📖 ~1 min read
Table of contents
Symptom & Impact
PowerHA clcomd refuses connections due to expired certificates.
Environment & Reproduction
Triggered when /etc/cluster/rhosts or clcomd certs roll past their date.
Root Cause Analysis
TLS handshake fails between cluster nodes, blocking management.
Quick Triage
Run lssrc -s clcomd and tail /var/hacmp/clcomd/clcomd.log.
Step-by-Step Diagnosis
Inspect /etc/cluster/.cert-* for notAfter dates with openssl x509.
Solution – Primary Fix
Regenerate certs with /usr/es/sbin/cluster/utilities/clrexec_cert_setup.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Alternative: refresh -s clcomd after clearing /etc/cluster/rhosts cache.
Verification & Acceptance Criteria
Verify with clrsh nodeB date that inter-node comms recovers.
Rollback Plan
Backup /etc/cluster before regenerating in case of rollback.
Prevention & Hardening
Set a cron reminder to rotate clcomd certificates yearly.
Related Errors & Cross-Refs
Related: CLUSTER_COMM_ERR errors and clstrmgrES restart failures.
Related tutorial: View the step-by-step tutorial for aix-7.2.
View all aix-7.2 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
IBM Docs: clcomd security and PowerHA inter-node communication.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
