cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot Establish GTM/DNS Sync Group

Thornid
Nimbostratus
Nimbostratus

Hi all

 

We're attempting to get a GTM/DNS sync group setup and having some difficulty. We've set the two BIG-IP systems up in a HA pair and on one device configured all the necessary components to include:

 

  • Data center object
  • Server objects for each GTM
  • Confirmed ports 4353 and 22 are open between them. We know they are as both server objects are up/green.
  • Configured the sync group name and enabled it

 

The problem comes when we go to the second device and run the gtm_add script to initialise and sync with the group we get this message:

 

ssh_exchange_identification: read: Connection reset by peer   ERROR: Can't read remote cert via /usr/bin/ssh.   Restarting gtmd Restarting named Restarting zrd

Couple of things to note:

 

  1. As stated above, these devices are already in a HA active/standby pair. We don't believe to be an impediment as this should be a valid way to set GTMs up.
  2. We are using proper 3rd party certificates for management. 
  3. To that end we have installed the intermediate CA and root certs in the following locations

 

System ›› Certificate Management : Device Certificate Management : Device Trust Certificates

 

DNS ›› GSLB : Servers : Trusted Server Certificates

 

 

We have tried running the gtm_add command using a local user with admin/advanced tmsh privileges as well as root.

 

On either device we get nothing in /var/log/gtm or even ltm, that would help give us a clue.

 

Right now we're at a total loss and don't know where to turn next.

 

Anyone have any helpful clues, hints or insights to help us through this?

 

 

 

Thank you.

1 REPLY 1

Thornid
Nimbostratus
Nimbostratus

I solved this pretty much after I wrote this. I targeted the mgmt IP of the GTM master from the new GTM and modified the SSH allow list to allow the new GTM.