cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Peer not authenticated Load balancer

Former Member

on ‎07-24-2015 10:13 PM

0 Kudos

Hi,

  We are deploying SMP 3.0 SP07 in our UAT and Production environment.

The application is using Integration gateway as the Backend Endpoint in the SMP application (Admin page).

  For the Integration gateway we have created a load balanced URL to balance 2 SMP nodes in UAT and PROD environment.

When I am using the load balanced URL in the SMP Admin cockpit for the application as Backend Endpoint and performing ping on that I am getting exception "peer not authenticated".

If certificate Alias is mentioned in the BackEnd configuration then the error is that the hostname is not matching.

  I have imported the load balancer node SSL certificate and the SMP node certificate in the SMP keystore using the keytool command and also restarted the SMP server still the error persists.

 

Keytool Command :

keytool -import -v -alias loadbalancer -keystore smp_keystore.jks -storepass LHM0bility -file C:\Certs\loadBalancer.cer

keytool -import -v -alias uatnode1 -keystore smp_keystore.jks -storepass LHM0bility -file C:\Certs\usaxaashbsmp2.grouphc.net.cer

Both imports are successful.

In the SMP Admin Back End configuration I have tried using the above certificate Alias also still the issue continues.

I have referred to this blog :http://scn.sap.com/thread/3597324 and the issue persists.

Attached is the image that shows the application configuration in SMP and the error after ping.

Please provide assistance in resolving this issue.

Regards,

Amit

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎07-25-2015 7:19 AM
0 Kudos

Hello Amit,



  For the Integration gateway we have created a load balanced URL to balance 2 SMP nodes in UAT and PROD environment.

I am not clear on this, do you have any sample diagram to explain the app communication flow?

Regards,

JK

Show replies
Show replies
Former Member
‎07-25-2015 8:40 AM
0 Kudos

Hi Jitendra,

          Please find a sample diagram which shows the load balance structure for UAT environment.

SMP integration gateway service document URL is load balanced with port 8083 connection since we cannot use the localhostname in the SMP application Backend configuration in a loadbalanced environment.

Please let me know if more clarity is needed.

Regards,

Amit

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎07-26-2015 7:11 AM
0 Kudos

Hello Amit,

In general, IGW URLs listen on same host and port as SMP Admin cockpit. While setting up an application id in Admin cockpit, INTERNAL option is checked for the BACKEND in case if endpoint URL is IGW's one. Hence there is no need of 'Certificate Alias'.

But I would call and to share more info on this.

Regards,

JK

Former Member
‎07-27-2015 7:00 PM
0 Kudos

Hi Jitendra,

          Thanks for the reply.

I understand that we want to use IGW URL as BACKEND with Internal option set in SMP Admin cockpit but to use that we will have to use hostname for the URL and we cannot use localhost as it will give Exception in SMP connection.

But if we use hostname in the BACKEND Url how will the it work for 2 different UAT nodes ?

Eg : For node 1 the URL with Hostname it has to be

https://<UATNode1>:8083:/gateway/odata/SAP/ITest_ODATA;v=1

For node 1 the URL with Hostname it has to be


https://<UATNode2>:8083:/gateway/odata/SAP/ITest_ODATA;v=1


again that will not work since for UATNode1 the second backend URL will fail and for UATNode2 first backend URL will fail also we will have 2 BACKEND connections created for one application and that would be duplicate and mobile app will have to change connection ID based on connecting node which not possible.


Please let me know what solution is there around this.


Regards,

Amit

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎08-01-2015 9:16 AM
0 Kudos

Sorry, not much ideas from my side.

Hope can share his views on this.

Regards,

JK

andreas_wegmann
Employee
Employee
‎08-03-2015 8:16 AM
0 Kudos

Hi Amit,
1 - Did you first test without the Netscaler LB if it works correctly?
2 - Did you enable the DEBUG log for Integration Gateway and Security?
What was the output?
Thanks, Andreas

Former Member
‎08-03-2015 7:02 PM
0 Kudos

Hi Andreas,

              I am working with Kevin Bates to understand and resolve the issue. We think the issue is related to ping functionality in the SMP Admin cockpit.

But the SMP application is able to connect internally to integration gateway on localhost when data is requested via SMP application.

We are still testing and checking to see if there are any issues.

In summary the hostname used for either node doesn't matter if "Internal" is checked in the Backend configuration.

Regards,

Amit

Ask a Question