Manualshelf

Veritas Storage Foundation 5.1 SP1 Cluster File System Installation Guide (5900-1510, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Volume Management (LVM/VxVM) Software
451452453454455456457458459460
Table H-1
Fencing startup issues on SFCFS cluster (client cluster) nodes
(continued)
Description and resolutionIssue
If you had configured secure communication between the CP server and the SFCFS cluster
(client cluster) nodes, authentication failure can occur due to the following causes:
Symantec Product Authentication Services (AT) is not properly configured on the CP
server and/or the SFCFS cluster.
The CP server and the SFCFS cluster nodes use the same root broker but the certificate
hash of the root broker is not same on the SFCFS cluster and the CP server. Run the
following command on both the CP server and the SFCFS cluster to see the certificate
hash:
# cpsat showalltrustedcreds
The CP server and the SFCFS cluster nodes use different root brokers, and trust is not
established between the authentication brokers:
The hostname of the SFCFS cluster nodes is not the same hostname used when
configuring AT.
The hostname of the SFCFS cluster nodes must be set to the hostname used when
configuring AT. You can view the fully qualified hostname registered with AT using
the cpsat showcred command. After entering this command, the hostname appears
in the User Name field.
The CP server and SFCFS cluster do not have the same security setting.
In order to configure secure communication, both the CP server and the SFCFS cluster
must have same security setting.
In order to have the same security setting, the security parameter must have same
value in the /etc/vxcps.conf file on CP server and in the /etc/vxfenmode file on
the SFCFS cluster (client cluster) nodes.
Authentication failure
457Troubleshooting cluster installation
Troubleshooting server-based fencing on the SFCFS cluster nodes