Hi,
This morning I tried to perform the regular, bi-monthly patching cycle on one of my UTM HA cluster. The existing version is 9.503-4. The up2date process started but the popup window showing the progress was blank, so I checked the up2date logs and found this:
2017:11:27-07:09:49 crkutm-2 audld[11639]: Could not connect to Server us1.utmu2d.sophos.com (status=500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:10:05 crkutm-2 audld[11639]: Could not connect to Server us2.utmu2d.sophos.com (status=500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:10:21 crkutm-2 audld[11639]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:10:36 crkutm-2 audld[11639]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:10:57 crkutm-2 audld[11639]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:11:18 crkutm-2 audld[11639]: Could not connect to Authentication Server us2.utmu2d.sophos.com (code=500 500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:11:39 crkutm-2 audld[11639]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:11:59 crkutm-2 audld[11639]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 SSL negotiation failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure).
2017:11:27-07:11:59 crkutm-2 audld[11639]: >========================================================================= 2017:11:27-07:11:59 crkutm-2 audld[11639]: All 4 Authentication Servers failed
I checked the result of wget into the authentication server from the UTM console:
Seems to have an issue with the certificate.
The HA log say it don't even send the data to the server:
2017:11:27-07:32:13 crkutm-1 ha_proxy[15074]: Connect (file descriptor 6): node2 [198.19.250.2]
2017:11:27-07:32:13 crkutm-1 ha_proxy[15074]: Request (file descriptor 6): CONNECT eu1.utmu2d.sophos.com:443 HTTP/1.0
2017:11:27-07:32:13 crkutm-1 ha_proxy[15074]: No proxy for eu1.utmu2d.sophos.com
2017:11:27-07:32:13 crkutm-1 ha_proxy[15074]: Established connection to host "eu1.utmu2d.sophos.com" using file descriptor 7.
2017:11:27-07:32:13 crkutm-1 ha_proxy[15074]: Not sending client headers to remote machine
2017:11:27-07:32:13 crkutm-1 ha_proxy[15074]: Closed connection between local client (fd:6) and remote client (fd:7)
2017:11:27-07:32:13 crkutm-1 ha_proxy[13978]: Connect (file descriptor 6): node2 [198.19.250.2]
2017:11:27-07:32:13 crkutm-1 ha_proxy[13978]: Request (file descriptor 6): CONNECT eu1.utmu2d.sophos.com:443 HTTP/1.0
2017:11:27-07:32:13 crkutm-1 ha_proxy[13978]: No proxy for eu1.utmu2d.sophos.com
2017:11:27-07:32:13 crkutm-1 ha_proxy[13978]: Established connection to host "eu1.utmu2d.sophos.com" using file descriptor 7.
2017:11:27-07:32:13 crkutm-1 ha_proxy[13978]: Not sending client headers to remote machine
Now the HA in half-mode with an Active and an Up2Date nodes.
Based on the other threads the recommended steps are breaking the HA "cluster" and rebuild the nodes. Which is unacceptable in the production environment.
Any other ideas how to fix this and in the other hand what cause the issue?
This thread was automatically locked due to age.
