Forum Discussion
NimbostratusGTM Synchronization fails "Is big3d running?" "Is tcp port 4353 access allowed?" IQuery connection fails
Hi,
I'm trying to Sync two GTM using gtm_add command using their public-ip(self-IP), I keep getting the "Is tcp port 4353 access allowed?"
I can telnet to this port, i know its open,
on each self-Ip i have the port set to default (even allow all for test purpose),
I have the same Synchronization group configured on each GTM, to make it more interesting i have Active/Standby GTM at each location but is trying only to connect to each active device first,
The SSL exchange passes using the bigip_add but gtm_add aways fails, I have followed all trouble shooting, verified everything,although I am using the default ssl cert and not generating a new one.
4 Replies
Brad_ParkerCirrus
Do you have any entries in your GTM logs referencing the failure? Sounds like a possible cert trust issue. The BigIP devices certs and trust are stored in a different locations than GTM? Have a look at this as well, https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15664.html.
f5dev7_171984Yes SSL seems to be the issue but how can I correct this, I have a valid cert, under DNS>GSLB>Server>Trsusted Certs, they appear to be a valid cert but multiple of them and the error i'm getting under GTM log is
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
thanks for the input
Renato_166638I don't like to use that console commands to download the certificates, they are responsible by duplicating and making the list looks confusing and I prefer to add them manually. Don't forget to check the port lockdown settings for the self-ip used as server address.
- f5dev7_171984
Thanks Everyone for the reply this was resolved by changing the certificate to self-signed, the CA provided one had issue.
