How to troubleshoot SSL handshake errors between Control-M/Server and Control-M/Agent using plc_client and plc

Knowledge Article

Article Number

000379171

Old Article Number

Article Type

FAQ/Procedural

Title

How to troubleshoot SSL handshake errors between Control-M/Server and Control-M/Agent using plc_client and plc_server tools?

Summary

Product

Control-M/Server for UNIX and Microsoft Windows

Component

Control-M/Server for UNIX and Microsoft Windows

Applies to

Control-M/Server and Control-M/Agent all supported versions.

Question

How to troubleshoot SSL handshake errors between Control-M/Server and Control-M/Agent using plc_client and plc_server tools?

Answer

- The plc_server and plc_client utilities will be helpful to simulate issues that occur outside of Control-M and provide more details about the connection failure.

1. To executes the secured connection simulation from the Control-M/Server to the Control-M/Agent, start separate command prompt from the Control-M/Agent machine (server) and from the Control-M/Server (client).
2. In the Control-M/Agent host, navigates to Control-M Agent's installation "exe" sub-directory and run:

“plc_server -h <server listen host name> -p 5555 -S <site.plc full path> -P <ag.plc full path>”

For example:

UNIX : plc_server -h ctmagent -p 5555 -S $HOME/ctm_agent/ctm/data/SSL/cert/site.plc -P $HOME/ctm_agent/ctm/data/SSL/cert/ag.plc
WIndows : plc_server -h ctmagent -p 5555 -S Control-M/Agent\SecurityPolicy\site -P Control-M/Agent\SecurityPolicy\AG

"ctmagent" is the host name where plc_server is running.

3. A plc_server process will be started and listening for incoming client connection.

4. In the Control-M/Server host, navigate to the Control-M/Server's installation "exe" sub-directory and run:

"plc_client -h <server listen host name> -p 5555 -S <site.plc full path> -P <ns.plc full path>"

For example:

Unix : plc_client -h ctmagent -p 5555 -S $HOME/ctm_server/data/SSL/cert/site.plc -P $HOME/ctm_server/data/SSL/cert/ns.plc
Windows : plc_client -h ctmagent -p 5555 -S Control-M/Server\SecurityPolicy\site -P Control-M/Server\SecurityPolicy\NS

"ctmagent" is the host name where plc_server is running.

5. At this point, the connection should be established with SSL communication between Control-M/Server and Control-M/Agent.

6. Test the communication from the Control-M/Agent to the Control-M/Server. In the Control-M Server host, navigates to Control-M Server's installation "exe" sub-directory and run:

“plc_server -h <server listen host name> -p 5555 -S <site.plc full path> -P <ns.plc full path>”

For example:

UNIX : plc_server -h ctmserver -p 5555 -S $HOME/ctm_server/data/SSL/cert/site.plc -P $HOME/ctm_server/data/SSL/cert/ns.plc
WIndows : plc_server -h ctmserver -p 5555 -S Control-M/Server\SecurityPolicy\site -P Control-M/Server\SecurityPolicy\NS

"ctmserver" is the host name where plc_server is running.

7. In the Control-M/Agent host, navigate to the Control-M/Agent's installation "exe" sub-directory and run:

"plc_client -h <server listen host name> -p 5555 -S <site.plc full path> -P <ag.plc full path>"

For example:

Unix : plc_client -h ctmserver -p 5555 -S $HOME/ctm_agent/ctm/data/SSL/cert/site.plc -P $HOME/ctm_agent/ctm/data/SSL/cert/ag.plc
Windows : plc_client -h ctmserver -p 5555 -S Control-M/Agent\SecurityPolicy\site -P Control-M/Agent\SecurityPolicy\AG

"ctmserver" is the host name where plc_server is running.

8. If the secured connection failed or any errors displayed, please contact BMC customer support and provide the output of the above test for assistance.

Attachment(s):