Data ONTAP Discussions

Highlighted

Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

We have an ongoing issue where our team is unable to generate/pull report from VARONIS. in the event logs we could see the errors like Fpolicy.server.disconnect : connection to the fpolicy server 'xx.xx.xx.xx' is broken(Reason: connection to Fpolicy server is broken(EPIPE) received.

Another error log is Fpolicy.server.disconnect : connection to the fpolicy server 'xx.xx.xx.xx' is broken(Reason: Fpolicy server is removed from the external engine)

I have checked the network logs and firewall settings and everything seems to be normal. Any help is highly appreciated.

8 REPLIES 8

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

I had a similar issue, confirm that the UUID  for the vserver matches UUID in the Varonis management console.  To get the UUID on veserver "vserver show -vserver vs1 -instance"

 

Julio

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

Hi Julio,

 

Thanks for the information. Let me check this and update you the status. So if we add the vserver UUID in Varonis Management console it will resolve the issue?

 

THIS ISSUE IS NOT YET RESOLVED, I HAVE BY MISTAKENLY CLICKED ON SOLUTION PROVIDED.

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

Even if I try to connect to the fpolicy server thru CLI it is getting connected. But after some time the fpolicy server status is getting changed from connected to disconnected state. Upon checking the logs I could see the reason as below.

 

Reason for FPolicy Server Disconnection: TCP Connection to FPolicy server failed.
ID for FPolicy Server Disconnection: 9307

 

Any idea what changes has to be done in order to fix this issue permanently.

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

Hi, not sure what you meant by "Even if I try to connect to the fpolicy server thru CLI it is getting connected." If you can have your storage admin login to the NetApp cluster and run the following command (Replace VS1 with your vserver name that is being monitored) cluster::> vserver show -vserver vs1 -instance

 

 

It would return the UUID for the vserver being monitored. Open Varonis Management console - High File server - edit and paste in UUID Under File Server Type. See attached.

 

J

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

Hi, I have verified the UUID in varonis management console and its matching with Netapp UUID. So i think the issue liase somewhere else.

 

I am getting error like TCP Connection to FPolicy server failed.

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

Any ideas or procedure for the permanent solution.

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

This issue is not yet resolved and I am still looking for the permanent sollution. Appreciate response from anyone who has faced this issue in their environment. The main point I want to highlight here is that we have the same setup in another location which has same configuration. I couldn't find any issues related to Fpolicy configuration and moreover we are able to pull/generate reports in Varonis.

Also Fpolicy servers are connected in the Netapp storage array.

 

Both the storage arrays version is 8.3.2P10

Re: Fpolicy server issue in Cluster 8.3.2P10. Connection to Fpolicy server is broken(EPIPE) received

We have performed the below steps so far.

 

1) Added the varonis server to allow http connection in Firewall policy.
2) Configured secondary varonis server in fpolicy
3) Disabled and enable fpolicy services
4) Restarted the services "varonis collector monitor" in varonis server
5) Checked with Networks team to verify whether any TCP connections are getting failed from Source (Netapp Data Lif IP) to Destination (Varonis Server). No flap or glitches observed by networks team.
6) Tried to connect fpolicy engine - But no luck.

 

The same steps we followed in another Netapp boxand the issue got resolved.

Forums