Solved: Re: Unable to distribute certificates to RIM Node - Qlik Community

pablodelcerro · ‎2021-08-25

We are not been able to add a RIM Node to a cluster environment with Standalone Postgresql after upgrading it to 12.8.

All nodes are in May 2021 Patch 4.

When trying to add the RIM node, at certificate distribution, we get an error message that says "Failed to distribute certificates" and this is what we found on the Repository Log:

34 28.0.6.0 20210825T184030.065-0300 ERROR <CENTRAL_NODE> 0f0aabc8-57a8-47c1-b199-f54ee8533434 Command=Distribute certificate;Result=-2147467261;ResultText=Error: Object reference not set to an instance of an object. 0 0 0 INTERNAL System 0 Not available Repository Not available Not available Distribute certificate -2147467261 Certificate distribution failed, see ResultText for further details 0f0aabc8-57a8-47c1-b199-f54ee8533434

35 28.0.6.0 20210825T184030.075-0300 ERROR <CENTRAL_NODE> 12ac0f60-5bfc-4693-9c7b-a7b038745f7d Command=Server node registration;Result=400;ResultText=Error: Distribute c0de9765-5bce-9aee-6f24-5b7bce21a9c6 7ce3284d-2125-4657-850c-c704d4325d96 0 <USER> 6dc7fc8e-25b5-4d56-8d6d-1e611df40f8c Not available Repository ManagementAccess /qrs/servernoderegistration/start/6dc7fc8e-25b5-4d56-8d6d-1e611df40f8c Server node registration 400 Failed to distribute the certificate. (HTTP code: 400) 12ac0f60-5bfc-4693-9c7b-a7b038745f7d

We´ve tried everything we found out:

- New clean new VM installation

- Execute service in bootsramp mode

- Add host.cfg that is not been created

Communication between servers seems fine (http://<servername>.local:4444/setup/certificateDistribution gives XSRF prevention check failed. Possible XSRF discovered. message)

After postgresql upgrade, 4 out of 5 RIM Nodes continue working, and only one had this issue.

Thanks a lot for your help!

Pablo

martinmichalski1 · ‎2021-10-07

Hi Stephen,

I work with Pablo and we were able to solve this issue following these steps:

1) Export the certificates for the new node from the QMC. Create it using a password and check "Include secret key"

2) Import the certificates on the new node. You have 3 certificates: Client, Root and Server. Client goes on "Personal" of the user, Server goes on "Personal" of the Computer and Root goes on "Certification authorities" from both. It is very important to check an option when importing that makes the certificates "Exportable".

3) I don't know if this step helped to solve the issue, but I also installed the SSL certificate the proxy uses.

4) Restart all services including service dispatcher on the new node and try again

I hope this also works for you.

Regards,

Martin

View solution in original post

rohitk1609 · ‎2021-08-29

https://support.qlik.com/articles/000041591

Try this one

pablodelcerro · ‎2021-08-30

Hi Rohitk! Like i´ve said before, we have mannually created the host.cfg file and that didnt solve the issue.

We finally managed to mannually distribute the certificates and we've got the new RIM node to work, but could find out why it was not possible to distribute certificates through QMC.

sparkerb · ‎2021-10-06

Hi Pablo,

I am running into the exact same issue with many new nodes I am trying to add. Is there a document or process you followed to manually distribute the certs?

Thanks,

Stephen

martinmichalski1 · ‎2021-10-07