Why would a share secret become invalid?

Document ID : KB000030140
Last Modified Date : 14/02/2018
Show Technical Document Details

On Unix/Linux System, if you modify any of the following, the shared secret would become invalid and you would need to re-register the host.

Mostly the hostid is used to  create the shared secret, but also the /etc/hosts file and probably other OS details, which are kept  confidential by CA for security reasons.



The hostid is normally a representation of the Network MAC address of the server but can also be changed by editing the file /etc/hostid.It is a identifier of the host.

This identifier is used by the algorithm to  generate the sharedsecret for an agent (we use the hostId of the agent  machine for Unix machine).

It means that if you change the hostId or the network card the shared secret will become invalid.
If you have the same hostid on all boxes, maybe they are clones or maybe  they have all the same network MAC address or the same /etc/hostid.

By typing hostid on your system you will know which hostid has been used to genere your shared secret.

If you have an handshake error (PS side) when starting the agent when it tried to get its configuration meaning that it is not able to establish a trusted connection with PS, you could check the value of the hostid and see if it changed. Then you can check the /etc/hosts or any other OS changed.