Unable to direct agents to Scalability server

Document ID : KB000116850
Last Modified Date : 03/10/2018
Show Technical Document Details
Issue:
Unable to direct endpoints to Scalability server even though ITCA / ITCM /DSM ports (4105,7163,4728) are opened bi-directionally between the endpoints and SS. camping is working from both the ends
In this case caf ping isn't working at all, getting below error

caf ping 10.224.14.201 CA DSM r12
Common Application Framework 12.9.0.338
Copyright (c) 2014 CA Technologies. All rights reserved.

Pinging caf on 10.224.14.201...
[1] 50800 ms: Failed to send a message to caf: . Possible reasons for this are: the host may not be contactable, caf may not be running or caf is too busy to reply.: The remote machine was not contactable. The peer messaging service may not be running or network errors were encountered.
[2] 38733 ms: Failed to send a message to caf: . Possible reasons for this are: the host may not be contactable, caf may not be running or caf is too busy to reply.: The remote machine was not contactable. The peer messaging service may not be running or network errors were encountered.
[3] 40091 ms: Failed to send a message to caf: . Possible reasons for this are: the host may not be contactable, caf may not be running or caf is too busy to reply.: The remote machine was not contactable. The peer messaging service may not be running or network errors were encountered.
[4] 39706 ms: Failed to send a message to caf: . Possible reasons for this are: the host may not be contactable, caf may not be running or caf is too busy to reply.: The remote machine was not contactable. The peer messaging service may not be running or network errors were encountered.
Cause:
This can be caused when there are multiple anonymous certificates on the agent, Scalability Server or both. Client Automation generates a special 'self-signed' certificate, post installation, that is used to authenticate communication and this certificate is deleted and replaced with a new one every year. There have been bugs in previous versions that allowed this new certificate to generate without the old one being deleted, causing the problem and subsequently more and more anonymous certificates would be created. As a result random failures can occur, worsening over time.

The only solution is to run a script that will delete all anonymous certificates, one at a time, by SKID and then allow CAF to generate a new single one normally which will resolve the issue when CAF is restarted.
Resolution:
The only solution is to run a script that will delete all anonymous certificates, one at a time, by SKID and then allow CAF to generate a new single one normally which will resolve the issue when CAF is restarted.

Below is a sample batch script that can be used for this purpose:

.hoverBox {padding: 0;position: fixed;overflow: hidden;top: 0;left: 0;border: 3px solid #0070d2;height: 300px;width: 450px;z-index: 70;background-color: rgb(255, 255, 255);box-shadow: rgba(0, 0, 0, 0.156863) 0px 2px 3px;border-radius: 4px;}.hoverFrame {padding: 0;position: absolute;overflow: auto;top: 0;left: 0;border: 0px none;height: 300px;width: 450px;}<br><br> @Echo off
SetLocal EnableDelayedExpansion

Call :Start>"%~DP0DelAnonymous.txt"

:Start
REM Set User Configurable Variables
    Set CertUtilCmd=cacertutil.exe
    Set ListCMD=%CertUtilCmd% list -v
    
    Set MyError=0
        %ListCMD% >nul
    Set MyError=%Errorlevel%
    If "%MyError%"=="" Set MyError=0
    If Not "%MyError%"=="0" Echo "%CertUtilCmd% test failed, aborting process"
    If Not "%MyError%"=="0" Exit 99

Echo "Beginning ITCM anonymous certificate processing on %computername% at %Time% on %Date%"

REM Set Unique portion of cert subject you wish to purge
    Set AnonString=OU=itcm-self-signed,O=ca
    Set SubString=Subject
    
REM Initialize needed variables
    Set GotAnon=False
    Set MySkid=Nothing
    Set SubVar=Nothing
    Set Var=Nothing
    
    For /F "tokens=1,2*" %%a in ('%ListCMD%') do (
    Set SubVar=%%a
    Set Var=%%c
    Set AnonFound=False
    Set SubFound=False

    If /I "!GotAnon!"=="True" Echo "Running %CertUtilCmd% remove -skid:!Var!"
    If /I "!GotAnon!"=="True" Echo.
    If /I "!GotAnon!"=="True" %CertUtilCmd% remove -skid:!Var!
    If /I "!GotAnon!"=="True" Set GotAnon=False

    Set MyError=0
        Echo !Var! | findstr /I /C:"%AnonString%" >nul
    Set MyError=!Errorlevel!
    If "!MyError!"=="" Set MyError=0
    If "!MyError!"=="0" Set AnonFound=True

    Set MyError=0
        Echo !SubVar! | findstr /I /C:"%SubString%" >nul
    Set MyError=!Errorlevel!
    If "!MyError!"=="" Set MyError=0
    If "!MyError!"=="0" Set SubFound=True

    If /I "!AnonFound!!SubFound!"=="TrueTrue" Set GotAnon=True
)

Echo "Completing ITCM Anonymous certificate wipe and regen at %Time% on %Date%"

exit 0