Status

---------------- ---------------- ----- ---- ------- -------------------------

destination_node1 10.xx.xx.xx 1 64 0.28 interface_reachable

destination_node2 10.xx.xx.xx 1 64 0.157 interface_reachable

Node: source_node2 Destination Cluster: destination

Destination Node IP Address Count TTL RTT(ms) Status

---------------- ---------------- ----- ---- ------- -------------------------

destination_node1 10.xx.xx.xx 1 64 0.137 interface_reachable

destination_node2 10.xx.xx.xx 1 64 0.189 interface_reachable

4 entries were displayed.

Port 11104 and 11105 are also reachable from both source and destination clusters, no network or any other connectivity issue found.
Below alerts is seen on ems logs:

Thu Apr 24 17:00:04 +0000 [source: cpeer.psk.cluster.revoked:error]: ONTAP received a TLS request to authenticate with the pre-shared key of remote cluster destination, but the relationship with the remote cluster has been revoked by the administrator of this cluster. The request was sent from address 10.xx.xx.xx in IPspace Default.

Thu Apr 24 17:00:06 +0000 [source: cpeer.psk.unknown.cluster:error]: ONTAP received a TLS request to authenticate with a remote cluster's pre-shared key, but the remote cluster UUID (36beed9a-6c84-11ec-868b-xxxxxxxxx) is unrecognized. The probe arrived from address 10.xx.xx.xx in IPspace Default.

Thu Apr 24 17:00:09 +0000 [source: cpeer.unavailable:alert]: Peer cluster destination is no longer available.

Ktls handshake failing alerts are also seen in ems

Thu Apr 24 17:00:33 +0000 [source: ktls_handshakes: csm.connectionFailed:debug]: CSM failed to create a connection: localBladeUUID = source:dblade, remoteBladeUUID = 690257a8-xxx, uniquifier = 0e063389xxxxx, transportType = UNASSIGNED, sessionTag = CPEER, localVifId = 1028, remoteVifIP = 10.xx.xx.xx, CsmError = CSM_CONNABORTED, ctLoError = CTLO_ERR_UNKNOWN, socketError = 5, and TLSerror = 167772345.

Thu Apr 24 17:00:33 +0000 [stnpa3-02-st103: ktls_handshakes: csm.createSessionFailed:debug]: Cluster Session Manager (CSM) failed to create session (req=source:dblade, rsp=690257a8-ad3a-11eb-ad83-xxxxxxx, uniquifier=0e0633892xxxxxx) with transport type UNASSIGNED, session tag CPEER, record state STARTING, CSM error CSM_CONNABORTED, low-level error CTLO_ERR_OK, socket error 5, and TLS error 167772345.