Secure Domain Connector fail-over not working

book

Article ID: 7961

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

We have setup a fully fault tolerant SDM and SDC configuration. However, anytime we try to test fault tolerance, we have found that our backup Secure Domain Connector is not working. It does not matter which of our Secure Domain Manager servers are connected to the backup SDC, we still see everything in alarm. 

We have confirmed that the network firewall has port 6844 open between both SDM servers and both SDC servers. When we run a netstat -an |grep 6844, we see the port has an established connection for both SDM servers. 

Our SDM configurations is using the "-remoteconnect <primary_SDM_IP> -remotebackup <secondary_SDM_IP>" settings. While our SDC configuration is using the "-accecpt" options for each SDM.

Looking at the sdmLog.log file of the backup SDC, the following errors are being generated repeatedly:

ERROR: SdmEtpkiEndpoint::doShutdownSocket() Socket disconnected.
ERROR: SdmEtpkiEndpoint::send() socket invalid.

What is causing this?

Cause

This is clearly not a network related issue, since the backup SDC is able to establish a connection to both SDM servers on port 6844

The errors, point to an application issue, or more likely a configuration issue. Since there are not any problems with the SDM and SDC configuration files, we took a look at the backup SDC server itself, and found the server did not have SNMP running. 

Environment

Spectrum 10.x

Resolution

Spectrum requires the SNMP service be running on the SDC connector server, since the SDC is acting as a pass-through for the polling request of the SDM. If SNMP is not running on the SDC server, Spectrum will not be able to poll the end devices, thus you will see those devices in alarm in Spectrum.