Forum Discussion

Thornid's avatar
Thornid
Icon for Nimbostratus rankNimbostratus
Jul 03, 2020

Cannot Establish GTM/DNS Sync Group

Hi all

We're attempting to get a GTM/DNS sync group setup and having some difficulty. We've set the two BIG-IP systems up in a HA pair and on one device configured all the necessary components to include:

  • Data center object
  • Server objects for each GTM
  • Confirmed ports 4353 and 22 are open between them. We know they are as both server objects are up/green.
  • Configured the sync group name and enabled it

The problem comes when we go to the second device and run the gtm_add script to initialise and sync with the group we get this message:

ssh_exchange_identification: read: Connection reset by peer
 
ERROR: Can't read remote cert via /usr/bin/ssh.
 
Restarting gtmd
Restarting named
Restarting zrd

Couple of things to note:

  1. As stated above, these devices are already in a HA active/standby pair. We don't believe to be an impediment as this should be a valid way to set GTMs up.
  2. We are using proper 3rd party certificates for management. 
  3. To that end we have installed the intermediate CA and root certs in the following locations

System ›› Certificate Management : Device Certificate Management : Device Trust Certificates

DNS ›› GSLB : Servers : Trusted Server Certificates

We have tried running the gtm_add command using a local user with admin/advanced tmsh privileges as well as root.

On either device we get nothing in /var/log/gtm or even ltm, that would help give us a clue.

Right now we're at a total loss and don't know where to turn next.

Anyone have any helpful clues, hints or insights to help us through this?

Thank you.

1 Reply

  • I solved this pretty much after I wrote this. I targeted the mgmt IP of the GTM master from the new GTM and modified the SSH allow list to allow the new GTM.