Skip to main content
NetApp Knowledge Base

Cluster peering fails on clusters with customized cipher suites in ONTAP 9.6 and later

  1. Last updated
  2. Save as PDF
Views:
7,512
Visibility:
Public
Votes:
2
Category:
snapmirror
Specialty:
dp
Last Updated:

Applies to

  • ONTAP 9.6 and later
  • For ONTAP 9.5RC1 through 9.5P2 (inclusive) go here
  • Cluster peering
  • Cipher
  • MetroCluster configuration

Issue

  • Attempts to create a cluster peer fail with the below error message:

Error: command failed: Using peer-address XX.XXX.XX.X: An introductory RPC to the peer address "XX.XX.XX.XX" failed to connect: RPC: Remote system error [from mgwd on node "XXXXXXXXX" (VSID: -1) to xcintro at XX.XX.XX.XX].  Verify that the peer address is correct and try again.

  • These errors may also appear for an existing cluster peer relationship after an upgrade to one of the releases mentioned in the "Applies to" section of this KB.
  • In a two-node MetroCluster system, the switchback after ONTAP upgrade fails with the following error:

Cluster_A1::*> metrocluster switchback -simulate

Error: command failed: Failed to retrieve system image status information for all
nodes. Reason: Failed to contact peer cluster "Cluster_B1" at addresses:
10.XX.XX.3, 10.XX.XX.4. RPC: Remote system error [from mgwd on node
"Node_A1" (VSID: -1) to mgwd at 10.XX.XX.3, 10.XX.XX.4]. Verify that the
nodes are healthy using the "cluster show" command and that cluster peering
is available using the "cluster peer show" command, then retry the
operation.

  • MGWD log messages located in /etc/log/mlog/mgwd.log report error messages about missing Pre-Shared Key (PSK) cipher suites.

[kern_mgwd:info:1668] 0x81b004200: 0: ERR: mgwdmain: set_xc_dsmdb_rpc_services: called
[kern_mgwd:info:1668] 0x81b004200: 0: NOTICE: RpcConnectionCache: SetUpSslOps: Set up SSL ops.
[kern_mgwd:info:1668] 0x81b004200: 0: ERR: RpcConnectionCache: getXcContext: Could not find any PSK cipher suites (0).
[kern_mgwd:info:1668] 0x81b004200: 0: ERR: RpcConnectionCache: SetUpTlsConnections: Could not get a client SSL context.

  • InterclusterBrokenConnectionAlert may be reported in health monitoring.
  • cluster peer show  output reports the availability of the Remote Cluster as Unavailable.
  • cluster peer health show is empty:

::> cluster peer health show
This table is currently empty

  • No response on Port 11104:

::*> system node systemshell -node Node_A1 nc -zv 10.XX.XX.3 11104
nc: connect to 10.XX.XX.3 port 11104 (tcp) failed: Connection refused

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.