Problem joining SPS to SPP (Safeguard 7.0)

Goodmorning,

I have a problem joining SPS to SPP. In the web portal of SPS, if i try to join to SPP with the public IP address of SPP, SPS return me the error :

"spp_response": "Error sending request: SSLError: HTTPSConnectionPool(host='108.xxx.xxx.23', port=443): Max retries exceeded with url: /service/core/v3/Cluster/SessionModules (Caused by SSLError(CertificateError(\"hostname '108.xxx.xxx.23' doesn't match either of 'SG-7c55fce7xxxx', '10.xxx.xx.42'\")))"

If i try to join SPP using the private IP address, SPS don't reach SPP and go on timeout error. I tried to modify the hosts file of SPS, adding the ip of SPP(both public and private), 
but i can't resolve it.

Thank you,

Samuele

Parents

0 Tawfiq.Ahmad over 1 year ago

Hi Samuele,

Does the SPP Web SSL certificate has the IP address defined in the SAN or just the hostname?

If only the hostname try with the using the FQDN instead of the IP to join the SPP

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 samuele fochi over 1 year ago in reply to Tawfiq.Ahmad

Hi,

The SSL certificate is auto-generated from SPP, i tried to join SPP using both the ip address and the FQDN, but SPS continue to give me the same error. There are other things that i can try?

Thank you,

Samuele
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Tawfiq.Ahmad over 1 year ago in reply to samuele fochi

SPS needs access to be able to access the private IP (10.xxx.xx.42) of SPP on port 443

Network communications between SPP and SPS

- Ensure each SPP appliance will accept TCP/8649 and TCP/443 from all SPS appliances
- Ensure each SPS appliance will accept TCP/8649 from all SPP appliances

Telnet Tests

From SPP, Settings | Diagnostics | Telnet enter the SPS IP and port number and test, you should see "Connection Succeeded."

From SPS, Basic Settings | Troubleshooting | Connect to TCP port, enter SPP IP(s) and port number, connect, you should see "Connection established."
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 Tawfiq.Ahmad over 1 year ago in reply to samuele fochi

SPS needs access to be able to access the private IP (10.xxx.xx.42) of SPP on port 443

Network communications between SPP and SPS

- Ensure each SPP appliance will accept TCP/8649 and TCP/443 from all SPS appliances
- Ensure each SPS appliance will accept TCP/8649 from all SPP appliances

Telnet Tests

From SPP, Settings | Diagnostics | Telnet enter the SPS IP and port number and test, you should see "Connection Succeeded."

From SPS, Basic Settings | Troubleshooting | Connect to TCP port, enter SPP IP(s) and port number, connect, you should see "Connection established."
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 samuele fochi over 1 year ago in reply to Tawfiq.Ahmad

Hi,

i have checked it and all the connection works, but when i try to join SPP with the public IP address or using the FQDN, SPS return always the same error. If i try to join SPP with the private IP address SPS return me a timeout error.

Thank you,

Samuele
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Tawfiq.Ahmad over 1 year ago in reply to samuele fochi

Hi Samuele,

Here are some troubleshooting steps related to the SPP-SPS join:

https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-sessions/7.0%20lts/administration-guide/120#TOPIC-1832021

If the issue persists, I would suggest to open a service request to investigate the issue further with our One Identity Support team providing support bundles from the SPP Primary and the SPS Central Management node.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 samuele fochi over 1 year ago in reply to Tawfiq.Ahmad

Hi,

Ok i will try to follow the guide, Thank you!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel