Issue :-
Devices are unable to on board to cnMaestro on premises server with the error "SSL Connect Not Successful 5"
Root Cause :-
The issue can occur due to one of the following reasons
1) Port 443 is blocked by the firewall. Port 443 is needed for the devices to communicate with the server using web sockets.
2) Server Device process or other processes not running properly or stale process are present. Device process is mandatory for devices to communicate with the server using web sockets.
3) Devices and server are present in different subnets but there is no proper routing enabled to support the communication between the devices and the server
Debugging Steps:-
1) Check port 443 is enabled in the firewall if not enabled please enable it and check.This can be confirmed by taking a packet capture at the device side interface
2) Restart the cnMaestro on premises VM once and check again. If still not working please collect the server tech support dump from Manage->Server->Diagnostics page
3) Try to keep the devices and server in same subnet and try the on boarding and it should work. If it works then the issue is with the route when they are in different subnet .
4) If the devices are there in different subnet please add proper routes so that devices can communicate with the cnMaestro server. This can also be confirmed by doing a packet capture at the device side interface.
5) check whether the minimum supported device software images are also running on the devices.
- cnPilot E400/E500: 2.5.2-r3
- ePMP 1000 Hotspot: 2.5.2-r3
- ePMP 1000 and Force 180,200 :- 2.6.2
- cnPilot R200P/R201P: 4.2.3-R4
- PMP 450 or 450i : 15.0.1
Files to send to customer support in case still the problem exists:-
1) Device agent logs from the device .
ePMP 1000 AP/SM and Force 180/200 :- Monitor->System Log
ePMP 1000 HotSpot/E400/E500 :- Troubleshooting->Logs
cnPilot R200/R201 :- status->Syslog
PMP 450/450i/450m/450b :- Logs->DA Logs
2) Tech support dump from the device for ePMP 1000 Hotspot/E400/E500 available in the Operations page system section.
3) cnMaestro server tech support dump . collect the server tech support dump from Manage->Server->Diagnostics page
4) Packet captures taken from the device facing the issue.
5) Topology of the network explaining the devices and cnMaestro server placement and their IPs .
6) Any screenshots that explains the issue.