Summary
After upgrade of Network Node Manager i-Series {NNMi} v10.20 patch 6 to v10.30, GM -RM Integration fails with Error "Invalid Regional Manager Connection Configuration". Error is reported due to mismatch in configured SSL Protocol on GM and RM.
Error
After upgrade of Network Node Manager i-Series {NNMi} v10.20 patch 6 to v10.30, GNNM -RNNM Integration fails with the following displayed error in UI:
nnm.log reports below error (sample extract):
2018-07-17 15:33:31.706 INFO [com.hp.ov.nms.ui.framework.common.HttpResultWriter] Sending notification to console:Saved Successfully.
2018-07-17 15:34:11.502 WARNING [com.hp.ov.nms.ui.framework.util.ObjectModelUtils] Connecton remote system failed: com.hp.ov.nms.topo.spi.common.bridge.BridgeServiceException$RemoteSystemID: Failed to obtain a valid system ID from the Regional NNMi management server at <RNM FQDN>:443 - Failed to retrieve Naming interface for provider https://<RNM FQDN>:443/invoker/restricted/JNDIFactorySSL
2018-07-17 15:34:11.511 WARNING [com.hp.ov.nms.ui.framework.util.ObjectModelUtils] Connecton remote system failed: com.hp.ov.nms.topo.spi.common.bridge.BridgeServiceException$RemoteSystemID: Failed to obtain a valid system ID from the Regional NNMi management server at <RNM FQDN>:443 - Failed to retrieve Naming interface for provider https://<RNM FQDN>:443/invoker/restricted/JNDIFactorySSL
2018-07-17 15:34:11.512 INFO [com.hp.ov.nms.ui.framework.common.HttpResultWriter] Sending notification to console:Invalid Regional Manager Connection configuration information provided. Please check that you have specified the correct port and Fully Qualified Domain Name (FQDN).
NNMi cannot connect to:
https://<RNM FQDN>/nnm
For SSL connection, Global Manager needs to import Certificates from Regional Manager.
Enabling Tracing on com.hp.ov.nms.topo module, nnm-trace.log shows below errors:
2018-07-17 13:06:22.444 INFO [com.hp.ov.nms.topo.spi.server.bridge.BridgeServiceManagerImpl] (pool-1-thread-30) Bridge RNM3 is incomplete and will be recreated
2018-07-17 13:06:22.448 INFO [com.hp.ov.nms.topo.spi.server.bridge.BridgeServiceManagerImpl] (pool-1-thread-30) Attempting to establish bridge for station RNM3 (ea5f3106-1d46-4ca2-bc36-945a846c1d91)
2018-07-17 13:06:22.471 INFO [com.hp.ov.nms.topo.spi.server.bridge.BridgeConnectionSelectorImpl] (pool-1-thread-30) Communications failure talking to remote system cbnmi007.gsp.accenture.com on port 443: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2018-07-17 13:06:22.476 INFO [com.hp.ov.nms.topo.spi.server.bridge.BridgeConnectionSelectorImpl] (pool-1-thread-30) Communications failure talking to remote system cbnmi008.gsp.accenture.com on port 443: java.net.ConnectException: Connection refused (Connection refused)
2018-07-17 13:06:22.476 INFO [com.hp.ov.nms.topo.spi.server.bridge.BridgeServiceManagerImpl] (pool-1-thread-30) No suitable connection found for station RNM3 (ea5f3106-1d46-4ca2-bc36-945a846c1d91)
Wireshark / TcpDump Capture from GM - RM shows handshake failure wherein GM is using SSLv2 & RM is replying on TLS v1.2
Sample Screenshot:
Cause
One Possible cause for this issue could be Incorrect FQDN when the Regional Manger Connection Configuration is set.
Considering that there was no change in FQDN on both GM & RM and integration working fine before upgrade, this is unlikley reason.
The other cause for the error is if SSL Communication for Web Access is not properly configured.
Parameter com.hp.ov.nms.ssl.PROTOCOLS in server.properties may be configured with different values on GM and RM and hence the handshake fails.
Fix
Following Steps can be performed to resolve the issue:
1. Open the server.properties on GNM:
Windows: %NnmDataDir%\nmsas\nms\server.properties
Linux: /var/opt/OV/nmsas/nms/server.properties
2. Set the following property
com.hp.ov.nms.ssl.PROTOCOLS=TLSv1.2,TLSv1.1,TLSv1
3. Cross check server.properties on the RM and ensure the same values are set for this parameter.
These steps are included In Chapter "Configuring SSL Communications for Web Access and RMI Communications", topic "Requirement for New NNMi 10.2x Installations", page 457, NNMi 10.21 Deployment Reference Guide