How to troubleshoot SSL handshake errors between Control-M/Server and Control-M/Agent using plc_client and plc_server tools?

Knowledge Article

How to troubleshoot SSL handshake errors between Control-M/Server and Control-M/Agent using plc_client and plc_server tools?
Control-M/Server for UNIX and Microsoft Windows
Control-M/Server for UNIX and Microsoft Windows
Control-M/Server and Control-M/Agent all supported versions.
Control-M/Server for UNIX and Microsoft Windows
Control-M/Server for UNIX and Microsoft Windows
Control-M/Server and Control-M/Agent all supported versions.
How to troubleshoot SSL handshake errors between Control-M/Server and Control-M/Agent using plc_client and plc_server tools?

- The plc_server and plc_client utilities will be helpful to simulate issues that occur outside of Control-M and provide more details about the connection failure.

1.  To execute the secured connection simulation from the Control-M/Server to the Control-M/Agent, start separate command prompt from the Control-M/Agent machine (server) and from the Control-M/Server (client).
2.  In the Control-M/Agent host, navigates to Control-M Agent's installation "exe"  sub-directory and run:
  
    “plc_server -h <server listen host name> -p 5555 -S <site.plc full path> -P <ag.plc full path>”

For example:

UNIX       : plc_server -h ctmagent -p 5555 -S $HOME/ctm_agent/ctm/data/SSL/cert/site.plc -P $HOME/ctm_agent/ctm/data/SSL/cert/ag.plc
WIndows : plc_server -h ctmagent -p 5555 -S Control-M/Agent\SecurityPolicy\site -P Control-M/Agent\SecurityPolicy\AG

"ctmagent" is the host name where plc_server is running.

3. A plc_server process will be started and listening for incoming client connection. *NOTE* This needs to happen because If the Control-M/Server is not listening on the socket, the utility will not work.

4.  In the Control-M/Server host, navigate to the Control-M/Server's installation "exe" sub-directory and run:

     "plc_client -h <server listen host name> -p 5555 -S <site.plc full path> -P <ns.plc full path>"

For example:

Unix        : plc_client -h ctmagent -p 5555 -S $HOME/ctm_server/data/SSL/cert/site.plc -P $HOME/ctm_server/data/SSL/cert/ns.plc
Windows : plc_client -h ctmagent -p 5555 -S Control-M/Server\SecurityPolicy\site -P Control-M/Server\SecurityPolicy\NS

"ctmagent" is the host name where plc_server is running.

5. At this point, the connection should be established with SSL communication between Control-M/Server and Control-M/Agent.

6. Test the communication from the Control-M/Agent to the Control-M/Server. In the Control-M Server host, navigates to Control-M Server's installation "exe"  sub-directory and run:
  
    “plc_server -h <server listen host name> -p 5555 -S <site.plc full path> -P <ns.plc full path>”

For example:

UNIX       : plc_server -h ctmserver -p 5555 -S $HOME/ctm_server/data/SSL/cert/site.plc -P $HOME/ctm_server/data/SSL/cert/ns.plc
WIndows : plc_server -h ctmserver -p 5555 -S Control-M/Server\SecurityPolicy\site -P Control-M/Server\SecurityPolicy\NS

"ctmserver" is the host name where plc_server is running.

7. In the Control-M/Agent host, navigate to the Control-M/Agent's installation "exe" sub-directory and run:

     "plc_client -h <server listen host name> -p 5555 -S <site.plc full path> -P <ag.plc full path>"

For example:

Unix        : plc_client -h ctmserver -p 5555 -S $HOME/ctm_agent/ctm/data/SSL/cert/site.plc -P $HOME/ctm_agent/ctm/data/SSL/cert/ag.plc
Windows : plc_client -h ctmserver -p 5555 -S Control-M/Agent\SecurityPolicy\site -P Control-M/Agent\SecurityPolicy\AG

"ctmserver" is the host name where plc_server is running.

8. If the secured connection failed or any errors displayed, please contact BMC customer support and provide the output of the above test for assistance.
Control-M/Server for UNIX and Microsoft Windows
Control-M/Server for UNIX and Microsoft Windows
Control-M/Server and Control-M/Agent all supported versions.
Attachment(s):