PAMSC / PIM - Selang ERROR: Connection failed
search cancel

PAMSC / PIM - Selang ERROR: Connection failed

book

Article ID: 269861

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

We have PIM 12.8SP1 build 4287 and PAMSC 14.10-50(61) installed on OEL 7.9 with kernel version 5.4.17-2136.319.1.3.el7uek.x86_64. We are unable to selang to PIM/PAMSC and we get error-

# selang
ERROR: Initialization failed, EXITING!
(localhost)
ERROR: Connection failed
ERROR: Failed to receive reply

  • If we run a stack trace against the 'selang' command, we can see that it is attempting to connect to port 8891 on the localhost interface, which is then timing out:

# strace -f /usr/seos/bin/selang
execve("/usr/seos/bin/selang", ["/usr/seos/bin/selang"], 0x7ffe5c245e28 /* 28 vars */) = 0

<SNIP>

connect(3, {sa_family=AF_INET, sin_port=htons(8891), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in progress)

<SNIP>

select(4, [3], NULL, NULL, {tv_sec=0, tv_usec=50000}) = 0 (Timeout)

<SNIP>

Resulting in the error above.

  • If we look at the port locally on the server, via 'lsof', we can see that Control MInder is listening on that port:

# lsof -P -i :8891
COMMAND  PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
seagent 6113 root    8u  IPv4 2218995707      0t0  TCP *:8891 (LISTEN)

  • If we SSH to localhost:8891 the output is successful:

# ssh -v -p 8891 127.0.0.1
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 65: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8891.
debug1: Connection established.

  • If we look at the same port remotely, via 'nmap', we get the same result, although we do see the same extraordinary time delay as when running the 'selang' command locally:

# nmap -sV -p8891 server.someplace 
Starting Nmap 7.92 ( https://nmap.org ) at 2023-06-20 19:50 EDT
Nmap scan report for server.someplace (10.10.10.10)
Host is up (0.017s latency).

PORT     STATE SERVICE    VERSION
8891/tcp open  ddi-tcp-4?
MAC Address: 00:21:F6:47:FD:E1 (Oracle)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 157.84 seconds

And, neither firewalld nor iptables is running, nor is SELinux enabled:

 

Environment

Release : 14.1

Cause

The change in the Linux kernels resolution process caused our processes to try to communicate over IPv6 which is not yet supported.

Resolution

Patch pamsc-14.10.50.74-_LINUX_X64  resolves this issue, upgrade to any build newer than 14.10.50.74-_LINUX_X64 and the issue will be resolved. 

Powered by Wolken Software