Il giorno mar 16 nov 2021 alle ore 11:34 Roberto Nunin <robnunin@gmail.com> ha scritto:

Hi all

We have an (old) installation with two DC in two different locations.

Hosts where hosted engine is running are regularly reported UP (DC 1)
Host into the other DC (connected by WAN lines) are reported as Unassigned (DC 2)

Connection between DC is working.

In events we can find lot of errors like:

VDSM itmilu0xx-mng.example.com command Get Host Capabilities failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

We are NOT using a thirdy party SSL certificate.

In engine.log these are recurring errors:

2021-11-16 10:28:49,370+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2021-11-16 10:28:49,372+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-100) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks in advance for any suggestion

Update on the case .

It was solved. Between two DC an SSL inspection was activated, creating problems in communication between manager and HOSTS and VDSMD.

Solution was to stop the SSL inspection.

Further analysis will be done to permit again the inspection, due to security requirements.

Thanks for reading,

Roberto