Description

If there is a problem with communication between the Master and a Server Agent, this may be caused by a mismatch between the nodekeys used for encrypting BoKS traffic.

In the error log you get messages similar to the following:

boks_bridge@host Wed Dec 5 08:45:09 2012
WARNING: 32631: Cannot encrypt message. No key found for 1.2.3.4

The nodekeys are used for session key negotiation by the boks_bridge processes. Keys are cached in a Shared Memory segment on the Master and Replicas. This makes it possible to change the nodekey for a host in the BoKS database without disturbing the communication between that host and the Master and Replicas. (The cache is deleted if BoKS is shut down with the Boot -k command).

Nodekeys are also used as the encryption key for BoKS host virtual cards. A virtual card file is a credential store containing X.509 certificates and corresponding private keys.

If a host virtual card is in use it should be deleted and re-created when the nodekey has been changed. You can manage the host virtual card in the host details page in FoxT Control Center.


Resolution / Workaround

Verify the nodekey by running "hostkey -g -h " on the Master. This fetches the key stored in the database, which you can then compare to the one stored locally on the Server Agent in $BOKS_etc/nodekey. If the two do not match, you need to reset the keys.


To reset the nodekeys, a two-step process needs to be performed on the affected Server Agent and the BoKS Master:


1. On the BoKS Master:

  • Obtain root privileges on the system
  • Go to a BoKS shell (default path): /opt/boksm/sbin/boksadm -S
  • Type the following command: hostkey -s -h (where is the hostname of the client)
  • Follow the prompts and remember the nodekey you entered here.


2. On the Server Agent:

  • Obtain root privileges on the system
  • Go to a BoKS shell (default path): /opt/boksm/sbin/boksadm -S
  • Type the following command: hostkey -f
  • Follow the prompts and enter the same nodekey you entered in the steps above.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 28, 2019