Data Infrastructure Insights

Initialization of the NetApp ONTAP SVM Data Collector for Cloud Secure is failing

knieberg
6,862 Views

Hello Team,

 

my customer is facing the following issue:

Untitled.png

what are we doing wrong?

Thanks

1 ACCEPTED SOLUTION

knieberg
6,823 Views

Thanks @abhit.

 

in combination with this:

Troubleshooting hints

Topic

Commands / Purpose

Comment

Firewall
Cloud Secure 

Communication with SVM target is not stable / not working. ensure firewall rule set is set accordingly:

firewall-cmd --permanent --zone=public --add-port=35000-55000/tcp
firewall-cmd --reload

You can check on the ONTAP system ports used:

ocisedev::vserver fpolicy policy> external-engine show                         Primary           Secondary                ExternalVserver     Engine       Servers           Servers             Port Engine Type----------- -----------  ----------------- ----------------- ------ -----------demoGroupShares                                               35005 asynchronous            metadata_    10.197.144.120    -            service_            demoGroupSh            ares_enginedemoGroupShares2                                              35003 asynchronous            metadata_    10.197.144.125    -            service_            demoGroupSh            ares2_            engine2 entries were displayed.

 

 

 

it was perfect!

View solution in original post

5 REPLIES 5

aladd
6,838 Views

Hello @knieberg 

 

 The error seems to be pointing out termination by an external fpolicy server. I would suggest opening a support case for this issue.

abhit
6,829 Views

It is most likely that firewall is blocking these ports in the agent machine.

Could you please check if the port range 35001-35100/tcp is opened for the agent machine to connect from the SVM?

Also make sure that there are no firewalls enabled in the ONTAP side blocking any communication to the agent machine.

Please look into the documentation under "Network Configuration" on how to disable firewall in the agent machine.

https://docs.netapp.com/us-en/cloudinsights/task_cs_add_agent.html#before-you-begin

 

-Abhi

 

knieberg
6,824 Views

Thanks @abhit.

 

in combination with this:

Troubleshooting hints

Topic

Commands / Purpose

Comment

Firewall
Cloud Secure 

Communication with SVM target is not stable / not working. ensure firewall rule set is set accordingly:

firewall-cmd --permanent --zone=public --add-port=35000-55000/tcp
firewall-cmd --reload

You can check on the ONTAP system ports used:

ocisedev::vserver fpolicy policy> external-engine show                         Primary           Secondary                ExternalVserver     Engine       Servers           Servers             Port Engine Type----------- -----------  ----------------- ----------------- ------ -----------demoGroupShares                                               35005 asynchronous            metadata_    10.197.144.120    -            service_            demoGroupSh            ares_enginedemoGroupShares2                                              35003 asynchronous            metadata_    10.197.144.125    -            service_            demoGroupSh            ares2_            engine2 entries were displayed.

 

 

 

it was perfect!

abhit
6,217 Views

2 more reasons why the connection between SVM and DSC may fail, though ping from SVM Lif to Agent box, Agent box to SVM Lif is working fine.

 

  1. While adding the DSC via SVM IP and vsadmin credentials, please check if the SVM Lif has is Data+Mgmt role enabled. If yes, please create a SVM Mgmt Only Lif and try connecting via this SVM management only Lif.
  1. Also these kind of errors are seen, when same SVMs are added twice via 2 different DSCs by mistake. It will good to recheck if by mistake, the same SVM has been added by 2 different DSCs.

Regards

Abhi

abhit
6,214 Views

Also, if the DSC to SVM connection is over WAN the connection will not work.

Both should be in close proximity to each other.

-Abhi

Public