Subscribe

VServer connection to FPolicy Server fails, NetApp Release 8.3.2RC2 cDOt

Hi, I just enabled Varonis to collect some stats - it had been disabled for some months as it was deemed to causing latency.

However, it has stopped working - anyone have any ideas?- neither the netapp filer fpolicy or varonis config has been altered.

The external engines can see the filer and it can see them.

 

 

Vserver       Policy Name               Number  Status   Engine
------------- ----------------------- --------  -------- ---------

PG7-Cluster3  Varonis                        1  on       fp_ex_eng

 

8/2/2017 11:19:43   PG7NETAPPP04-03  WARNING       fpolicy.server.disconnect: Connection to the Fpolicy server '10.13.110.220' is broken ( reason: 'FPolicy server is removed from external engine.' ).
8/2/2017 11:19:42   PG7NETAPPP04-01  WARNING       fpolicy.server.disconnect: Connection to the Fpolicy server '10.13.110.220' is broken ( reason: 'FPolicy server is removed from external engine.' ).
8/2/2017 11:19:42   PG7NETAPPP04-02  WARNING       fpolicy.server.disconnect: Connection to the Fpolicy server '10.13.110.220' is broken ( reason: 'FPolicy server is removed from external engine.' ).
8/2/2017 11:19:42   PG7NETAPPP04-04  WARNING       fpolicy.server.disconnect: Connection to the Fpolicy server '10.13.110.220' is broken ( reason: 'FPolicy server is removed from external engine.' ).

 

So

 

engine-connect -node PG7NETAPPP04-03 -vserver PG7-Cluster3 -policy-name Varonis -server 10.13.110.220

 

Result:

 

vserver fpolicy show-engine -vserver PG7-Cluster3 -node PG7NETAPPP04-02 -fields disconnect-reason,server-status,disconnected-since,disconnect-reason
node            vserver      policy-name server        server-status disconnected-since disconnect-reason
--------------- ------------ ----------- ------------- ------------- ------------------ ----------------------------------------
PG7NETAPPP04-02 PG7-Cluster3 Varonis     10.13.110.220 disconnected  8/2/2017 14:19:40  TCP Connection to FPolicy server failed.

 

 

 show-engine -vserver PG7-Cluster3 -node PG7NETAPPP04-02 -fields disconnect-reason,server-status,disconnected-since,disconnect-reason-id
node            vserver      policy-name server        server-status disconnected-since disconnect-reason                        disconnect-reason-id
--------------- ------------ ----------- ------------- ------------- ------------------ ---------------------------------------- --------------------
PG7NETAPPP04-02 PG7-Cluster3 Varonis     10.13.110.220 disconnected  8/2/2017 16:13:26  TCP Connection to FPolicy server failed. 9307

 

 

 ping -destination 10.13.110.220
10.13.110.220 is alive

 

Re: VServer connection to FPolicy Server fails, NetApp Release 8.3.2RC2 cDOt

Hi Rob, I would check the Varonis logs for more info. The account you use to connect may be locked out (password change?), or, if the server was turned off intentionally, perhaps the services on it were disabled.

 

Regarding any latency issues caused by Varonis, I recommend reaching out to Varonis support (support@varonis.com) for assistance here. They'll help you tune your configuration to resolve this.

Re: VServer connection to FPolicy Server fails, NetApp Release 8.3.2RC2 cDOt

Hi

 

After adding the cluster to the Varonis. you must restart the following service for the Varonis to start listening on the dedicated Cdot HTTP/S ports.

 

 

Varonis.png

G