Upgrade of Client from 8.0 to 8.2 - status 26 - Client Server handshaking failed
I have upgraded the Ops Center, Master Server and a number of clients in a fairly small NBU environment from 8.0 to 8.2 - all is well.
I am attempting to upgrade the remaining clients (DMZ based) but am having an issue when attempting the upgrade to 8.2. As these are at 8.0 there are currently no certs installed - obviously 8.2 requires certs. The clients are currently functioning perfectly with the 8.2 master.
I have confirmed that ports 1556, 13782 and 13724 are open in the firewall between master and client, and also HTTPS traffic is allowed.
When I start the client install/upgrade I am selectig CUSTOM, checking all the values and after system names screen I get an error "Could Not Determine Master Server Certificate Mode". This details command status 26, The external CA usage information could not be retrieved. Exit status 26: client/server handshaking failed.
Is there something else I am missing here in terms of firewall requirements ?
Security level on Master is set to MEDIUM.
Any NBCERTCMD options I try from the client fail - thinking this must be firewall......
BPTESTBPCD is good, BPCLNTCMD is good.
Thoughts ??
AJ.
OK - I got confirmation from the network team as to what they did to get this working.....
The correct ports were allowed, as was https - but comms could ONLY be initiated by the Master Server. They changed the rule to allow bi-directional initiation of comms on these ports and all upgrades went perfectly.
So it looks like during the upgrade process, when it is requesting certs, the client is initiating comms (not sure on which port(s)) - and therefore the firewall must allow both the master and the client to initiate communications.
The ports we have allowed are 1556, 13782, 13724 and https (443).
If someone wants to mark this as the soluton I would appreciate it - as I was 'shot' last time I marked one of my own answers as the solution......
Thanks for all the input.
AJ