Hi Phil, Are you sure that the certificates have valid SubjectAlternativeName entries for the proper hostnames?
Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Dec 3, 2019, at 7:53 PM, Phil H <gippyp...@gmail.com> wrote: > > Okay thanks I’ll check that state/local thing out. > > Drilling a little further on the main issue, it seems to boil down to NiFi > on Server B having an UnknownHostException for the FQDN for Server B. I am > just using /etc/hosts for the naming (no DNS in our server enclave) and of > course I have confirmed spelling, etc. I even wrote a two line Java program > that calls InetAddress.getAllByName, and passing it the same FQDN (copies > and pasted from the nifi stack trace) resolves without a problem. So now I > am really confused. I have rebooted Server B and that didn’t change > anything. I also tried an alternate FQDN and that has the same behavior on > Server B > > Really confused now! > > On Wed, 4 Dec 2019 at 01:14, Bryan Bende <bbe...@gmail.com> wrote: > >> Hello, >> >> To get rid of the old values from before securing your cluster, remove >> the state/local directory on both servers (assuming you don't have any >> processor state that you care about since this is a new cluster). >> >> For the other issue, is there a stacktrace with more info? >> >> Thanks, >> >> Bryan >> >> On Mon, Dec 2, 2019 at 7:14 PM Phil H <gippyp...@gmail.com> wrote: >>> >>> Hi there, >>> >>> I (almost) have a secure nifi 1.9.2 cluster of two servers. Server A >> starts >>> up fine, but Server B fails to start with this error (I cannot copy/paste >>> as it is an offline system) >>> >>> Could not start listening for incoming connections in order to load >> balance >>> data across the cluster. Please verify the values of >>> ‘nifi.cluster.load.balance.port’ and ‘ nifi.cluster.load.balance.host’ >>> property as well as the ‘nifi.security.*’ properties >>> >>> The config between the two servers are identical, apart from the >> respective >>> host names, and there are no other applications trying to bind on any of >>> the ports on Server B. I have also tried changing ports in case it was >>> something simple like that. >>> >>> Additionally, when restarting Server A, I occasionally see references to >>> cluster members from before I had the secure config (eg: IP address / >> port >>> 80) - how do I expunge any prior info regarding cluster members and start >>> again with the two servers I now have?? >>> >>> >>> Regards, >>> Phil >>