PingAccess

Troubleshooting

The following table lists some potential problems and resolutions you might encounter with the PingAccess agent for SUSE Linux Enterprise Server (SLES).

Issue Resolution

Agent receives an unknown protocol error when attempting to contact the administrative node

This can indicate that the operating system is using sha1 for encryption. This protocol is no longer supported by default in PingAccess.

We recommend switching to SHA-256. If you cannot switch to SHA-256, you can re-enable SHA-1:

  1. Open the run.properties file.

  2. Add TLSv1 to the protocol list.

    tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

  3. Add the SHA entries to the cipher suites list.

    tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\
                           TLS_AES_256_GCM_SHA384,\
                           TLS_AES_128_GCM_SHA256,\
                           TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\
                           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
                           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
                           TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\
                           TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\
                           TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
                           TLS_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA