TrueNAS Command constantly loses connection to TrueNAS core appliances

[TheUsD]

Two TrueNAS core devices running on same version: TrueNAS-13.0-U3
One TrueCommand System Version: 2.2.2 Middleware Version: 2.2.2-20221018 running on Debian 11 (VM)

TrueCommand randomly, but constantly loses connection to TrueNAS Core devices. In order to resolve issue, I must delete the device from TrueCommand and then add it back. It does not matter if I re-use the same API keys or if I generate new keys. No changes are made to the environment in any fashion.

Error messages are consistent in TrueCommand:

The Certificates are valid, they are OV wildcard certs from a very well-known public CA. I have tried adding in via FQDN and by IP. Same results.

 

[morganL]

Two TrueNAS core devices running on same version: TrueNAS-13.0-U3
One TrueCommand System Version: 2.2.2 Middleware Version: 2.2.2-20221018 running on Debian 11 (VM)

TrueCommand randomly, but constantly loses connection to TrueNAS Core devices. In order to resolve issue, I must delete the device from TrueCommand and then add it back. It does not matter if I re-use the same API keys or if I generate new keys. No changes are made to the environment in any fashion.

Error messages are consistent in TrueCommand: View attachment 60789
The Certificates are valid, they are OV wildcard certs from a very well-known public CA. I have tried adding in via FQDN and by IP. Same results.

Thanks ... has this always happened or after an update?

Can you estimate frequency per node?

Is anyone else seeing a similar issue?

 

[TheUsD]

Thanks ... has this always happened or after an update?

This was happening when the two nodes were on the previous version of Core 13 but I am unaware of which version of TrueCommand I started with the first time I attempted to use it. I ended up deleting the VM and spinning up a new VM on 11/30. Since then, I have lost the nodes 2 to 3 times. I do not always restore the nodes.

Can you estimate frequency per node?

To help give a better frequency, I attempted to delete and re-add both nodes. However, I am now being presented with a new error.

Again, these are office OV wildcard certs on said nodes. Same wildcard certs I use in my entire domain, for my company. The information I am blocking is the domain name (in the picture of OP and the IP in this post's photo.

I even went and switched back to the default cert on the NAS-01.

 

[TheUsD]

@morganL This may need to be moved to the right forum. I just realized I put this in the Scale forums, not Command.

 

[HoneyBadger]

This was happening when the two nodes were on the previous version of Core 13 but I am unaware of which version of TrueCommand I started with the first time I attempted to use it. I ended up deleting the VM and spinning up a new VM on 11/30. Since then, I have lost the nodes 2 to 3 times. I do not always restore the nodes.


To help give a better frequency, I attempted to delete and re-add both nodes. However, I am now being presented with a new error.
View attachment 60803

Again, these are office OV wildcard certs on said nodes. Same wildcard certs I use in my entire domain, for my company. The information I am blocking is the domain name (in the picture of OP and the IP in this post's photo.

I even went and switched back to the default cert on the NAS-01.

That screenshot is hinting at the answer and it's something I've had to fight with when it comes to wildcard certificates. It's looking for the IP address in the Subject Alternate Name field of the extended properties of your SSL cert.

This is an external CA - do they allow duplicate issues of the cert with additional custom values?

Your original issue seems to imply that your SSL cert isn't being trusted by the TrueCommand VM - is there perhaps a missing intermediate certificate? Might need to open a console session on the TC instance and use some command line OpenSSL to check for validity errors.

 

[TheUsD]

I would chalk this up as nothing more than an issue with TrueCommand. The OV cert is issued by Sectigo. But moving on with it being a "my" cert issue, the same error message is generated when using the native FreeNAS cert that comes with TC / Core.

Uploaded the OV's .CRT and .KEY in all three appliances. The Cores and TC have no issues using the OV when being accessed via webgui. Also, to note, this cert is used in many appliances including FWs, Switches, that utilize SSL for VPNs and about 30 other applications, hardware and services.

Hope that info helps.

 

[morganL]

I would chalk this up as nothing more than an issue with TrueCommand. The OV cert is issued by Sectigo. But moving on with it being a "my" cert issue, the same error message is generated when using the native FreeNAS cert that comes with TC / Core.

Uploaded the OV's .CRT and .KEY in all three appliances. The Cores and TC have no issues using the OV when being accessed via webgui. Also, to note, this cert is used in many appliances including FWs, Switches, that utilize SSL for VPNs and about 30 other applications, hardware and services.

Hope that info helps.

Please report-a-bug with the cert information.

@wsoteros - can we move this thread to TrueCommand. forum.

 

[TheUsD]

Please report-a-bug with the cert information.

Can you please remind me on how to report a bug, properly?

 

[Redcoat]

Can you please remind me on how to report a bug, properly?

See "Report a Bug" on the masthead

You'll have to make a Jira account if you don't already have one.

 

[morganL]

Can you please remind me on how to report a bug, properly?

After you report, can you post the bugID.