Updates failing on Solaris 10 (11/06) - x86
Hi there,
Just installed brand new installation of Solaris 10 x86 (11/06) for my company.
Started updatemanager and sucessfully registered our username, as the system is connected to the internet via a proxy server.
However, i'm unable to download any patches it seems.
Update Manager GUI reports:
Error occurred while executing the command or while downloading the detectors or databases current or while analyzing the system to determine the updates. Verify that valid options and arguments are specified with the command and that the systems is configured and registered properly.
The detailed error message is :
Failure: Cannot connect to retrieve detectors.jar: Read timed out
smpatch analyze reports:
Failure: Cannot connect to retrieve detectors.jar: Read timed out
Proxy server reports:
07/24/07 13:53:4910.171.4.52Guest0000000009Requested:SSL://getupdates1.sun.com:443
07/24/07 13:53:4910.171.4.52Guest0000000009Debug:WWW Session processing SSL TUNNELING request in thread 8fc
07/24/07 13:53:4910.171.4.52Guest0000000009Debug:WWW Session sending server request in thread 8fc
07/24/07 13:53:4910.171.4.52Guest0000000008Debug:WWW Session processing HTTP response in thread 9f4 - response code 200
07/24/07 13:53:4910.171.4.52Guest0000000009Debug:WWW Session processing HTTP response in thread 8fc - response code 200
07/24/07 13:54:1410.171.4.52Guest0000000007Debug:Client closed connection in thread 1d8
Has anyone any ideas as to what is going wrong?
Its seems that i am making the connection to the update site on SSL, but then something is failing?
Do i need to install another patch manually first?
Thanks in advance for any help.
Michael
[1805 byte] By [
mdreelinga] at [2007-11-27 11:33:48]
# 1
Please provide the output of the following commands:
$ smpatch get
$ showrev -p | cut -d" " -f2 | sort > /tmp/showrev-p
$ egrep '11978[8|9]|12033[5|6]|12108[1|2]' /tmp/showrev-p
$ egrep '12111[8|9]|12145[3|4]|12156[3|4]' /tmp/showrev-p
$ egrep '12223[1|2]|12300[3|4|5|6]|12446[3|6]' /tmp/showrev-p
$ egrep '1241[71|87]|12461[4|5]' /tmp/showrev-p
Could you also tell us what type of HTTP proxy is in use?
# 2
Hi,
Thanks a million for coming back so quickly :-)
The proxy server is :
Cisco Application and Content Networking System version 5.5.5
It uses some form of Active Directory Authentication (as in once you are logged into Windows you don't need to enter a password to access it)
However, i have noticed that i'm unable to access the internet on the Solaris 10 Box using Mozilla (or any other browser), no matter if i put in the correct proxy details or not. Its like the proxy doesn't support Solaris clients?
I'm not using IPV6.
I managed to register my Sun Online account by installing WinProxy on my WinTel machine and using that as a passthrough, it also supports SSL. (I can log into several SSL sites now from Mozilla on Solaris)
_
# smpatch get
patchpro.backout.directory "" ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory /var/sadm/spool /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host myproxy.us.myserver ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port 80 8080
patchpro.proxy.user michael ""
# egrep '11978[8|9]|12033[5|6]|12108[1|2]' /tmp/showrev-p
119789-08
120336-04
121082-06
# egrep '12111[8|9]|12145[3|4]|12156[3|4]' /tmp/showrev-p
121119-09
121119-12
121454-02
# egrep '12223[1|2]|12300[3|4|5|6]|12446[3|6]' /tmp/showrev-p
123004-02
123006-05
124466-02
# egrep '1241[71|87]|12461[4|5]' /tmp/showrev-p
124187-03
124189-02
124615-01
# 3
The fact that you cannot access the internet from this system would inidicate that you have a problem bigger than using Sun Update Connection. However it is unusual that you were able to successfully register this system.
