メインコンテンツまでスキップ

FPolicyエラー:ONTAP でTCP接続の確立からエラーが返されました

Views:
49
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>FPolicy</a><a>Varonis</a><a>2008824903</a>
Last Updated:

環境

  • ONTAP 9.8以降
  • FPolicy
  • ヴァロニス
  • Cloud Insightワークロードセキュリティ(CI)

問題

  • ONTAPがFPolicyサーバにFPolicy要求を送信していません。
  • EMSログに影響を受けるSVMの接続に失敗する
     reason: "TCP Connection to FPolicy server failed."
     mgwd: mgmt.fpolicy.policy.enabled:info]: FPolicy policy Varonis is enabled on Vserver VS1. fpolicy: fpolicy.server.connectError:error]: Node failed to establish a connection with the FPolicy server "10.10.10.10" of policy "Varonis" for Vserver VS1 (reason: "TCP Connection to FPolicy server failed."). mgwd: mgmt.fpolicy.policy.disabled:info]: FPolicy policy Varonis is disabled on Vserver VS1. 
  • Fpolicy-mlog-txt.gz エラーは、ONTAPがプライマリおよびセカンダリのfpolicyサーバに接続しようとしたが、TCP接続を確立できないことを示しています。最大再試行回数に達すると、FPolicyサーバが切断されます。

[kern_fpolicy:warning:7468] Fpolicy server[10.10.10.10] object provided for adding to external engine [0x0x806476100] src/fsm/fsm_external_engine.cc:3248
[kern_fpolicy:warning:7468] Fpolicy server[10.10.10.20] object provided for adding to external engine [0x0x806476100] src/fsm/fsm_external_engine.cc:3248
[kern_fpolicy:info:7468]  Policy enabled with policy polId = 2. [0x0x806476100] src/fsm/fsm_task.cc:3948
[kern_fpolicy:error:7468] connect failed with errno = 51. [0x0x805938700] src/fsm/fsm_external_engine.cc:4987
[kern_fpolicy:error:7468] Establish TCP connection returned error.[0x0x805938700] src/fsm/fsm_external_engine.cc:4627
[kern_fpolicy:info:7468] Connect to Server[10.10.10.10] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x805937d00] src/fsm/fsm_external_engine.cc:2472
[kern_fpolicy:info:7468] [virtual smdb_error fpolicy_appcfg_server_status_db_iterator::notify_imp(smdb_cdb_iterator::operation)] operation: [create], policy: [2] 
[kern_fpolicy:info:7468] updateStatusTable[disconnect]:: Created entry vs[4] policy[Varonis] server[10.10.10.10] [0x0x805937d00] src/fsm/fsm_external_engine.cc:4608
[kern_fpolicy:error:7468] connect failed with errno = 51. [0x0x805937d00] src/fsm/fsm_external_engine.cc:4987
[kern_fpolicy:error:7468] Establish TCP connection returned error.[0x0x805937d00] src/fsm/fsm_external_engine.cc:4627
[kern_fpolicy:info:7468] Connect to Server[10.10.10.20] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x805937d00] src/fsm/fsm_external_engine.cc:2472 

  • 次のエラー  fpolicy-mlog-txt.gz もに表示されます。

    [kern_fpolicy:error:5758] LIF_availability_check call Failed with error[-1]. [0x0x80593bc00] src/fsm/fsm_external_engine.cc:4875
    [kern_fpolicy:error:5758] Establish TCP connection returned error.[0x0x80593bc00] src/fsm/fsm_external_engine.cc:4778

    [kern_fpolicy:info:5758] updateStatusTable[disconnect]:: Created entry vs[4] policy[cloudsecure_cifs-fs011_policy] server[<IP>] [0x0x80593c100] src/fsm/fsm_external_engine.cc:4759
    [kern_fpolicy:error:5758] connect failed with errno = 51. [0x0x80593c600] src/fsm/fsm_external_engine.cc:5138

  • パケットトレースキャプチャでは、TCPハンドシェイクは成功したように見えますが、ネゴシエート要求/応答が表示されません。
  • FPolicyサーバは、[FIN、ACK]で接続を閉じるよう要求します。
  • TCP接続を閉じると、FPolicyサーバはTCP接続の確立を再試行します。このプロセスは ループで続行されます。

ONTAP でTCP接続の確立でエラーが返されました

  • 成功したTCP接続、ネゴシエート要求/応答、およびスクリーン要求の例:

ポリシーサーバはTCP接続の確立を再試行します

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.