Hello I tried Logon with A Script less method from the client, After Entering the User Name and password in the Prompt Screen it just keeps on Loading for 3-5 mins
then i receive the below Error.
SAS Spawner Process:-
The Spawner is Running on the Server and Below SIGNON Code i used to Signon to the Server
TOOLremo contains the name of the Server and sasspawn is the port service on which our Spawner is listening. Also NetEncrptionAlgorith=SSl Option has been Already Defined the Code of Client.
and the same port is opened between both our Server and Client Network.
The Above code Just Works Fine from the Client Server which is in same PN of the Server in which SAS Spawner runs.
but when i try to logon from the client from Different PN it fails with above mentioned Error.
Can you Please help me to resolve this issue
So it works OK over one PVN but not another? The SAS log errors suggest the TCP socket you are trying is blocked. This is most likely a port rule issue. Try testing the port via the problematic PVN.
For test purposes, be more explicit about your SIGNON rather than default to variables since they may not contain what you think.
Try
options netencralg=ssl; %let testrem=<spawner-host-FQDN> <spawner-port-number>; SIGNON testrem USER=_PROMPT_ password=_PROMPT_;
Also, turn on trace logging on the spawner so that you can see if a connection is made and a server is spawned. This will help you know if the client was able to get to the spawner or not and if it did, whether it was able to spawn a server. If the spawner does not show a connection being made, then the firewall is preventing access or there is no route from the client to the spawner.
Hello I tried, the Code Provided By you To SIGNON to the Spawner,
Which i start the login process on the client the screen keeps on roiling and on the server i can see in Netstat that the coneection with client server is established on Spawner port, but after 1-2 minutes the netstat status becomes FIN_WAIT1 and then the connection is closed
Sever - Client Connection Established then closed :-
Port opened between Server and Client :-
And then i receive below Error on the client
ERROR: A communication subsystem partner link setup request failure has occurred.
ERROR: Cannot read TCP socket. System message is ''.
ERROR: Remote signon to TOOLREMO canceled.
NOTE ETL: Log Remote Session :ERROR: A communication subsystem partner link setup request failure has occurred.
NOTE ETL: Log Remote Session :ERROR: Cannot read TCP socket. System message is ''.
NOTE ETL: Log Remote Session :ERROR: Remote signon to TOOLREMO canceled.
________________________________________________________________________________________________________
also i checked with my network team the are Saying the firewall is able to establish a telnet connection between Server and client over the Spawner port but it will Only allow the packets/communications which are secured will SSL as soon as it will detect any unencrypted communication it will terminate the connection.
i am thinking maybe is the client is not able to negotiate the encryption algorithm used be the Spawner. can you help me to understand how exactly the encryption negotiations actually works in SAS Spawner and client so that i can check with the Network team.
Manny thanks Already for all the help 🙂
So I take it you did not see a connection in the log put out by the spawner? I did not see a spawner log in your response.
The data sent to the spawner will not be encrypted at the start since it has to negotiate encryption first. If the firewall does not like that, SSH tunneling will be your only answer to getting through the firewall.
Hello Thanks for your Reply, The Firewall will only allow SSL Connections after some research i have created an SSL Tunnel with the help of S Tunnel in between the Sever and client.
The Tunnel works as follow:-
in the the SAS Client Signon Statement the locolhost and a local port on with STunnel client is listening when the connection is made the Stunnel will forward the connection to the remote host on the port SAS Spawner is listening. with this tunnel the TCP socket error is gone and it seems client is able to make through the Firewall.
But now i am getting the Below Error :-
ERROR: A communication subsystem partner link setup request failure has occurred.
ERROR: Network request failed (rc 0x1EE3BC10) - SSL Error: Invalid subject name in partner's
certificate. Subject name must match machine name.
ERROR: Remote signon to TOOLREMO.14555 canceled.
NOTE ETL: Log Remote Session : dwhmgr 26685
ERROR: A communication subsystem partner link setup request failure has occurred.
NOTE ETL: Log Remote Session : dwhmgr 26685
ERROR: Network request failed (rc 0x1EE3BC10) - SSL Error: Invalid subject name in partner's
NOTE ETL: Log Remote Session : dwhmgr 26685certificate. Subject name must match machine name.
NOTE ETL: Log Remote Session : dwhmgr 26685ERROR: Remote signon to TOOLREMO.14555 canceled.
______________________________________________
Client Address Statement :-
I checked the certificate File and the CN name is correctly pointing towards the hostname of the server
i Think may be this Error is because i am passing localhost as a Server name to the SAS SIGNON Statement thats'why it is not able to verify the server certificate Please correct me if i am wrong.
I already try passing the remote name in options in cline with options SSLSNIHOSTNAME=XXXXXXXX.net; and systemoption=SSLREQCERT="allow";(To bypass if verification fails) But nothing helped.
please help me understand is there a way to skip the Certificate CN verification step ?
I suggest you open a Tech Support track for your problem as you will likely get faster help.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.