In order for Sun Update Connection to work, it must be able to access the following sites:
sun.com72.5.124.6180 - used to verify account details
cns-services.sun.com198.232.168.133443 - used during registration
getupdates1.sun.com198.232.168.136443 - patch source
a248.e.akamai.net no defined IP 443 - this is a load balancer
cns-transport.sun.com198.232.168.137443 - "optional" support via web portal
Please can you run the following commands:
# /usr/lib/cc-ccr/bin/ccr -g cns.assetid
# ping myproxy.us.myserver
# ping -s myproxy.us.myserver
# traceroute -p 80 myproxy.us.myserver
# telnet myproxy.us.myserver 80
If you can successfully connect to the proxy, then enter the following:
CONNECT getupdates1.sun.com:443 HTTP/1.1 <PRESS_ENTER_TWICE>
Please can you forward us the command output generated from the above.
# 4
[nobr]Thanks again for coming back to us.
The only reason i was able to register this machine is that i pointed it to a temporary Windows proxy which has since been retired.
The new hardware is a Cisco Proxy.
I think it is our proxy that is causing the problem, it could be the NTLM authentication? I think Mozilla has a problem which they have address since 1.7.5 to correct proxy connection errors to NTLM servers.
Unfortunately, this proxy is corporate, and i have no choice but to solve the issue for our Solaris machine, rather than pointing to another proxy (which in fact there isn't, if there was i'd use it)
Here is my output.... names and ip's changed
# /usr/lib/cc-ccr/bin/ccr -g cns.assetid
69e3IYbsEWGYkbEj4Sh7IC/MmzM=
# ping myproxy.us.mydomain
myproxy.us.mydomain is alive
# ping -s myproxy.us.mydomain
PING myproxy.us.mydomain: 56 data bytes
64 bytes from cisco-proxy.us.mydomain (1.2.3.4): icmp_seq=0. time=99.2 ms
64 bytes from cisco-proxy.us.mydomain (1.2.3.4): icmp_seq=1. time=98.8 ms
64 bytes from cisco-proxy.us.mydomain (1.2.3.4): icmp_seq=2. time=98.9 ms
64 bytes from cisco-proxy.us.mydomain (1.2.3.4): icmp_seq=3. time=98.9 ms
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 98.9/99.6/101./0.94
# traceroute -p 8080 myproxy.us.mydomain
traceroute: Warning: Multiple interfaces found; using 5.6.7.8 @ e1000g0
traceroute to myproxy.us.mydomain (1.2.3.4), 30 hops max, 40 byte packets
1 vlan1.mycompany.com (2.2.2.4) 0.791 ms 0.769 ms 0.673 ms
2 vlan2.mycompany.com (2.2.2.5) 0.245 ms 0.207 ms 0.258 ms
3 traffic.mycompany.com (2.2.2.6) 99.343 ms 99.013 ms 99.495 ms
4 traffic2.mycompany.com (2.2.2.7) 98.739 ms 102.793 ms 98.765 ms
5 1.2.3.4 (1.2.3.4) 98.790 ms 98.738 ms 98.785 ms
6 cisco-proxy.us.mydomain (1.2.3.4) 98.862 ms 98.858 ms 98.726 ms
Sorry, but for this part i did not know how to pass my username/password?
# telnet myproxy.us.mydomain 8080
Trying 1.2.3.4...
Connected to cisco-proxy.us.mydomain.
Escape character is '^]'.
CONNECT getupdates1.sun.com:443 HTTP/1.1
HTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: NTLM
Content-Length: 372
Content-Type: text/html
Proxy-Connection: Close
<HTML><HEAD>
<TITLE>ERROR: Proxy authentication failure</TITLE>
</HEAD><BODY>
<H2>Proxy authentication failure</H2>
<HR>
<P>
Proxy authentication failed or is missing.
</P>
<br clear="all">
<hr noshade size=1>
Generated Thu, 26 Jul 2007 15:54:19 GMT by cisco-proxy
(<a href="http://www.cisco.com/">Application and Content Networking System Software 5.5.5</a>)
</BODY></HTML>
Connection to cisco-proxy.us.mydomain closed by foreign host.
[/nobr]
# 5
NTLM authentication is not compatible with the SunUC toolset.
Could the proxy be configured to fail back to basic authentication?
