Peer verification error

Document ID:7023301
Creation Date:24-Aug-2018
Modified Date:14-Feb-2019
- Micro Focus Products:
  Privileged Account Manager (Privileged User Manager)

Environment

Privileged Account Manager

Situation

Agent has been recently installed, but has not yet been registered to a framework manager

Agent has previously been registered to a framework manager, but has been re-registered to different framework manager

The following error appears in the unifid.log:

Error, Peer verification error for <server>(127.0.0.1) accessing regclnt.getSessionCache

Debug, Response from getSessionCache
<spf i.status="403" message="Peer verification failure" vrm="3.5.0"/>

Resolution

Since this agent has not been registered to a Framework Manager yet, this error appears due to the self-signed, non-trusted certificate in use upon install. However, once the agent is registered, it receives a new certificate from the Manager which acts as the CA in this case. At that point, this message should not appear as the verification is fine. To resolve this scenario, please register the agent with a framework manager.

This error can also happen if registration of an Agent is done with a different manager at some later time as well, as the previous manager may still have the agent entry and attempt to contact the agent, which wouldn't be able to verify the certificate, as it's registered to a new manager at this point. To resolve this scenario, please remove the host entry from the earlier manager that the agent is not longer registered to.

Cause

This error occurs when ssl certificate verification fails.

Additional Information

Issue related to the following forum thread:

https://forums.novell.com/showthread.php/509138-Agent-Registration-PAM?p=2486149#post2486149