Michael, Perhaps, you might run into issue with keys overlapping on server under the heavy load which have been fixed in 3.0.5. We didn't have to regenerate keys on client side after upgrade, but we had to re-upload several public keys from clients on the policy server. Also, if your client authentication is IP based, you'll need to re-upload client's key every time its IP changes.
2010/7/29 <mega...@gmail.com>: > Got the verbose server output, and this seemed to be the error: > > cf3 Received: [SAUTH y 256 37 c] on socket 5 > cf3 Private decrypt failed = block type is not 02 > cf3 Auth dialogue error > cf3 REFUSAL of request from connecting host: (SAUTH y 256 37 c) > > I then regenerated the ppkeys for both the server and user, and after that > things worked. So something seems to have changed in the crypt used for key > exchange. > > > On Jul 28, 2010 8:52pm, Michael Potter <mega...@gmail.com> wrote: >> On Wed, Jul 28, 2010 at 8:47 PM, Mark Burgess mark.burg...@iu.hio.no> >> wrote: >> >> > >> >> > It sounds strange. Did you only upgrade half the systems? Nothing should >> > stop working. >> >> >> >> Nope - upgraded both cf-serverd and cf-execd, and was running >> >> cf-runagent on same host as the cf-serverd I was contacting. I will >> >> check the output of the verbose server to see what comes out. >> >> >> >> >> >> > >> >> > On 07/28/2010 10:11 AM, Michael Potter wrote: >> >> >> Ill give that a try tomorrow. I just don't know what could have >> >> >> changed from 3.0.4 to 3.0.5p1 that caused a working configuration to >> >> >> break. I wonder if I need to regenerate my ppkeys after an upgrade.... >> >> >> >> >> >> On Wed, Jul 28, 2010 at 3:22 PM, Seva Gluschenko >> >> >> seva.glusche...@gmail.com> wrote: >> >> >>> To obtain verbose server output, you must shut down its daemon and run >> >> >>> it from command line with -v option. The cf-serverd then stays in >> >> >>> foreground and goes into verbose mode, so that you can try and run >> >> >>> cf-runagent on another terminal and see what's going on on the server >> >> >>> side. >> >> >>> >> >> >>> 2010/7/28 mega...@gmail.com>: >> >> >>>> Hi >> >> >>>> >> >> >>>> I was using cf-runagent under 3.0.4, but after upgrading to 3.0.5p1 I >> >>>> now >> >> >>>> get the following error: >> >> >>>> >> >> >>>> BAD: Unspecified server refusal (see verbose server output) >> >> >>>> !! Authentication dialogue with 127.0.0.1 failed >> >> >>>> Unable to establish connection with 127.0.0.1 >> >> >>>> >> >> >>>> I have been unable to find the verbose server output anywhere, and >> >>>> was >> >> >>>> wondering if anyone else has run into this problem, and hopefully >> >>>> solved it. >> >> >>>> >> >> >>>> Cheers >> >> >>>> _______________________________________________ >> >> >>>> Help-cfengine mailing list >> >> >>>> Help-cfengine@cfengine.org >> >> >>>> https://cfengine.org/mailman/listinfo/help-cfengine >> >> >>>> >> >> >>>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> -- >> >> >>> SY, Seva Gluschenko. >> >> >>> >> >> >> _______________________________________________ >> >> >> Help-cfengine mailing list >> >> >> Help-cfengine@cfengine.org >> >> >> https://cfengine.org/mailman/listinfo/help-cfengine >> >> > _______________________________________________ >> >> > Help-cfengine mailing list >> >> > Help-cfengine@cfengine.org >> >> > https://cfengine.org/mailman/listinfo/help-cfengine >> >> > >> > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
