Deployment Architecture

Searchhead is unable to update the peer information. Error = 'Unable to reach master'

sarvesh_11
Communicator

Hi Splunkers,
I am configuring a new standalone search head, while configuration i am getting below warning,did my work around but unable to rectify it.

The searchhead is unable to update the peer information. Error = 'Unable to reach master' for master=https://Masterserver.com:8089.

My Indexers are in Cluster and in Splunk Cloud, and i am using this Standalone search head, this is in AWS Cloud.

Though i am not sure, below log is helpful in context to this, but this is the log i am repeatedly getting in /opt/splunk/var/log/splunk/splunkd.log

ERROR ClusteringMgr - VerifyMultisiteConfig failed Error=failed method=GET path=/services/cluster/master/info/?output_mode=json master=MasterServer.com:8089 rv=0 gotConnectionError=0 gotUnexpectedStatusCode=1 actual_response_code=401 expected_response_code=2xx status_line="Unauthorized" socket_error="No error" remote_error=call not properly authenticated

Thanks in Advance.

1 Solution

DavidHourani
Super Champion

Hi @sarvesh_11,

You're getting error code 401 meaning u have an authentication issue.

Try re-entering you're pass4symmkey and restarting your SH.

Cheers,
David

View solution in original post

DavidHourani
Super Champion

Hi @sarvesh_11,

You're getting error code 401 meaning u have an authentication issue.

Try re-entering you're pass4symmkey and restarting your SH.

Cheers,
David

sarvesh_11
Communicator

Hey @DavidHourani i did this is server.conf on SH but no change, error is still the same.

0 Karma

DavidHourani
Super Champion

Any cert configured ?

Try the solution shown here :
https://answers.splunk.com/answers/562198/error-clusteringmgr-verifymultisiteconfig-failed-w-1.html

Before starting splunk, try to backup server.conf , then remove the sslConfig stantza in the server.conf and start the splunk.
0 Karma

sarvesh_11
Communicator

Yeah @DavidHourani tried this too, removed the sslconfig stanza from /local/server.conf.
Yet no luck

0 Karma

DavidHourani
Super Champion

what do you get when you run : nc -vv Your_CM_IP 8089 from your SH

0 Karma

sarvesh_11
Communicator

@DavidHourani
Ncat: Version 7.50 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
libnsock nsi_new2(): nsi_new (IOD #1)
libnsock nsock_connect_tcp(): TCP connection requested to CM_IP:8089 (IOD #1) EID 8
libnsock nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [CM_IP:8089]
Ncat: Connected to CM_IP:8089.

THis looks fine, than definitely issue with pass4symmkey

0 Karma

DavidHourani
Super Champion

seems like it, yes

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...