IBM Support

PH17929: INSTALLING AN UCD AGENT REMOTELY USING THE WEB UI FAILS WITH: UNABLE TO REACH A SETTLEMENT

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Installing an UCD agent remotely using the REST API or via WebUI
fails with:
Could not connect to host: Unable to reach a settlement:
[hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and
[hmac-sha2-512, hmac-sha2-256, hmac-sha2-512, hmac-sha2-256].

1. Get a RedHat Enterprise Linux or other Linux machine

2. Add on the machine to /etc/ssh/sshd_config the following to
enable strong ciphers (especially MACs):
Ciphers
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cb
c
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256

3. Restart the sshd service using systemctl restart
sshd.service. Check for potential problems using journalctl -xe

4. Create in Resources > Agent Configuration Templates a
template pointing to your UCD server. This does not need to be
valid though since we fail even when doing the SSL handshake
with the machine where we install later

5. In Resources, press Install New Agent. Specify the Linux box
from 1 and 2. Specify the required details. Settings on Agent
Installation Properties do not matter either (only folder Temp
Dir Path)

Actual result:
Error message "Could not connect to host: Unable to reach a
settlement: [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and
[hmac-sha2-512, hmac-sha2-256, hmac-sha2-512, hmac-sha2-256]" is
shown.

Expected result:
Agent is installed successfully

Local fix

  • Install agent from the command line

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* All end users on all supported browsers.                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Installing an UCD agent remotely using the REST API or via   *
* WebUI                                                        *
* fails with:                                                  *
* Could not connect to host: Unable to reach a settlement:     *
* [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and         *
* [hmac-sha2-512, hmac-sha2-256, hmac-sha2-512,                *
* hmac-sha2-256].                                              *
*                                                              *
* 1. Get a RedHat Enterprise Linux or other Linux machine      *
*                                                              *
* 2. Add on the machine to /etc/ssh/sshd_config the following  *
* to                                                           *
* enable strong ciphers (especially MACs):                     *
* Ciphers                                                      *
* aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12 *
* 8-cb                                                         *
* c                                                            *
* MACs hmac-sha2-512,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256 *
*                                                              *
* 3. Restart the sshd service using systemctl restart          *
* sshd.service. Check for potential problems using journalctl  *
* -xe                                                          *
*                                                              *
* 4. Create in Resources > Agent Configuration Templates a     *
* template pointing to your UCD server. This does not need to  *
* be                                                           *
* valid though since we fail even when doing the SSL handshake *
* with the machine where we install later                      *
*                                                              *
* 5. In Resources, press Install New Agent. Specify the Linux  *
* box                                                          *
* from 1 and 2. Specify the required details. Settings on      *
* Agent                                                        *
* Installation Properties do not matter either (only folder    *
* Temp                                                         *
* Dir Path)                                                    *
*                                                              *
* Actual result:                                               *
* Error message "Could not connect to host: Unable to reach a  *
* settlement: [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] *
* and                                                          *
* [hmac-sha2-512, hmac-sha2-256, hmac-sha2-512,                *
* hmac-sha2-256]" is                                           *
* shown.                                                       *
*                                                              *
* Expected result:                                             *
* Agent is installed successfully                              *
****************************************************************
* RECOMMENDATION:                                              *
* Fixed in version 7.0.5.0                                     *
****************************************************************

Problem conclusion

  • Fix is provided in IBM UrbanCode Deploy 7.0.5.0

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH17929
    • 

  • Reported component name
    UC DEPLOY
    • 

  • Reported component ID
    5725M5400
    • 

  • Reported release
    701
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-10-10
    • 

  • Closed date
    2020-01-14
    • 

  • Last modified date
    2020-01-14
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    UC DEPLOY
    • 

  • Fixed component ID
    5725M5400
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"701","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            14 January 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback