Secure Domain Connector fail-over not working

Document ID : KB000007961
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We have setup a fully fault tolerant SDM and SDC configuration. However, anytime we try to test fault tolerance, we have found that our backup Secure Domain Connector is not working. It does not matter which of our Secure Domain Manager servers are connected to the backup SDC, we still see everything in alarm. 

 

We have confirmed that the network firewall has port 6844 open between both SDM servers and both SDC servers. When we run a netstat -an |grep 6844, we see the port has an established connection for both SDM servers. 

 

Our SDM configurations is using the "-remoteconnect <primary_SDM_IP> -remotebackup <secondary_SDM_IP>" settings. While our SDC configuration is using the "-accecpt" options for each SDM.

 

Looking at the sdmLog.log file of the backup SDC, we see the following errors reported over and over:

  ERROR: SdmEtpkiEndpoint::doShutdownSocket() Socket disconnected.

  ERROR: SdmEtpkiEndpoint::send() socket invalid.

What are we overlooking?

Resolution:

This is clearly not a network related issue, since the backup SDC is able to establish a connection to both SDM servers on port 6844. 

 

The errors, point to an application issue, or more likely a configuration issue. Since there are not any problems with the SDM and SDC configuration files, we took a look at the backup SDC server itself, and found the server did not have SNMP running. 

 

Spectrum requires the SNMP service be running on the SDC connector server, since the SDC is acting as a pass-through for the polling request of the SDM. If SNMP is not running on the SDC server, Spectrum will not be able to poll the end devices, thus you will see those devices in alarm in Spectrum.