Having some small challenges with a configuration that has two Domain Orchestrators (behind an F5 load balancer) and one Agent on a Service Desk application server. The issue seems to be around the communication between the Agent and both nodes of the cluster.
To clarify, we are using secure (SSL) communications and have configured PAM to use port 8443 for web (and web service) connections with a properly signed (wildcard) certificate. We can log into PAM from a browser (port 8443)and the connection is secure.
We also understand that the communcation between PAM components is over port 443 (simplified communications) using the self-signed certificates found in c2okeystore.
In our configuration there seems to be a behavior inconsistency between the PAM Agent and the Orchestrators. It would be useful to better understand the correct values for the following parameters found in the domain.xml file (443 vs 8443) on the Orchestrators and Agent:
Any insights you can provide will be much appreciated.
Port usage documentation can be found here:
Ports Used by CA Process Automation - CA Process Automation - 04.3.02 - CA Technologies Documentation
Here are the values from an internal LAB setup against an NGINX load balancer:
I hope this helps!
Thanks for verifying that from your LAB setup. I suspect an issue with the F5 load balancer configuration. I'll have to spend more time with the network guru.
Please correct me if my understanding is wrong:
In simplified communications, the Agent maintains a connection with the Orchestrators (through the load balancer, port 443) to be informed when there is work to do. (I assume this as the Agent is not listening on any port and I see a network connection between the Agent and the load balancer. Viewed using Process Explorer.)
Here is the issue I am seeing:
I wonder if I should see two connections between the Agent and the load balancer, one for each Orchestrator.
This also manifests itself with Process Operators assigned to the Agent sometimes failing with System Error "Message could not be posted to the node."