Entity links to CM won't come up

[DTDude]

This is the first time I am setting up a new SM instance from scratch. SM/security module is up. CM is up. CM has SMGR's CA trusted and an entity certificate generate by SMGR installed. But I cannot for the life of me get the entity link from SM to CM to come up. It keeps returning 500 - Internal Server Error Destination Unreachable. On the CM side the signaling group status is far-end bypass.

10.139.40.52 is the SM security module. .53 is CM.

Not really sure where to start. I've checked to make sure the IP node name in CM has the correct IP address, made sure the signaling group has the correct near and far end node names and domain name. Double checked to make sure the SIP entity in SMGR for CM has the correct IP address. Everything appears OK.

The only thing that is bugging me is that despite the security module showing as up, I can only ping it from the SM cli. I cannot ping it from CM or any other system.

 

[fondog2]

What does the DRS look like from SMGR. Did you run an initDRS from the ASM to see if it is completing? Any errors? Are you using any 3rd party certs? And the last is the network blocking anything? Not sure if these are in the same room or not.

 

[DTDude]

DRS appears OK. initDRS completes successfully. Replication in SMGR shows as synchronized. No third party certs, everything was generated by SMGR itself. Everything is on the same subnet, same vlan. Nothing between the 2 to block traffic.

 

[DTDude]

Fri May 31 10:49:17 CDT 2024: DRS Replication initialization started.
..
Unconfiguring DRS client
Executing # Dropping DRS schema from swap database
SUCCESS # Dropping DRS schema from swap database
Unregistering from DRS master
Node with external ID: 'MIT-SM01.<insert domain name here>.com' successfully unregistered from its master.
Executing # Drop DRS schema and user
SUCCESS # Drop DRS schema and user
Successfully unconfigured DRS client
Executing # Creating DRS schema and user
SUCCESS # Creating DRS schema and user
Executing # Setting up client secure-store for DB parameters
SUCCESS # Setting up client secure-store for DB parameters
Configuring node as DRS replica
Checking whether DRS configuration exists
DRS not configured! Configuring ...
Executing # Configuring SymmetricDS pre-requisites
SUCCESS # Configuring SymmetricDS pre-requisites
Executing # Creating symmetric.properties
SUCCESS # Creating symmetric.properties
Executing # Creating replica DRS tables
SUCCESS # Creating replica DRS tables
Updating host-address and port required for JMX communication
Executing # Checking whether value entered for jmx-port is a numeric value or not
SUCCESS # Checking whether value entered for jmx-port is a numeric value or not
Successfully updated host-address and port required for JMX communication
Executing # Updating JMX properties
SUCCESS # Updating JMX properties
Successfully configured node as DRS replica
Register replica node with System Manager DRS master started. [1/1]
Sending configurations to master node
Successfully sent aggregated configuration to master node
Executing # Sending registration information to DRS master
SUCCESS # Sending registration information to DRS master
Register replica node with System Manager DRS master succeeded.
Starting Management
.
Waiting for Management components to startup...
Fri May 31 10:49:56 CDT 2024: DRS Replication registration succeeded
Please go to the System Manager Replication Page to check the synchronization state

 

[fondog2]

Is this TLS or UDP. I have found you can determine if it is a cert issue by flipping this to a UDP and see if the links come up. If they do then you know you are missing one.

 

[DTDude]

I had the same thought. Changed the signaling group to TCP on port 5060 and updated the entity link to the same.

No change. Still 500 Internal Server Error Destination Unreachable.

 

[DTDude]

I compared my config to a good config on another system. The config is more or less the same....except on the production config I can ping the SM security module IP address. I can't on my instance. But the security module shows as up!

The only place the security module address is set is in the SM element in SMGR, correct? There's nowhere that it goes in the SM itself?

I almost feel like something went wrong during deployment of SM, or maybe SMGR.

 

[fondog2]

No you add the management IP as a session manager and the SM100 IP in the security module below it. That is what pushes out to it. You also have to add it as a sip entity.

 

[DTDude]

Right. Did all that, and SM itself looks perfectly fine.

Really pretty much at a loss. I've check and double checked my config against a working one. The inability to ping the security module has gotta mean something. I'm almost tempted to re-deploy SM.

 

[DTDude]

Ok I think I've got this resolved most of the way. The documentation on deploying session manager and CM evolution was confusing, and I misunderstood. I thought only 1 NIC was required, when in fact the security module meeds its own. Security module is singable now, and I'm getting 500 - NO media resources instead.

I stood up Media Server yesterday and it was in service last night, but is pending service today. Fix that and I think I should be set.