samba服务器连接失败盒子_DSG串联向日葵、TV等应用连接服务器失败

• 故障现象

DSG串行部署&＃xff0c;在使用向日葵等应用时出现连接服务器失败的情况&＃xff0c;当禁用https协议后全部正常。DSG串行由于有ATS的参与&＃xff0c;所有https的流量要过ATS处理&＃xff0c;在此时会出现和证书有关的问题。

• 故障分析

在DSG上将https协议禁用&＃xff1b;

客户端向日葵连接服务器成功&＃xff1b;

再次将https协议启用&＃xff1b;

向日葵连接服务器再次失败&＃xff1b;

在开启https协议后&＃xff0c;DSG串行环境下客户端使用DSG自签发的CA证书&＃xff0c;通过wireshark抓包可以看到我们的证书&＃xff0c;如下所示&＃xff1b;

同时&＃xff0c;在客户端查看向日葵的日志&＃xff0c;发现证书校验失败&＃xff1b;

• 故障解决

故障原因&＃xff1a;DSG串行下&＃xff0c;向日葵的客户端会验证证书&＃xff0c;我们的是自签发证书&＃xff0c;因此向日葵客户端校验证书失败。

临时解决&＃xff1a;(添加SSL例外)

基于来源的SSL例外&＃xff1b;

但上述方法明显不是最优的解决方法&＃xff0c;因为会对这个IP地址的主机进行全局的例外&＃xff0c;很多用户不愿意采用上述方法。

推荐方法&＃xff1a;

同样是配置全局例外功能&＃xff0c;我们仅对访问的目标域名进行例外即可。

测试验证&＃xff1b;

补充&＃xff1a;向日葵log

全局例外前&＃xff1b;

2020-09-24 10:22:13.740      - Info  -     [http call3] new call id:15, url:https://slapi.oray.net/remote/get-fastcode

2020-09-24 10:22:13.740      - Info  -     [http call3] id:15 create new connection : https://slapi.oray.net:443

2020-09-24 10:22:13.749      - Info  -     attempt to connect server slapi.oray.net:443(121.40.59.15:443)

2020-09-24 10:22:13.763      * Error *   ! The certificate is not correctly signed by the trusted CA

2020-09-24 10:22:13.763      - Info  -     sslstream disconnect with POLARSSL_ERR_X509_CERT_VERIFY_FAILED

全局例外后&＃xff1b;

2020-09-24 10:24:16.455      - Info  -     [http call3] new call id:16, url:https://slapi.oray.net/remote/get-fastcode

2020-09-24 10:24:16.456      - Info  -     [http call3] id:16 create new connection : https://slapi.oray.net:443

2020-09-24 10:24:16.465      - Info  -     attempt to connect server slapi.oray.net:443(121.41.74.206:443)

2020-09-24 10:24:16.927      - Info  -     [http call3] id:16, url:https://slapi.oray.net/remote/get-fastcode, status code:200

2020-09-24 10:24:16.936      - Info  -     attempt to connect server rc10-fc02.oray.com:443(47.99.48.228:443)

2020-09-24 10:24:17.053      - Info  -     [service] attempted logon

2020-09-24 10:24:17.109      - Info  -     [service] logon server OK. public ip:124.127.119.210

2020-09-24 10:24:17.143      - Info  -     [online] attempted client online

2020-09-24 10:24:17.178      - Info  -     [online] client online OK.

2020-09-24 10:24:17.180      - Info  -     [online] received name:default , description:default .

2020-09-24 10:24:17.181      - Info  -     [service] attempted register client to server

2020-09-24 10:24:17.215      - Info  -     [service] registered client to server

2020-09-24 10:24:17.215      - Info  -     [http call3] new call id:17, url:https://sl-log.oray.net/slclientlog

2020-09-24 10:24:17.215      - Info  -     Current client status: 1

2020-09-24 10:24:17.215      - Info  -     send status_changed notify 1

2020-09-24 10:24:17.218      - Info  -     [http call3] id:17 create new connection : https://sl-log.oray.net:443

2020-09-24 10:24:17.222      - Info  -     [discover] Client NotifyDiscover type&＃61;5

2020-09-24 10:24:17.225      - Info  -     [mac] local ip:172.18.0.101

2020-09-24 10:24:17.225      - Info  -     [mac] mac address:EA:FF:2B:3D:5A:C9

2020-09-24 10:24:17.231      - Info  -     [OnLogin start]

2020-09-24 10:24:17.231      - Info  -     [http call3] new call id:18, url:https://slapi.oray.net/sunlogin/remote-info.update

2020-09-24 10:24:17.231      - Info  -     [OnLogin] WaittingTask Start

2020-09-24 10:24:17.231      - Info  -     [OnLogin end]

2020-09-24 10:24:17.237      - Info  -     [OnLogin] WaittingTask end

2020-09-24 10:24:21.229      - Info  -     attempt to connect server sl-log.oray.net:443(121.40.118.44:443)

2020-09-24 10:24:21.229      - Info  -     [http call3] id:18 use old connection : https://slapi.oray.net:443

2020-09-24 10:24:21.539      - Info  -     [http call3] id:18, url:https://slapi.oray.net/sunlogin/remote-info.update, status code:200

2020-09-24 10:24:21.539      - Info  -     upload remote info ok

2020-09-24 10:24:22.170      - Info  -     [http call3] id:17, url:https://sl-log.oray.net/slclientlog, status code:200