Error: F_JG2194: Remote Certificate Does Not Match Required Certificate

Issue

The following error occurs when multiple HVR Agent machines are configured to connect to the same location (e.g., when used in a cluster such as Oracle RAC or redundancy/failover):

F_JG2194: Remote certificate does not match required certificate.

Environment

• HVR 6
• Multiple HVR Agent machines connecting to same location (e.g., Oracle RAC)

Resolution

To resolve this issue, do the following:

1. Copy the HVR Agent configuration files (hvragent.user and hvragent.conf available in HVR_CONFIG/etc directory) from one agent machine (or primary RAC node) to the rest of the agent machines (or nodes). This ensures that the agent property Agent_Server_Public_Certificate across all agent machines (or RAC nodes) is the same.
2. (optional) If a connection to an agent machine (or RAC node) was already established when this error occurred, unset the location property Agent_Server_Public_Certificate from the UI (by editing the location's properties) or the CLI using the command hvrlocationconfig:

   hvrlocationconfig hubname locationname Agent_Server_Public_Certificate=
   

Cause

This issue occurs because the public certificate of the HVR Agent stored in the hub repository (location property Agent_Server_Public_Certificate) does not match with the agent machine (or Oracle RAC node) to which the HVR hub is establishing a connection. For more information about HVR Agent connection, see section Agent Connection.

When the HVR hub connects to the agent for the first time, it copies the agent server public certificate from the agent property Agent_Server_Public_Certificate to the location property Agent_Server_Public_Certificate (stored in the repository database). By default, every agent machine has a unique public certificate.

In scenarios with multiple agent machines, when a connection between the HVR hub and a agent machine is being established, the HVR hub uses the value in the location property Agent_Server_Public_Certificate (stored in the repository database) to validate the agent machine, regardless of the specific agent machine to which it connects. Therefore, it is required to have the same public certificate in all agent machines to establish a successful connection.