Hi Dojo,
There is a failover pair where main DataMiner Agent's Inventory Asset Manager(IAM) is able to connect to a remote MySQL8 server and shows up data - here TLSv1.0 and TLSv1.1 still activated.
In the backup agent, TLSv1.0 and TLSv1.1 are already deactivated due to certain policies - so this agent cant connect to the Database. I am trying to configure TLSv1.2 for the IAM to connect to the DB, but unable to do so.
Is this possible ? (considering the fact the settings are going to be different between the agents of a failover pair) If this is possible, how do we do this ? Thanks in advance.
Hi Arunkrishna,
Since the active and offline agents will monitor the same devices/DBs, it is not advised to have different configurations on these two DMAs.
I believe that the use case here is to test first the TLS configuration update (disable TLS1.0, TLS1.1) on the offline agent and, if everything goes well, perform the same configuration on the active agent. Since an offline agent can be used whenever the active agent is down, it is better to perform these tests in a Staging environment.
Nevertheless, we will still need to further investigate why a DMA cannot connect to a external MySQL DB when TLSv1.0 and TLSv1.1 are deactivated (question already raised in Dojo: Enable IAM Access to a remote MySQL DB).
An update about this topic. After further investigation we found that DMA version 10.0.0.0 uses an SLDatabase.dll which was built with .NET4.5. TLS1.2 is only supported as of 4.5.2, therefore it does not work.
A fix for this issue will be available:
Main release: 10.1.0
Feature release: 10.0.6.0-9101
Reference: DCP146754