subscription-manager register is encountering (Unable to verify server identity: (104,Connection reset by peer)) error on Red Hat Satellite 6 clients

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux
  • Red Hat Satellite 6.x
  • Security tool ds_agent/ds_filter

Issue

  • Client machines are getting below network errors when registering to Red Hat Satellite Server:
# subscription-manager register --force --org="RedHat" --activationkey="Dev"
Unable to verify server's identity: (104, 'Connection reset by peer')

Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.

Resolution

  • ds_agent and ds_filter security tool was running on the client . After stopping the ds_agent and ds_filter service on the client and re-registering client to the Red Hat Satellite was successful .
# service ds_agent stop
# service ds_filter stop
# subscription-manager register --force --org="name" --activationkey="key"
The system with UUID 510d964c-b366-49c6-bb7c-65fe5d917304 has been unregistered
The system has been registered with ID: 3e8578a7-af15-4fb4-b965-f24aa352f3ad

  • if neither that client runs on the system, this solution is not applicable. Try to e.g. identify possible cipher suites supported by both peers (and optionally by any proxy in between), or check for potential networking issue. If not sure how to proceed, then:

    • run on both the client system and the Satellite (or Capsule, in case the client system is trying to register to a Caps):
tcpdump -i any -s 0 port 443 or port 8443 -w /tmp/sub-man-failure.$(hostname).cap
  • execute the failing subscription-manager command
  • stop both tcpdumps and provide them to a newly created support case, together with sosreports from both systems

Root Cause

  • ds_agent and ds_filter security tool was running on the clients.

Diagnostic Steps

  • Check whether the ds_agent security tool running on clients or not.
root        1441  0.0  0.3 203111  6732 ?        S    10:23   0:00 /opt/ds_agent/ds_agent -w /var/opt/ds_agent -b -i -e /opt/ds_agent/ext
root        1552  0.1  6.4 116111 123742 ?      Sl   10:23   0:07 /opt/ds_agent/ds_agent -w /var/opt/ds_agent -b -i -e /opt/ds_agent/ext
:
root        1514  0.0  0.0 116111  6732 ?        S    10:24   0:00 /opt/ds_agent ds_am -g ../diag -v 5 -d /var/opt/ds_agent/am -m /opt/ds_agent/lib/libvmpd_full_scan.so -m /opt/ds_agent/lib/libvmpd_scanctrl.so -m /opt/ds_agent/lib/libvmpd_dsa_rtscan.so rtscan_hook_enable=1 -m /opt/ds_agent/lib/libvmpd_sapscan.so
root        6732  0.5  5.5 203111 103112 ?      Sl   10:24   0:21 /opt/ds_agent ds_am -g ../diag -v 5 -d /var/opt/ds_agent/am -m /opt/ds_agent/lib/libvmpd_full_scan.123742 -m /opt/ds_agent/lib/libvmpd_scanctrl.so -m /opt/ds_agent/lib/libvmpd_dsa_rtscan.so rtscan_hook_enable=1 -m /opt/ds_agent/lib/libvmpd_sapscan.so

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments