APAR status
Closed as program error.
Error description
Installing an UCD agent remotely using the REST API or via WebUI fails with: Could not connect to host: Unable to reach a settlement: [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and [hmac-sha2-512, hmac-sha2-256, hmac-sha2-512, hmac-sha2-256]. 1. Get a RedHat Enterprise Linux or other Linux machine 2. Add on the machine to /etc/ssh/sshd_config the following to enable strong ciphers (especially MACs): Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cb c MACs hmac-sha2-512,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256 3. Restart the sshd service using systemctl restart sshd.service. Check for potential problems using journalctl -xe 4. Create in Resources > Agent Configuration Templates a template pointing to your UCD server. This does not need to be valid though since we fail even when doing the SSL handshake with the machine where we install later 5. In Resources, press Install New Agent. Specify the Linux box from 1 and 2. Specify the required details. Settings on Agent Installation Properties do not matter either (only folder Temp Dir Path) Actual result: Error message "Could not connect to host: Unable to reach a settlement: [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and [hmac-sha2-512, hmac-sha2-256, hmac-sha2-512, hmac-sha2-256]" is shown. Expected result: Agent is installed successfully
Local fix
Install agent from the command line
Problem summary
**************************************************************** * USERS AFFECTED: * * All end users on all supported browsers. * **************************************************************** * PROBLEM DESCRIPTION: * * Installing an UCD agent remotely using the REST API or via * * WebUI * * fails with: * * Could not connect to host: Unable to reach a settlement: * * [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and * * [hmac-sha2-512, hmac-sha2-256, hmac-sha2-512, * * hmac-sha2-256]. * * * * 1. Get a RedHat Enterprise Linux or other Linux machine * * * * 2. Add on the machine to /etc/ssh/sshd_config the following * * to * * enable strong ciphers (especially MACs): * * Ciphers * * aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12 * * 8-cb * * c * * MACs hmac-sha2-512,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256 * * * * 3. Restart the sshd service using systemctl restart * * sshd.service. Check for potential problems using journalctl * * -xe * * * * 4. Create in Resources > Agent Configuration Templates a * * template pointing to your UCD server. This does not need to * * be * * valid though since we fail even when doing the SSL handshake * * with the machine where we install later * * * * 5. In Resources, press Install New Agent. Specify the Linux * * box * * from 1 and 2. Specify the required details. Settings on * * Agent * * Installation Properties do not matter either (only folder * * Temp * * Dir Path) * * * * Actual result: * * Error message "Could not connect to host: Unable to reach a * * settlement: [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] * * and * * [hmac-sha2-512, hmac-sha2-256, hmac-sha2-512, * * hmac-sha2-256]" is * * shown. * * * * Expected result: * * Agent is installed successfully * **************************************************************** * RECOMMENDATION: * * Fixed in version 7.0.5.0 * ****************************************************************
Problem conclusion
Fix is provided in IBM UrbanCode Deploy 7.0.5.0
Temporary fix
Comments
APAR Information
APAR number
PH17929
Reported component name
UC DEPLOY
Reported component ID
5725M5400
Reported release
701
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-10-10
Closed date
2020-01-14
Last modified date
2020-01-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
UC DEPLOY
Fixed component ID
5725M5400
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"701","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
14 January 2020