When attempting to register a system to Red Hat Satellite or Capsule, the subscription-manager registration process may fail with a "Network error, unable to connect to server" message.

Solution Verified - Updated 4 Apr 2025

Environment

Red Hat Satellite 6
Red Hat Capsule 6
Red Hat Enterprise Linux

Issue

When attempting to register a system with Red Hat Satellite or Capsule using the subscription-manager command, the registration process may fail with the error message Network error, unable to connect to server.
The registration of a new virtual machine to the Red Hat Satellite 6 server cannot be completed.
Encountering certificate issues while attempting to establish a connection to our Red Hat Satellite 6 server.
Encountering a network error while attempting to register the host using subscription-manager.

The registration of the system to Red Hat Satellite or Capsule was unsuccessful, and the error message "Network error, unable to connect to server" was displayed by the subscription-manager command.

 #  subscription-manager register --org="Test" --activationkey="Test_AK"
 Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.

    2023-03-30 08:41:41,505 [ERROR] subscription-manager:11683:MainThread @managercli.py:218 - Error during registration: [Errno 104] Connection reset by peer
    2023-03-30 08:41:41,505 [ERROR] subscription-manager:11683:MainThread @managercli.py:219 - [Errno 104] Connection reset by peer
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer

 2023-03-30 13:44:50,030 [ERROR] subscription-manager:639256:MainThread @managercli.py:218 - Error during registration: [Errno -2] Name or service not known
 2023-03-30 13:44:50,031 [ERROR] subscription-manager:639256:MainThread @managercli.py:219 - [Errno -2] Name or service not known
   File "/usr/lib64/python3.6/socket.py", line 704, in create_connection
 for res in getaddrinfo(host, port, 0, SOCK_STREAM):
  File "/usr/lib64/python3.6/socket.py", line 745, in getaddrinfo
 for res in _socket.getaddrinfo(host, port, family, type, proto, flags):

 2023-03-30 10:39:14,592 [ERROR] @managercli.py:101 - Error during registration: [Errno 110] Connection timed out
 2023-03-30 10:39:14,592 [ERROR] @managercli.py:102 - [Errno 110] Connection timed out

 2023-03-30 00:15:22,004 [ERROR] subscription-manager:5280:MainThread @managercli.py:217 - Error during registration: ('_ssl.c:602: The handshake operation timed out',)
 2023-03-30 00:15:22,005 [ERROR] subscription-manager:5280:MainThread @managercli.py:218 - ('_ssl.c:602: The handshake operation timed out',)

   File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
 self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:897)

Resolution

To resolve the Network error, unable to connect to server issue during registration with Red Hat Satellite or Capsule, follow these steps:

Check Network Connectivity: Verify that the client machine is reaching to Satellite or Capsule server.

 # ping <Satellite_Or_Capsule_FQDN>
 # tracepath -p 443 <Satellite_Or_Capsule_FQDN>
 # curl -v telnet://satellite.example.com:443
 # curl -v https://satellite.example.com:443 --cacert /etc/rhsm/ca/katello-server-ca.pem

Verify Proxy Configuration: If a proxy server is used for internal connectivity, review the proxy settings in the /etc/rhsm/rhsm.conf file on the client machine. Ensure that the proxy settings are accurate and match the configured proxy server.

 # env | egrep "http|proxy"
 # echo $http_proxy $https_proxy $HTTP_PROXY $HTTPS_PROXY
 # cat /etc/rhsm/rhsm.conf | grep proxy
 # cat /etc/yum.conf |grep -i "proxy"
 # curl -v --proxy-user user:password --proxy proxy.example.com:3128  https://<Satellite_Or_Capsule_FQDN>:443 --cacert /etc/rhsm/ca/katello-server-ca.pem

