# Unable to Add Host in Management Plane ## Problem 1. Unable to view host in Management Plane for authorization even after running the installer script successfully. 2. On the affected host, check if it is able to communicate with the Management Plane on port 443. {% tabs %} {% tab title="None" %} ```none $ telnet management.plane 443 ``` {% endtab %} {% endtabs %} * If the above command was successful check */etc/pf9/hostagent.conf* for the ***cert\_version*** followed by requesting the certificate using the same version. {% tabs %} {% tab title="None" %} ```none $ less /etc/pf9/hostagent.conf[ssl]cert_version=v4disable=True ``` {% endtab %} {% endtabs %} {% tabs %} {% tab title="None" %} ```none $ openssl s_client -connect management.plane:443 -servername broker-v4 -cert /etc/pf9/certs/hostagent/cert.pem -key /etc/pf9/certs/hostagent/key.pem -CAfile /etc/pf9/certs/ca/cert.pem ``` {% endtab %} {% endtabs %} * The above command will not return the certificate. This confirms that the host is unable to communicate with the Management Plane using the SNI broker version 4 for certificates. ## Environment * Platform9 Managed OpenStack - v3.6.0 and Higher * Hostagent ## Cause The SNI broker-v4 endpoint is blocked in the firewall on the customer plane. ## Resolution Allow the broker-v4 endpoint communication through the customer firewall. ## Workaround 1. Run the below command to check if the affected host is able to request a certificate from the Management Plane using any other version. {% tabs %} {% tab title="None" %} ```none $ openssl s_client -connect management.plane:443 -servername http -cert /etc/pf9/certs/hostagent/cert.pem -key /etc/pf9/certs/hostagent/key.pem -CAfile /etc/pf9/certs/ca/cert.pem ``` {% endtab %} {% endtabs %} 2. If the above command returns the certificate successfully, copy the certificates from one of the working hosts to the affected host. {% tabs %} {% tab title="None" %} ```none $ scp -r /etc/pf9/certs user@affectedhost:/tmp ``` {% endtab %} {% endtabs %} 3. On the affected hosts, keep the backup of original */etc/pf9/certs* directory and then replace the original directory with the certificates copied from the working host. 4. Restart the **pf9-hostagent** and **pf9-sidekick** service and check if the host is able to communicate with Management Plane by running the below command. {% tabs %} {% tab title="None" %} ```none $ openssl s_client -connect management.plane:443 -servername broker-v4 -cert /etc/pf9/certs/hostagent/cert.pem -key /etc/pf9/certs/hostagent/key.pem -CAfile /etc/pf9/certs/ca/cert.pem ``` {% endtab %} {% endtabs %}