Troubleshooting
Problem
I have built a new collector appliance and I am trying to register it to the central manager using the steps mentioned here. However, it is failing.
Symptom
I can see following error message on Central Manager GUI as a part of the registration failure :
Cause
One possible cause is the mysql communication port 3306 between a Central Manager and Managed Unit is either blocked or timing out.
Diagnosing The Problem
Application debug shows the following error message while the registration was attempted:
==============Tue Jul 07 15:34:18 CEST 2020===================
Thread: http-bio-8443-exec-2 - Mangement request response is -Exception=Unexpected problem when connecting to: 'guard_remote'.: Communications link failure
Thread: http-bio-8443-exec-2 - Mangement request response is -Exception=Unexpected problem when connecting to: 'guard_remote'.: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
=============================================================
=============================================================
Current network connections output on central manager (network_output.txt file from support must_gather network_issues) shows the connection on MySQL port 3306 in TIME_WAIT state:
tcp 0 0 <Central Manager IP>:47824 <Unit IP>:3306 TIME_WAIT
Following command can be executed to confirm port status between central manager and unit to be managed:
Unit CLI> support show port open <CM IP> 3306
CM CLI> support show port open <Unit IP> 3306
If the port is blocked, you should see the following output:
Unit> nc: connect to <CM IP> port 3306 (tcp) failed: Connection timed out
CM> nc: connect to <Unit IP> port 3306 (tcp) failed: Connection timed out
Resolving The Problem
Please follow the steps
- Make sure the required ports are open between Central Manager and Managed Unit
- If the ports are open as recommended and you are still unable to register collector, you can try the following cli command on central manager and the unit you are trying to register one appliance at a time:
restart network
This should release the port, if it is in TIME_WAIT status and then the connection can be established again.
3. If the issue is still not resolved, please open a case with IBM Guardium Technical Support and provide the following diagnostics information from the central manager and unit you are trying to register:
- support must_gather system_db_info
- support must_gather network_issues
- support must_gather app_issues while reproducing the issue
Related Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0JAAS","label":"APPLIANCE"},{"code":"a8m0z000000Gp0ZAAS","label":"CENTRAL MANAGER"}],"ARM Case Number":"TS003909262","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
24 August 2020
UID
ibm16248709