<div dir="ltr">Further to the logs sent, on the nodes I&#39;m also seeing the following error under /var/log/messages...<div><br></div><div><div>Sep 20 03:43:12 node01 vdsm root ERROR invalid client certificate with subject &quot;/C=US/O=UKDM/CN=<a href="http://engine01.mydomain.za">engine01.mydomain.za</a>&quot;^C</div><div>Sep 20 03:43:12 node01 vdsm vds ERROR xml-rpc handler exception#012Traceback (most recent call last):#012  File &quot;/usr/share/vdsm/BindingXMLRPC.py&quot;, line 80, in threaded_start#012    self.server.handle_request()#012  File &quot;/usr/lib64/python2.6/SocketServer.py&quot;, line 278, in handle_request#012    self._handle_request_noblock()#012  File &quot;/usr/lib64/python2.6/SocketServer.py&quot;, line 288, in _handle_request_noblock#012    request, client_address = self.get_request()#012  File &quot;/usr/lib64/python2.6/SocketServer.py&quot;, line 456, in get_request#012    return self.socket.accept()#012  File &quot;/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py&quot;, line 136, in accept#012    raise SSL.SSLError(&quot;%s, client %s&quot; % (e, address[0]))#012SSLError: no certificate returned, client 10.251.193.5</div></div><div><br></div><div>Not sure if this is any further help in diagnosing the issue?</div><div><br></div><div>Thanks, any assistance is appreciated.</div><div><br></div><div>Regards.</div><div><br></div><div>Neil Wilson.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 21, 2017 at 4:31 PM, Neil <span dir="ltr">&lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Piotr,<div><br></div><div>Thank you for the reply. After sending the email I did go and check the engine one too....</div><div><br></div><div><div>[root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/ca.pem -enddate -noout</div><div>notAfter=Oct 13 16:26:46 2022 GMT</div><div><br></div><div>I&#39;m not sure if this one below is meant to verify or if this output is expected?</div><div><br></div><div><div>[root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/private/<wbr>ca.pem -enddate -noout</div><div>unable to load certificate</div><div>140642165552968:error:<wbr>0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE</div></div><div><br></div><div>My date is correct too Thu Sep 21 16:30:15 SAST 2017</div></div><div><br></div><div>Any ideas?</div><div><br></div><div>Googling surprisingly doesn&#39;t come up with much.</div><div><br></div><div>Thank you.</div><div><br></div><div>Regards.</div><div><br></div><div>Neil Wilson.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 21, 2017 at 4:16 PM, Piotr Kliczewski <span dir="ltr">&lt;<a href="mailto:piotr.kliczewski@gmail.com" target="_blank">piotr.kliczewski@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Neil,<br>
<br>
You checked both nodes what about the engine? Can you check engine certs?<br>
You can find more info where they are located here [1].<br>
<br>
Thanks,<br>
Piotr<br>
<br>
[1] <a href="https://www.ovirt.org/develop/release-management/features/infra/pki/#ovirt-engine" rel="noreferrer" target="_blank">https://www.ovirt.org/develop/<wbr>release-management/features/in<wbr>fra/pki/#ovirt-engine</a><br>
<div><div class="m_-3567740440710242170h5"><br>
On Thu, Sep 21, 2017 at 3:26 PM, Neil &lt;<a href="mailto:nwilson123@gmail.com" target="_blank">nwilson123@gmail.com</a>&gt; wrote:<br>
&gt; Hi guys,<br>
&gt;<br>
&gt; Please could someone assist, my cluster is down and I can&#39;t access my vm&#39;s<br>
&gt; to switch some of them back on.<br>
&gt;<br>
&gt; I&#39;m seeing the following error in the engine.log however I&#39;ve checked my<br>
&gt; certs on my hosts (as some of the goolge results said to check), but the<br>
&gt; certs haven&#39;t expired...<br>
&gt;<br>
&gt;<br>
&gt; 2017-09-21 15:09:45,077 ERROR<br>
&gt; [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand]<br>
&gt; (DefaultQuartzScheduler_Worker<wbr>-4) Command GetCapabilitiesVDSCommand(Host<wbr>Name<br>
