跳转到主内容

Fpolicy错误:在ONTAP 上建立TCP连接返回错误

Views:
16
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>fpolicy</a><a>Varonis</a><a>200882490</a>
Last Updated:

适用场景

  • ONTAP 9.8或更高版本
  • FPolicy
  • Varonis
  • Cloud Insight工作负载安全性(CI)

问题描述

  • ONTAP未向FPolicy服务器发送FPolicy请求。
  • EMS日志将显示无法连接受影响的Vserver
     reason: "TCP Connection to FPolicy server failed."
     mgwd: mgmt.fpolicy.policy.enabled:info]: FPolicy policy Varonis is enabled on Vserver VS1. fpolicy: fpolicy.server.connectError:error]: Node failed to establish a connection with the FPolicy server "10.10.10.10" of policy "Varonis" for Vserver VS1 (reason: "TCP Connection to FPolicy server failed."). mgwd: mgmt.fpolicy.policy.disabled:info]: FPolicy policy Varonis is disabled on Vserver VS1. 
  • Fpolicy-mlog-txt.gz 错误显示ONTAP尝试连接到主和二级fpolicy服务器、但无法建立TCP连接。达到最大重试次数后、fpolicy服务器将断开连接。

[kern_fpolicy:warning:7468] Fpolicy server[10.10.10.10] object provided for adding to external engine [0x0x806476100] src/fsm/fsm_external_engine.cc:3248
[kern_fpolicy:warning:7468] Fpolicy server[10.10.10.20] object provided for adding to external engine [0x0x806476100] src/fsm/fsm_external_engine.cc:3248
[kern_fpolicy:info:7468]  Policy enabled with policy polId = 2. [0x0x806476100] src/fsm/fsm_task.cc:3948
[kern_fpolicy:error:7468] connect failed with errno = 51. [0x0x805938700] src/fsm/fsm_external_engine.cc:4987
[kern_fpolicy:error:7468] Establish TCP connection returned error.[0x0x805938700] src/fsm/fsm_external_engine.cc:4627
[kern_fpolicy:info:7468] Connect to Server[10.10.10.10] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x805937d00] src/fsm/fsm_external_engine.cc:2472
[kern_fpolicy:info:7468] [virtual smdb_error fpolicy_appcfg_server_status_db_iterator::notify_imp(smdb_cdb_iterator::operation)] operation: [create], policy: [2] 
[kern_fpolicy:info:7468] updateStatusTable[disconnect]:: Created entry vs[4] policy[Varonis] server[10.10.10.10] [0x0x805937d00] src/fsm/fsm_external_engine.cc:4608
[kern_fpolicy:error:7468] connect failed with errno = 51. [0x0x805937d00] src/fsm/fsm_external_engine.cc:4987
[kern_fpolicy:error:7468] Establish TCP connection returned error.[0x0x805937d00] src/fsm/fsm_external_engine.cc:4627
[kern_fpolicy:info:7468] Connect to Server[10.10.10.20] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x805937d00] src/fsm/fsm_external_engine.cc:2472 

  • fpolicy-mlog-txt.gz 也可以在中看到以下错误:

    [kern_fpolicy:error:5758] LIF_availability_check call Failed with error[-1]. [0x0x80593bc00] src/fsm/fsm_external_engine.cc:4875
    [kern_fpolicy:error:5758] Establish TCP connection returned error.[0x0x80593bc00] src/fsm/fsm_external_engine.cc:4778

    [kern_fpolicy:info:5758] updateStatusTable[disconnect]:: Created entry vs[4] policy[cloudsecure_cifs-fs011_policy] server[<IP>] [0x0x80593c100] src/fsm/fsm_external_engine.cc:4759
    [kern_fpolicy:error:5758] connect failed with errno = 51. [0x0x80593c600] src/fsm/fsm_external_engine.cc:5138

  • 数据包跟踪捕获显示TCP握手似乎已成功、但我们看不到协商请求/响应。
  • FPolicy服务器请求使用[FIN、ACK]关闭连接。
  • 关闭TCP连接后、FPolicy服务器将再次尝试建立TCP连接。此过程将 循环进行。

在ONTAP 上建立TCP连接返回错误

  • 成功的TCP连接、协商要求/响应和屏幕要求的示例:

策略服务器将再次尝试建立TCP连接

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.