The Discovery Process Failed with Both HTTP and HTTPS URLs Message Appears While Adding an Isilon Filer

book

Article ID: 100042024

calendar_today

Updated On:

Description

Error Message

WARNING: #{1} System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

Applies to

DataInsight version 5.x and above.

Cause

The problem happens when SSL is disabled. Data Insight (DI) is unable to create a SSL/TLS Secure Channel because of missing common ciphers between "EMC Isilon Filer for TLSv1.2" and Data Insight, or because TLSv1.2 is disabled in the configuration.

Resolution

The webserver configuration files help us to understand which protocols and ciphers are used on either side.
1> server.xml file for DI MS/Collector, stored at /tomcat/conf

For enabling TLSv1.2, server.xml should have the TLS protocol in the SSLEnabled Connector that looks like this:

="true" clientAuth="$ {matrix.clientauth} " .... scheme="https" secure="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" .... ciphers="" .... />

Note: Recent DI versions should have this by default, along with TLSv1.1 enabled.

2> section for 443 port in apache2' httpd.conf on EMC Isilon.

Typically stored at /usr/local/apache2/conf/httpd.conf.

Scenario 1:

This should look like:

.... SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key SSLProtocol -all +TLSv1 +TLSv1.2 SSLCipherSuite SSLEngine On ....

Note: The SSLProtocol parameter above can be used to enable any protocol using "+" and disable using the "-" key.

Enabling TLSv1.2 on both sides, disabling SSLv2/SSLv3, and restarting services on both nodes should get it working on TLSv1.2.

Scenario 2:

The list of ciphers in both configurations should have at least one common cipher. Not having any common ciphers causes the following error:

{1} System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate because they do not possess a common algorithm

To resolve this error, the following TLSv1.2 ciphers can be added to Isilon configuration (httpd.conf), appending the existing list by ":" (colon).

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA

Note: This is only for TLSv1.2.
Depending on the TLS/SSL version you want to use, the list of ciphers will change. However, using TLSv1.2 is recommended unless you are using an older browser or operating system.

Once the ciphers are added to the Isilon configuration, try adding the EMC Isilon Filer again to Data Insight.

Issue/Introduction

"The discovery process failed with both HTTP and HTTPS URLs" appears while adding an Isilon Filer.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"