Symptoms
After a fresh deployment of a Branding node, accessing CP over branded domain name does not work. At the same time, the access is possible over the UI server on the Management Node itself.
netstat
on the Branding node shows connections on port 6308 residing in SYN_SENT state:
java 25998 jboss 623u IPv4 5109264 0t0 TCP 10.39.183.19:41000->10.39.181.18:6308 (SYN_SENT)
The Management Node is configured with two backnet IP addresses, and there is a strict firewall between Branding and MN host that doesn't allow communication over one of them (10.39.181.18 in this example).
A different IP address was used as the backnet IP, so it is not expected that APS Controller uses a different IP address.
Cause
In case OA Management Node is registered with several backnet IPs, APS Controller by default takes the first shared IP address and uses it for connections. In case the IP address is blocked between MN and Branding.
Resolution
Download the setSaaSHostIP.py script and run it on the Management Node as:
# python setSaaSHostIP.py 10.39.183.18