Forum Discussion
NimbostratusCannot Establish GTM/DNS Sync Group
Hi all
We're attempting to get a GTM/DNS sync group setup and having some difficulty. We've set the two BIG-IP systems up in a HA pair and on one device configured all the necessary components to include:
- Data center object
- Server objects for each GTM
- Confirmed ports 4353 and 22 are open between them. We know they are as both server objects are up/green.
- Configured the sync group name and enabled it
The problem comes when we go to the second device and run the gtm_add script to initialise and sync with the group we get this message:
ssh_exchange_identification: read: Connection reset by peer
ERROR: Can't read remote cert via /usr/bin/ssh.
Restarting gtmd
Restarting named
Restarting zrdCouple of things to note:
- As stated above, these devices are already in a HA active/standby pair. We don't believe to be an impediment as this should be a valid way to set GTMs up.
- We are using proper 3rd party certificates for management.
- To that end we have installed the intermediate CA and root certs in the following locations
System ›› Certificate Management : Device Certificate Management : Device Trust Certificates
DNS ›› GSLB : Servers : Trusted Server Certificates
We have tried running the gtm_add command using a local user with admin/advanced tmsh privileges as well as root.
On either device we get nothing in /var/log/gtm or even ltm, that would help give us a clue.
Right now we're at a total loss and don't know where to turn next.
Anyone have any helpful clues, hints or insights to help us through this?
Thank you.
1 Reply
ThornidI solved this pretty much after I wrote this. I targeted the mgmt IP of the GTM master from the new GTM and modified the SSH allow list to allow the new GTM.