&gt; = <a href="http://node02.mydomain.za" rel="noreferrer" target="_blank">node02.mydomain.za</a>, HostId = d2debdfe-76e7-40cf-a7fd-78a0f5<wbr>0f14d4,<br>
&gt; vds=Host[<a href="http://node02.mydomain.za" rel="noreferrer" target="_blank">node02.mydomain.za</a>]) execution failed. Exception:<br>
&gt; VDSNetworkException: javax.net.ssl.SSLHandshakeExce<wbr>ption: Received fatal<br>
&gt; alert: certificate_expired<br>
&gt; 2017-09-21 15:09:45,086 ERROR<br>
&gt; [org.ovirt.engine.core.vdsbrok<wbr>er.vdsbroker.GetCapabilitiesVD<wbr>SCommand]<br>
&gt; (DefaultQuartzScheduler_Worker<wbr>-10) Command<br>
&gt; GetCapabilitiesVDSCommand(Host<wbr>Name = <a href="http://node01.mydomain.za" rel="noreferrer" target="_blank">node01.mydomain.za</a>, HostId =<br>
&gt; b108549c-1700-11e2-b936-9f5243<wbr>b8ce13, vds=Host[<a href="http://node01.mydomain.za" rel="noreferrer" target="_blank">node01.mydomain.za</a>])<br>
&gt; execution failed. Exception: VDSNetworkException:<br>
&gt; javax.net.ssl.SSLHandshakeExce<wbr>ption: Received fatal alert:<br>
&gt; certificate_expired<br>
&gt; 2017-09-21 15:09:48,173 ERROR<br>
&gt;<br>
&gt; My engine and host info is below...<br>
&gt;<br>
&gt; [root@engine01 ovirt-engine]# rpm -qa | grep -i ovirt<br>
&gt; ovirt-engine-lib-3.4.0-1.el6.n<wbr>oarch<br>
&gt; ovirt-engine-restapi-3.4.0-1.e<wbr>l6.noarch<br>
&gt; ovirt-engine-setup-plugin-ovir<wbr>t-engine-3.4.0-1.el6.noarch<br>
&gt; ovirt-engine-3.4.0-1.el6.noarc<wbr>h<br>
&gt; ovirt-engine-setup-plugin-webs<wbr>ocket-proxy-3.4.0-1.el6.noarch<br>
&gt; ovirt-host-deploy-java-1.2.0-1<wbr>.el6.noarch<br>
&gt; ovirt-engine-setup-3.4.0-1.el6<wbr>.noarch<br>
&gt; ovirt-host-deploy-1.2.0-1.el6.<wbr>noarch<br>
&gt; ovirt-engine-backend-3.4.0-1.e<wbr>l6.noarch<br>
&gt; ovirt-image-uploader-3.4.0-1.e<wbr>l6.noarch<br>
&gt; ovirt-engine-tools-3.4.0-1.el6<wbr>.noarch<br>
&gt; ovirt-engine-sdk-python-3.4.0.<wbr>7-1.el6.noarch<br>
&gt; ovirt-engine-webadmin-portal-3<wbr>.4.0-1.el6.noarch<br>
&gt; ovirt-engine-cli-3.4.0.5-1.el6<wbr>.noarch<br>
&gt; ovirt-engine-setup-base-3.4.0-<wbr>1.el6.noarch<br>
&gt; ovirt-iso-uploader-3.4.0-1.el6<wbr>.noarch<br>
&gt; ovirt-engine-userportal-3.4.0-<wbr>1.el6.noarch<br>
&gt; ovirt-log-collector-3.4.1-1.el<wbr>6.noarch<br>
&gt; ovirt-engine-websocket-proxy-3<wbr>.4.0-1.el6.noarch<br>
&gt; ovirt-engine-setup-plugin-ovir<wbr>t-engine-common-3.4.0-1.el6.<wbr>noarch<br>
&gt; ovirt-engine-dbscripts-3.4.0-1<wbr>.el6.noarch<br>
&gt; [root@engine01 ovirt-engine]# cat /etc/redhat-release<br>
&gt; CentOS release 6.5 (Final)<br>
&gt;<br>
&gt;<br>
&gt; [root@node02 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.p<wbr>em -enddate<br>
&gt; -noout ; date<br>
&gt; notAfter=May 27 08:36:17 2019 GMT<br>
&gt; Thu Sep 21 15:18:22 SAST 2017<br>
&gt; CentOS release 6.5 (Final)<br>
&gt; [root@node02 ~]# rpm -qa | grep vdsm<br>
&gt; vdsm-4.14.6-0.el6.x86_64<br>
&gt; vdsm-python-4.14.6-0.el6.x86_6<wbr>4<br>
&gt; vdsm-cli-4.14.6-0.el6.noarch<br>
&gt; vdsm-xmlrpc-4.14.6-0.el6.noarc<wbr>h<br>
&gt; vdsm-python-zombiereaper-4.14.<wbr>6-0.el6.noarch<br>
&gt;<br>
&gt;<br>
&gt; [root@node01 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.p<wbr>em -enddate<br>
&gt; -noout ; date<br>
&gt; notAfter=Jun 13 16:09:41 2018 GMT<br>
&gt; Thu Sep 21 15:18:52 SAST 2017<br>
&gt; CentOS release 6.5 (Final)<br>
&gt; [root@node01 ~]# rpm -qa | grep -i vdsm<br>
&gt; vdsm-4.14.6-0.el6.x86_64<br>
&gt; vdsm-xmlrpc-4.14.6-0.el6.noarc<wbr>h<br>
&gt; vdsm-cli-4.14.6-0.el6.noarch<br>
&gt; vdsm-python-zombiereaper-4.14.<wbr>6-0.el6.noarch<br>
&gt; vdsm-python-4.14.6-0.el6.x86_6<wbr>4<br>
&gt;<br>
&gt; Please could I have some assistance, I&#39;m rater desperate.<br>
&gt;<br>
&gt; Thank you.<br>
&gt;<br>
&gt; Regards.<br>
&gt;<br>
&gt; Neil Wilson<br>
&gt;<br>
&gt;<br>
&gt;<br>
</div></div>&gt; ______________________________<wbr>_________________<br>
&gt; Users mailing list<br>
&gt; <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
&gt; <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
&gt;<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>