Remote workflow execution might not start.

Problem

When you try to run a remote workflow from one Orchestrator server over another Orchestrator server, the workflow might not start.

Cause

Orchestrator does not permit the usage of the default SSL certificates. After you install or upgrade Orchestrator, a new self-signed certificate is generated. The newly generated SSL certificate is unique for each Orchestrator instance. To run remote workflows, the primary Orchestrator server must trust the SSL certificate of the remote Orchestrator server.

Procedure

  1. Verify that the remote and the primary Orchestrator servers are up and running.
  2. Log in to the Orchestrator configuration interface of the primary Orchestrator server.
  3. Click Network.
  4. From the IP address drop-down menu select the IP address, which corresponds to the correct subnet (do not use multi adapter addresses such as 0.0.0.0).
  5. Click Apply Changes.
  6. In the right pane, click the SSL Trust Manager tab.
  7. In the Import from URL text box, type the IP address and port number of the remote Orchestrator server:

    remote_orchestrator_server_IP:8250

  8. Click Import.
  9. Click the Startup options tab.
  10. Click Restart service to restart the Orchestrator server.

Results

If your company policy permits the distribution of SSL keys to multiple servers, you can replicate the SSL keystore. To do that, copy the contents of the install_directory\app-server\conf\security\jssecacerts folder from the primary Orchestrator server machine and paste it to the same location on the remote Orchestrator server machine.