oVirt 4.4.3 - some hosts in unassigned state - Get Host Capabilities failed: PKIX path building failed
Hi all We have an (old) installation with two DC in two different locations. Hosts where hosted engine is running are regularly reported UP (DC 1) Host into the other DC (connected by WAN lines) are reported as Unassigned (DC 2) Connection between DC is working. In events we can find lot of errors like: VDSM itmilu0xx-mng.example.com command Get Host Capabilities failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target We are NOT using a thirdy party SSL certificate. In engine.log these are recurring errors: 2021-11-16 10:28:49,370+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2021-11-16 10:28:49,372+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-100) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Thanks in advance for any suggestion Roberto Nunin
Il giorno mar 16 nov 2021 alle ore 11:34 Roberto Nunin <robnunin@gmail.com> ha scritto:
Hi all
We have an (old) installation with two DC in two different locations.
Hosts where hosted engine is running are regularly reported UP (DC 1) Host into the other DC (connected by WAN lines) are reported as Unassigned (DC 2)
Connection between DC is working.
In events we can find lot of errors like:
VDSM itmilu0xx-mng.example.com command Get Host Capabilities failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We are NOT using a thirdy party SSL certificate.
In engine.log these are recurring errors:
2021-11-16 10:28:49,370+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2021-11-16 10:28:49,372+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-100) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Thanks in advance for any suggestion
Update on the case . It was solved. Between two DC an SSL inspection was activated, creating problems in communication between manager and HOSTS and VDSMD. Solution was to stop the SSL inspection. Further analysis will be done to permit again the inspection, due to security requirements. Thanks for reading, Roberto
participants (1)
-
Roberto Nunin