SUSE Clients Fail to Register with RMT Server

This document (000021033) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Repository Mirroring Tool (RMT)


From the Client Side

Errors when attempting to register a client to the RMT server via yast registration.

Connection to registration server failed.
Details: 757: unexpected token at 'An unhandled lowlevel error occurred. The application logs may have details.'

Registration server error. Retry the operation later.
Details: Cannot parse credentials file

All clients can establish a connection to the RMT server to download the rmt-client-setup script:
# curl http://rmtserver.local/tools/rmt-client-setup --output /tmp/rmt-client-setup
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  8842  100  8842    0     0  3491k      0 --:--:-- --:--:-- --:--:-- 4317k
Errors when using the rmt-client-setup script:
# bash /tmp/rmt-client-setup https://rmtserver.local
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/sbin/SUSEConnect --write-config --url https://rmtserver.local 
Registering system to registration proxy https://rmtserver.local

Announcing system to https://rmtserver.local ...
Your Registration Proxy server doesn't support this function. Please update it and try again.

From the RMT Server Side

The secrets.yml.key file is owned by root:
# ls -al /usr/share/rmt/config/secrets.yml.key
-rw------- 1 root root 32 Sep  6 07:41 /usr/share/rmt/config/secrets.yml.key
Updating the rmt-server package from earlier versions does not affect the RMT server (see Additional Section below).

The rmt-server.service status shows a permission denied error

Permission denied @ rb_sysopen - /usr/share/rmt/config/secrets.yml.key
#==[ Command ]======================================#
# /bin/systemctl status rmt-server.service
* rmt-server.service - RMT API server
     Loaded: loaded (/usr/lib/systemd/system/rmt-server.service; enabled; vendor preset: disabled)
     Active: active (running) since Fri 2023-03-31 15:52:20 CEST; 1h 2min ago
   Main PID: 9569 (rails)
      Tasks: 30
     CGroup: /system.slice/rmt-server.service

Mar 31 15:58:03 rmtserver rails[9680]: 2023-03-31 15:58:03 +0200 Rack app ("POST /connect/subscriptions/systems" - ( #<Errno::EACCES: Permission denied @ rb_sysopen - /usr/share/rmt/config/secrets.yml.key>
Mar 31 15:58:03 rmtserver rails[9680]: 2023-03-31 15:58:03 +0200 Rack app ("GET /connect/repositories/installer" - ( #<Errno::EACCES: Permission denied @ rb_sysopen - /usr/share/rmt/config/secrets.yml.key>
Mar 31 15:59:03 rmtserver rails[9675]: 2023-03-31 15:59:03 +0200 Rack app ("POST /connect/subscriptions/systems" - ( #<Errno::EACCES: Permission denied @ rb_sysopen - /usr/share/rmt/config/secrets.yml.key>
Mar 31 15:59:03 rmtserver rails[9680]: 2023-03-31 15:59:03 +0200 Rack app ("GET /connect/repositories/installer" - ( #<Errno::EACCES: Permission denied @ rb_sysopen - /usr/share/rmt/config/secrets.yml.key>


Reported to Engineering

WARNING: Changing the secrets.yml.key file's ownership from root.root to _rmt.nginx may leave the RMT server open to security vulnerabilities, but is the only current workaround available. Engineering is aware of the issue.

On the RMT server host, workaround as follows:
1. Change the secrets.yml.key file ownership to _rmt.nginx
# chown _rmt.nginx /usr/share/rmt/config/secrets.yml.key
# ls -al /usr/share/rmt/config/secrets.yml.key
-rw------- 1 _rmt nginx 32 Sep  6 07:41 /usr/share/rmt/config/secrets.yml.key
2. You can now register your clients. You do not need to restart the rmt-server.service.


If the rmt-server packages listed in the Additional Information section are installed and the /usr/share/rmt/config/secrets.yml.key file is not found, it will be created with root ownership causing client errors upon registration.


Reported to Engineering

Additional Information

All information from TID 000020958 - Incorrect file permissions on /usr/share/rmt/config/secrets.yml.key after installation of package rmt-server has been merged into this document and removed.

As of this writing, the following rmt-server packages will create secrets.yml.key with the root owner and would need the ownership changed.





This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021033
  • Creation Date: 20-Sep-2023
  • Modified Date:20-Sep-2023
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center