I installed 2 instances of OSB 10.3 on two different hosts (both are administrative servers, one of them is a media server). One of the servers have had a client OSB installation, then I un-installed it (remove repository and the main directory), then installed again as administrative server. Now I want them to get acquainted. When I try to mkhost on one host to create an entry about the other one, there is an error: ob> mkhost -a ob -o -r admin,client oraserv2 Error: can't connect to OB host oraserv2 - failed to validate certificate
Watching the same time observiced.log on oraserv2 yields me two new lines: failure to negotiate SSL connection with component obtool on fd 8 - SSL fatal alert during negotation (FSP Oracle network security functions)
i.e. the servers do communicate, but without success. Symmetrically, the same problem occurs when I run mkhost command on oraserv2.
What could be wrong?
I learned by reading this forum that SSL certificate might become old (or invalid... ), and that creates such a problem. How can I reset the host certificate, if that is the problem? Actually, which one is invalid -- since there are two hosts and two certificates?
Edited by: user522816 on Jul 20, 2010 8:28 AM
A client can only belong to one admin server, so the admin server is its own client. So typically you would just have one admin host to control the whole domain and the other machines would be clients and/or clients and media servers.
Thanks a lot, it does explain my problem.
Following your suggestion, I reconfigured oraserv2 to be a client (via the full uninstall, taking options to remove both admin and OSB directory). Now an attempt to perform the same mkhost command from the admin server "oraserv" results in another malfunctioning:
On oraserv (the admin), obtool loops forever printing "+Info: waiting for host to update certification status...+"
On oraserv2 (the client), observiced.log each minute gets new message "+unexpected certification failure! - observiced not running (OB connection mgr)+". Of course, observiced is running (verified via "ps" and "/etc/init.d/observiced status") and is listening port 400 (verified using lsof -p <pid>)
.hostid file correctly lists both hosts: cat /usr/etc/ob/.hostid my host uuid: 7e9f8682-1348-102d-aa23-080020e69686 admin host uuid: 16d923f6-7611-102d-9d1a-18a90576fc94 admin host ip: oraserv cert key size: 1024 distinguished name: CN=7e9f8682-1348-102d-aa23-080020e69686,O=Oracle,C=US
Edited by: user522816 on Jul 20, 2010 2:49 PM
you're right, because you can use 'cat /usr/etc/ob/.hostid' command on the osbsrv2 machine
my host uuid: 74d2bf7e-cc56-102f-aa6b-005056b5692c
admin host uuid: 74d2bf7e-cc56-102f-aa6b-005056b5692c
admin host ip: yj_data
cert key size: 1024
distinguished name: CN=74d2bf7e-cc56-102f-aa6b-005056b5692c,O=Oracle,C=US
we can see the admin host ip is not real ip,so you must modify /etc/hosts on the osbsrv2 and add ip message
everything will be ok!