DNS Configuration: Check the DNS configuration on the client machine and ensure that the DNS server is correctly configured to resolve the server's hostname. Use tools like ping, dig, or nslookup to troubleshoot DNS resolution and verify if the Satellite server's hostname is correctly resolving to the expected IP address.
```
 # nslookup <Satellite_Or_Capsule_FQDN>
 # dig <Satellite_Or_Capsule_FQDN>
 # gethostip -d <Satellite_Or_Capsule_FQDN>
```
Firewall Settings: Examine the firewall rules on the client machine and any network firewalls between the client and server. Ensure that the necessary ports and protocols are allowed for communication with the Satellite or Capsule server. If required, open the required ports or configure the firewall rules to permit communication.
```
 # systemctl status firewalld 
 # firewall-cmd --list-all 
 # iptables -L
```
- If the Internal/External Hardware firewall has SSL inspection capabilities, temporarily disable this feature to see if it resolves the SSL communication issue. SSL inspection, also known as SSL decryption or SSL offloading, can sometimes interfere with the SSL handshake process.
Anti-virus Considerations: In some cases, certain anti-virus software may interfere with network communication. Temporarily disable the anti-virus software on the client machine and attempt the registration process again.

For more KB articles/solutions related to Red Hat Satellite 6.x Client Subscription Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Client Subscription Issues

Root Cause

There may be several potential issues causing the problem:
- It is possible that the client machine is facing difficulties in resolving the hostname of the Satellite/Capsule server due to a connectivity problem. This can lead to the hosts being unable to find the server's IP address for establishing a connection. Check the DNS configuration and ensure that the hostname of the Red Hat Satellite/Capsule server can be resolved correctly.
- The client machine may be encountering a firewall-related issue that is preventing it from establishing a connection to the Satellite/Capsule server.
- It is possible that a firewall rule or configuration on either the client machine or the network is blocking the communication between the client and the Satellite/Capsule server, leading to the registration failure.
- Another potential issue could be related to the proxy environment variable or incorrect proxy settings configured in the /etc/rhsm/rhsm.conf file on the client machine.
- The proxy settings on the affected hosts may not be configured correctly. This could result in the hosts being unable to connect to the Red Hat Satellite/Capsule server. Ensure that the proxy configuration is correct and matches the required settings.
- The affected hosts might experience network connectivity problems, preventing them from establishing a connection with the Red Hat Satellite server. Verify the network connectivity and ensure that the necessary ports are open for communication.
- Some antivirus programs have built-in firewall or network protection features that may block the communication between the Client and the Satellite/Capsule server.
- It is possible that the network connectivity issues could be caused by firewalld or iptables configurations. The firewall rules set in firewalld or iptables may be blocking the required network traffic, preventing the affected hosts from connecting to the Red Hat Satellite/Capsule server.
- The network connectivity issues experienced during the registration process to the Red Hat Satellite server could be attributed to VLAN-related problems.
To resolve these issues, troubleshoot each potential cause mentioned above. Verify and correct the proxy configuration, check the network connectivity, and ensure that the DNS server is properly configured to resolve the Red Hat Satellite/Capsule server hostname. By addressing any misconfigurations or network issues, the affected hosts can successfully connect with the Red Hat Satellite server.

Diagnostic Steps

On the Satellite/Capsule server:
1. Run the command foreman-maintain health check to perform a health check of the Satellite/Capsule server and identify any potential issues.
```
# foreman-maintain health check
```
2. Check server load: If the server is under heavy load or experiencing high traffic, it may struggle to respond to SSL handshake requests in a timely manner. Monitor the server's resource usage and consider investigating any performance issues that could affect the SSL handshake process.
On the client system :
1. Check the date and time on the system. Ensure that the system's date and time are accurate, as even a few seconds of difference can cause issues with registration.
```
# timedatectl status
```
2. Run the command openssl and curl commands to test the connection to the Satellite/Capsule server on port 443 (HTTPS). This command verifies the SSL/TLS handshake with the server and ensures that the necessary certificate authority (CA) file is in place.
```
# openssl  s_client -connect satellite.example.com:443 -CAfile /etc/rhsm/ca/katello-server-ca.pem  
# curl -v https://satellite.example.com:443 --cacert /etc/rhsm/ca/katello-server-ca.pem
```
For further monitoring and troubleshooting, refer to the following Red Hat Knowledge Base articles:
- How to monitor the health of a Satellite 6 system
- How to check the status of core Satellite 6 services?
These articles provide additional guidance on monitoring the health of the Satellite/Capsule 6 system and checking the status of essential services.

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.