Fpolicy错误:在ONTAP 上建立TCP连接返回错误
适用场景
- ONTAP 9.8或更高版本
- FPolicy
- Varonis
- Cloud Insight工作负载安全性(CI)
问题描述
- ONTAP未向FPolicy服务器发送FPolicy请求。
- EMS日志将显示无法连接受影响的Vserver
reason: "TCP Connection to FPolicy server failed."
mgwd: mgmt.fpolicy.policy.enabled:info]: FPolicy policy Varonis is enabled on Vserver VS1. fpolicy: fpolicy.server.connectError:error]: Node failed to establish a connection with the FPolicy server "10.10.10.10" of policy "Varonis" for Vserver VS1 (reason: "TCP Connection to FPolicy server failed."). mgwd: mgmt.fpolicy.policy.disabled:info]: FPolicy policy Varonis is disabled on Vserver VS1.
Fpolicy-mlog-txt.gz
错误显示ONTAP尝试连接到主和二级fpolicy服务器、但无法建立TCP连接。达到最大重试次数后、fpolicy服务器将断开连接。
[kern_fpolicy:warning:7468] Fpolicy server[10.10.10.10] object provided for adding to external engine [0x0x806476100] src/fsm/fsm_external_engine.cc:3248
[kern_fpolicy:warning:7468] Fpolicy server[10.10.10.20] object provided for adding to external engine [0x0x806476100] src/fsm/fsm_external_engine.cc:3248
[kern_fpolicy:info:7468] Policy enabled with policy polId = 2. [0x0x806476100] src/fsm/fsm_task.cc:3948
[kern_fpolicy:error:7468] connect failed with errno = 51. [0x0x805938700] src/fsm/fsm_external_engine.cc:4987
[kern_fpolicy:error:7468] Establish TCP connection returned error.[0x0x805938700] src/fsm/fsm_external_engine.cc:4627
[kern_fpolicy:info:7468] Connect to Server[10.10.10.10] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x805937d00] src/fsm/fsm_external_engine.cc:2472
[kern_fpolicy:info:7468] [virtual smdb_error fpolicy_appcfg_server_status_db_iterator::notify_imp(smdb_cdb_iterator::operation)] operation: [create], policy: [2]
[kern_fpolicy:info:7468] updateStatusTable[disconnect]:: Created entry vs[4] policy[Varonis] server[10.10.10.10] [0x0x805937d00] src/fsm/fsm_external_engine.cc:4608
[kern_fpolicy:error:7468] connect failed with errno = 51. [0x0x805937d00] src/fsm/fsm_external_engine.cc:4987
[kern_fpolicy:error:7468] Establish TCP connection returned error.[0x0x805937d00] src/fsm/fsm_external_engine.cc:4627
[kern_fpolicy:info:7468] Connect to Server[10.10.10.20] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x805937d00] src/fsm/fsm_external_engine.cc:2472
-
fpolicy-mlog-txt.gz
也可以在中看到以下错误:[kern_fpolicy:error:5758] LIF_availability_check call Failed with error[-1]. [0x0x80593bc00] src/fsm/fsm_external_engine.cc:4875
[kern_fpolicy:error:5758] Establish TCP connection returned error.[0x0x80593bc00] src/fsm/fsm_external_engine.cc:4778[kern_fpolicy:info:5758] updateStatusTable[disconnect]:: Created entry vs[4] policy[cloudsecure_cifs-fs011_policy] server[<IP>] [0x0x80593c100] src/fsm/fsm_external_engine.cc:4759
[kern_fpolicy:error:5758] connect failed with errno = 51. [0x0x80593c600] src/fsm/fsm_external_engine.cc:5138 - 数据包跟踪捕获显示TCP握手似乎已成功、但我们看不到协商请求/响应。
- FPolicy服务器请求使用[FIN、ACK]关闭连接。
- 关闭TCP连接后、FPolicy服务器将再次尝试建立TCP连接。此过程将 循环进行。
- 成功的TCP连接、协商要求/响应和屏幕要求的示例: