Jump to content
Welcome to our new Citrix community!
  • 1

power state UNKNOWN post Nutanix AOS 5.20.4.6 LTS upgrade


Balaji Muthukrishnan

Question

Hello all - just posting the update related to powerstate issue, I faced recently post AOS upgrade for evryone's benefit...

 

 

I have a CVAD 1912 CU5 env with backend Nutanix Clusters...After upgrading the Nutanix AOS to 5.20.4.6 LTS, started seeing issues with VDA initially as

 

--VDA Registered but Powerstate if OFF

--randomly VDA fault state goes in to UNREGISTERED state

--if you restart Citrix* services or reboot DCs Power state of VDAs goes in to UNKNOWN powerstate

--Test HOst connect generates connectivity errors though the overall test reports successful

--get-brokerhypervisorconnection -property Name,State ==> will show Host state as unavailable (post restart of services or reboot of DC)

 

I just tried the usuall steps of 

 

--removing the VDA from Delivery Group and adding to back but didnt help

--uuid of the VDA is same as in the Hyp

 

When i check the events in the DC, they were showing Citrix Host errors with coomunication errors

~~~~

A problem occurred while updating a broker host connection ('C') with information from the Citrix Host Service. 
 
Verify that the Citrix Host Service is running and configured. Verify that the specified host is reachable with the URL and credentials specified in the host connection. 
 

Event ID: 3031
Error details: 
Exception 'Failed to create HCL plugin : Request Url = https://12:9440/PrismGateway/services/rest/v1/cluster/
                             Request Body = ,
                             Request status : SecureChannelFailure, 
                             Http Status :0,
                             Response : ,
                             Exception :System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

~~~~

 

With this info, I contacted support and found, there is a known issue with Nutanix 5.20.4.6 LTS update.

 

--Post AOS 5.20.4.6 upgrade Nutanix is dropping a CIPHER suite ("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" ) which Citrix is still using, this is causing the communiation failure issue with Host only on the upgraded clusters. Support gave a commandline to explicitly enable the cipher in the Nutanix CVMs to enable it

 

`~~~~

allssh 'edit-ikat-config --add_cipher_suites="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" --cluster_wide_update=false'

~~~~

 

Connect to the Cluster CVM using Putty session

run the command

this will update the file in all the CVMs and restart the service

 

--post the change, I was able to successfully test the Host connection and VDA Power state issue got resolved

Link to comment

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...