Discovery failing and permission denied messages in discovery_agent logs

book

Article ID: 129066

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

Hub tunnel communications between primary and secondary were being reset. This was preventing discovery_server and _agent communications from completing. This was showing up in the hub and discovery logs with permission and access denied messages for the record_agent_status command. 

Following is found in the secondary hubs discovery_agent log showing the permission denied.
Mar 08 15:50:10:843 [StatusUpdaterOnConfig, discovery_agent] Encountered error updating Discovery Agent status to Discovery Server (/Domain/PrimaryHub/Robot/discovery_server): (6) permission denied, Received status (6) on response (for sendRcv) for cmd = 'record_agent_status'. 
Mar 08 15:50:10:843 [StatusUpdaterOnConfig, discovery_agent] Error trying to send status: PDS [ht={probe_version=Element [buf=null, pds=null, tpds=null, type=7, value=8.51], state=Element [buf=null, pds=null, tpds=null, type=7, value=NO_SCHEDULE], agent_address=Element [buf=null, pds=null, tpds=null, type=7, value=/Domain/SecondaryHub/Robot/discovery_agent]}] 
Mar 08 15:50:10:844 [StatusUpdaterOnConfig, discovery_agent] (6) permission denied, Received status (6) on response (for sendRcv) for cmd = 'record_agent_status' 

The following is found in the primary hub log:
Mar 8 15:49:13:521 [2516] hub: taccess_lock - taccess_check 
Mar 8 15:49:13:521 [2516] hub: taccess_check: - [1] xxx.xxx.xxx.xxx/53479 /Domain/PrimaryHub/Robot/discovery_server record_agent_status discovery_agent 
Mar 8 15:49:13:521 [2516] hub: taccess_unlock - taccess_check 

Cause

The taccess messages in the primary hub are referencing the Access List found in the hub tunnel configuration.  When these access lists are configured, tunnel communications can be blocked.


screenshot of the hub Tunnels Access List

Environment

UIM 8.51
Hub 7.93
discovery_server 8.51 
discovery_agent 8.51 

Resolution

Removing any entries in the hubs Tunnel Access List will allow communications over the tunnel to be unrestricted.

Attachments