Older ZoneDirectors won't connect to 9.12.2 FM

  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello,

First question here so be gentle. :)

I am doing some testing with a VM running the latest 9.12.2 Flexmaster software.  I have also installed our wildcard cert successfully.  Unfortunately it seems that older ZDs, such as 9.0 and 9.1 won't connect at all when connecting them to this FM VM.

For practical reasons we cannot upgrade all these ZDs that are in the field and are looking at a way to make this work so we can use vanity URLs for our client sites using our wildcard cert.

I just can't seem to figure out a way to troubleshoot or debug this dilemma and I was hoping you can shed some light on this. For these clients our reach doesn't really extend beyond warping in to the ZDs and changing the FM url to point to our test box.

A huge thank you in advance for your attention to this matter.

Michael M
Photo of Michael Marley

Michael Marley

  • 4 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 717 Posts
  • 151 Reply Likes
Michael,

Never used FM in the past however FM version supports controller of same version or closer to FM version.

For troubleshooting, just see from those Old ZD's, if you are able to ping to the FM VM IP and other way around.

Do these controllers connect to VM FM without wildcard cert?
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 717 Posts
  • 151 Reply Likes
like FlexMaster 9.10.2 Supports below ZoneDirector Models and their versions..
This release supports the following ZD models:
•ZoneDirector 1100 -- 9.10.0.0.218 and later (The ZoneFlex H500 is not supported by the ZD
1100)
•ZoneDirector 1200 -- 9.10.0.0.218 and later
•ZoneDirector 3000 -- 9.10.0.0.218 and later
•ZoneDirector 5000 -- 9.10.0.0.218 and late
Photo of Michael Marley

Michael Marley

  • 4 Posts
  • 0 Reply Likes
Thanks for the reply.  Yes, these systems connect just fine WITHOUT using the wildcard cert.  To reiterate newer ZDs connect just fine with the wildcard cert but older ones do not. This is purely a SSL handshake issue, and not a networking issue per se.
Photo of Michael Brado

Michael Brado, Official Rep

  • 1982 Posts
  • 277 Reply Likes
The FlexMaster product has always been designed to support at least TWO (2) ZD versions back*.
 
(*But often can recognize further forward or back, with the caveat that Templates may or may not
include features not found later than the FM version.)

Actually, I'm quite surprised that 9.12 FM can see back past ZD 9.5, which would be 7 versions back,
but not really surprised about versions 9.0/9.1 that would be well EoL'd before FM 9.10+.

If you still use ZD1000, you should be running the latest 9.3.4.0.21 for that model.
(Edited)
Photo of Michael Marley

Michael Marley

  • 4 Posts
  • 0 Reply Likes
Hello Michael.

Thanks for chiming in. I believe you actually work very closely with my company and I was hoping you would chime in. We have thousands of sites and are really looking to ease management for ourselves and our clients. Being able to use our wildcard cert across our FMs is a key part of what we are trying to accomplish.

I am just looking for a way we can debug/troubleshoot this as there seems to be very little that can be gleamed from any obvious log.  For instance - when I change the FM url in the zd all I see in the log is that the fm has been changed.  I see nothing about it not actually connecting successfully, which also means I have nothing further to look at.

Surely there must be some way to actually see what is failing behind the scenes to enable further investigation.  Thanks and I look forward to finding a resolution for this.
Photo of Michael Brado

Michael Brado, Official Rep

  • 1982 Posts
  • 277 Reply Likes
Hi Michael,

   I'm glad you're a long time customer, and if FM is key to your business, please open a TAC case
to get this into our system for tracking. The official stance has always been to support two ZD versions
back from FM, so the older versions are not "officially" supported might be the bottom line.  Perhaps
FM audit logs and ZD syslogs might be helpful to explore ZD visibility/certificate exchange, but will take
deeper investigation.   
  Number two, if you are using FM extensively, do you have a physical server installation of FM 9.12.2,
rather than the VM installation?  I would be interested to know if the platform was in any way a factor.
Hopefully, our FM product manager might be following this thread, if they have further input.  Thanks.
Photo of Michael Marley

Michael Marley

  • 4 Posts
  • 0 Reply Likes
Thank you Michael. I have opened a case for this.