Troubleshooting
Problem
When you Distribute Patch Backup Settings from an IBM Security Guardium Central Manager to a managed unit, the GUI throws a connection error and the push fails. This indicates a problem with the IP configuration on the managed unit.
Symptom
GUI error:
"A test data file could not be sent to this host with the parameters given. Please confirm the hostname ..."
Cause
The wrong IP address (usually loopback, 127.0.0.1) is stored in some of the underlying network configuraton tables. This causes Guardium network scripts to write improper firewall rules, blocking connections from the CM on port 3306 and any MySQL updates coming from the CM.
Environment
Discovered in Guardium v10.1.2 (GPU200) Central Manager.
Diagnosing The Problem
From CLI on the failing unit run ...
support show port open <CM IP address> 3306
connect to 9.10.11.1 port 3306 (tcp) failed: Connection refused
Then run ...
show network interface all
show network verify
These commands read IP data from different places. If they disagree this can cause problems in the network scripts. This situation might occur if the system hostname was changed (such as during a new install) but the system was not restarted before the rest of the network was configured.
When in this state any CM feature that requires MySQL will fail, including these buttons in the Central Management view of the CM portal:
- Distribute Patch Backup Settings
- Patch Distribution
- Distribute Authentication Config
- Distribute Configurations
You can still register and unregister the unit however. That mainly takes place on port 8447 which is not blocked.
Resolving The Problem
Restart system.
Use CLI to correct the IP.
store network interface ip <ip address>
restart network
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21999947