Symantec Access Management

Hi,

I added a new DSA in the new setup for CA Directory 14.0. But when trying to start the DXServer after adding the new DSA I am getting an error,

-bash-4.2$ dxserver -d start SMPSTORE_SESSIUWTL00011
SMPSTORE_SESSIUWTL00011 starting
** ALARM **: DSA_E2220 Cannot register address
** ALARM **: DSA_I1240 DSA shutting down

The command used to create the new DSA was,

dxnewdsa SMPSTORE_SESSIUWTL00011 9749 "o=smpst"

I have checked and could not see the port 9749 currently being used by any other server. Moreover I am not able to telnet locally from the server as well on port 9749. The IPTable is updated on the server to accept TCP traffic on port 9749.

Kindly let me know if there is anything else required to start the dxserver.

Regards,

Pankaj Sharma

Pankaj PankajSh0

Did you try ....

dxserver start SMPSTORE_SESSIUWTL00011

I'm not sure what "-d" is. Never used it, nor does "dxserver --help" suggest any such flags.

The error states "Cannot register address"; did we check the server return nslookup (including reverse lookup) i.e. nslookup hostname & nslookup IP Address. Compare the IP address that is being returned with the IP Address in knowledge file.

If the port is 9749, the dsa console will be running on 9750 (i.e. 9749 + 1). Thus "telnet localhost 9750" is the right command to connect to dsa console. For this to work, the instance must be running.

Lastly check the logs directory (ALARM and TRACE logs) for startup errors.

Hi Hubert,

The actual issue is, when I am trying to create the new DSA that is where itself the DSA does not start and gives the below error,

-bash-4.2$ dxnewdsa SMPSTORE_SESSIUWTL00011 9749 "o=smpst"
Writing the knowledge file...
knowledge file written
Writing the initialization file...
Initialization file written
Starting the DSA 'SMPSTORE_SESSIUWTL00011'...
SMPSTORE_SESSIUWTL00011 starting
..
SMPSTORE_SESSIUWTL00011 failed to start
Could not start dsa 'SMPSTORE_SESSIUWTL00011'

I tried the nslookup, but it seems the servers do not have a DNS registration done.

For DSA Console, I am not sure since the creation of DSA itself is not getting completed the way it should.

Regards,

Pankaj Sharma

Pankaj PankajSh0

I think we should look at the logs.

$DXHOME/logs directory.

There should be Alarm and trace logs for "SMPSTORE_SESSIUWTL00011".

Could we see what is getting logged there.

One other recommendation I would give is to use a different baseDN, I dont think that is an issue here. But from a overall structure something in the lines of "dc=company,dc=com".

Hi Hubert,

The logs present in the folder contain the same generic ones,

[64] 20180919.085521.850 WARN : Loading cache
[64] 20180919.085521.850 WARN : Datastore was created at: 20180919052200Z
[64] 20180919.085521.850 WARN : Datastore was created for: SMPSTORE_SESSIUWTL00011
[64] 20180919.085521.851 WARN : Cache loaded, 0 entries
[64] 20180919.085521.851 WARN : Memory used by cache: 1604032 + 0
[64] 20180919.085521.852 WARN : Cannot register address
[64] 20180919.085521.853 WARN : Disabling cache prior to exit

* [64] 20180919.072201.879 DSA_E2220 Cannot register address
* [64] 20180919.072201.879 DSA_I1240 DSA shutting down
* [64] 20180919.085521.852 DSA_E2220 Cannot register address
* [64] 20180919.085521.853 DSA_I1240 DSA shutting down

[64] 20180919.072201.879 DSA_E2220 Cannot register address
[64] 20180919.072201.879 DSA_I1240 DSA shutting down
[64] 20180919.085521.853 DSA_E2220 Cannot register address
[64] 20180919.085521.853 DSA_I1240 DSA shutting down

I tried creating a DSA with the dc=company, dc=com but still the same.

I have already raised a case with CA support as well, and trying to figure out what might be causing the issue.

I did a re-installation of CA Directory as well but the issue still exists.

Regards,

Pankaj Sharma

One additional thing I want to add here.

I can see the dxadmind service running on port 1958 but there is no service on 9749.

dxadmind 1958/tcp # CA Administration Daemon
dxadmind 1958/udp # CA Administration Daemon

Pankaj PankajSh0

Could you check what IP address is present in the knowledge file of "SMPSTORE_SESSIUWTL00011".

Hi Hubert,

PFB the details of the knowledge file,

set dsa "SMPSTORE_sessiuwtl00011.iam.mgmt.ericsson.se" =
{
prefix = <o smpst>
dsa-name = <o smpst><cn "SMPSTORE_sessiuwtl00011.iam.mgmt.ericsson.se">
dsa-password = "secret"
address = tcp "sessiuwtl00011.iam.mgmt.ericsson.se" port 9749
disp-psap = DISP
snmp-port = 9749
console-port = 9750
auth-levels = anonymous, clear-password
};

I could not see any entry for IP Address in the file.

Hi 

It is trying to start using the host name sessiuwtl00011.iam.mgmt.ericsson.se and port

9749. Does that hostname resolve correctly? 

The “-d” flag tells the Dsa to run in the foreground and spit out logs to the screen. Useful when there are startup issues as you don’t have to look through the logs.

Cheers

-huy

Hi Huy,

PFB the output of the command hostname executed on the server,

-bash-4.2$ hostname
sessiuwtl00011.iam.mgmt.ericsson.se

Pankaj PankajSh0PankajSh0

The error message we are receiving is "cannot register address". 

To me it sounds like some is wrong on the server.

Hostname command returns "sessiuwtl00011.iam.mgmt.ericsson.se" which is a very long string. Reading linux blogs, typically "hostname" should return a short name and "hostname -f" must return a FQDN.

Troubleshooting Linux VDA Registration Issues | Citrix Blogs 

Unable to register Linux Server - Red Hat Customer Portal 

Could you run the following commands and see what is the output.

"hostname -f".

"nslookup sessiuwtl00011.iam.mgmt.ericsson.se".

"nslookup sessiuwtl00011".

Have you checked the server with a linux admin to see routing tables, DNS resolutions, IP Addresses on the box etc.

You did mention DNS resolution wasnt working when you ran nslookup. That could also be a reason. 

I kind of feel the issue is pertaining to server build.

Regards

Hubert