Agent on non standard port
I'm having a problem with the agent on a specific machine, a V480 running Solaris 9. I have installed using the same image as a number of other machines, the only difference being post install I have changed the agent port from 161 to 4161 using es-config command and when the agent restarts it binds without errors. I can also see the port in use afterwards in a netstat -an.
I can't get either snmp-ping or Sun Management Center agent - host to work on the console, I have checked the domain file and the seeds and can see traffic going back and forth between the server and this client, what I can't see is any errors on the client or server.
Any pointers?
Tim
[691 byte] By [
zeroburn] at [2007-11-26 5:59:22]
# 1
Hi Tim,
> I'm having a problem with the agent on a specific
> machine, a V480 running Solaris 9. I have installed
> using the same image as a number of other machines,
> the only difference being post install I have changed
> the agent port from 161 to 4161 using es-config
> command and when the agent restarts it binds without
> errors. I can also see the port in use afterwards in
> a netstat -an.
>
> I can't get either snmp-ping or Sun Management Center
> agent - host to work on the console, I have checked
> the domain file and the seeds and can see traffic
> going back and forth between the server and this
> client, what I can't see is any errors on the client
> or server.
>
> Any pointers?
Well, the snmp-ping type icon should always work if the port and community are correct (and you didn't manually disable SNMPv1). But the regular "Sun Management Center Agent - Host" icon will use snmpv2usec communication, so your seeds must be correct.
SunMC snmp security is based on:
a) seed string
b) IP address
c) port
...and if any of those change you need to reseed. Try this:
1) Shut down the Agent:
/opt/SUNWsymon/sbin/es-stop -a
2) Run the reseed script:
/opt/SUNWsymon/sbin/es-run base-usm-seed.sh -s SEED -c agent
(replace SEED with the same string you specified when you installed your Server, and say "yes" to overwriting any files)
3) Restart the Agent:
/opt/SUNWsymon/sbin/es-start -a
4) Wait a few minutes for the Agent to start up and sync security with the Server, then make a new "Sun Management Center Agent - Host" icon (remembering to specify your non-standard port)
If that doesn't work, then either you have the wrong seed, or the Agent may be having some IP address confusion (if it has more than one interface).
Let me know if these steps clear up your problem.
Regards,
Mike Kirk
# 2
Mike, thanks for the reply, apologies it took a while to get back to you.
I tried everything suggested below and had no luck, I also upgraded to update 1 of SunMC and reinstalled the agent with everything running on port 1161 rather than 161. On a linux box I can do an snmpget as follows:
[root@nagios etc]# snmpget -c public -p 1161 132.5.130.50 system.sysDescr.0
system.sysDescr.0 = SUNW,Sun-Fire-480R
I know everything points towards the seed being incorrect but I have re-generated it five times now without any luck. Is there anyway to get debug information out of this process?
Thanks,
Tim
# 3
Tim,
If you're positive the seed is correct, then the only thing left I can think of is if your Agent is seeding against the wrong IP.
This file on your Agent contains its hostname:
/var/opt/SUNWsymon/cfg/domain-config.x
...in the "agent" section is a "agentServer" key. That hostname gets resolved to an IP when you seed. If this problem system has more than one NIC/interface, the Agent may be using an IP from a different network than your Server is on. To be sure, change that hostname to the Agents IP address that's on your Servers network, shutdown, reseed, wait a couple minutes, and try making an icon again.
Is your Server multihomed as well and maybe this Agent is on a network diferent from all the others.
Last possibility is if you've change the IP of your Server... perhaps it's not listening anymore. Look at the contents on this file on your Server:
/var/opt/SUNWsymon/cfg/multiip.dat
...and see if the IP inside is a legit IP for the Server.
Unless you have a firewall issue someplace, this has to work :)
Regards,
Mike Kirk
# 4
Add the following entry to each section inside domain-config.x, it tells the agent to reply on the same interface that it received a query:
snmpBindAnyAddr = 0
You should also delete all of the agent-* files in /var/opt/SUNWsymon/cfg/ before re-seeding, just to make sure they are being re-generated from scratch. We've seen an instance or two of an agent security file contain an incorrect entry (an encoded hex string, not easy to see) even after re-seeding multiple times, and that causes the agent to try and start up on the wrong port.
