Avamar: MCS message "getsockname failed: Bad file descriptor"
Summary: Avamar: MCS message "getsockname failed: Bad file descriptor"
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
The following errors are reported in the Event Management of Avamar UI:
The following messages are found in the messages log on the Avamar data node:
error: getsockname failed: Bad file descriptor
The following messages are found in the messages log on the Avamar data node:
less /var/log/messages
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: Invalid user MCUser from 192.xxx.x.x(Example)
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: input_userauth_request: invalid user MCUser
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: Failed keyboard-interactive/xxx for invalid user MCUser from 192.xxx.x.x(Example) port xxxx ssh2
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: Postponed keyboard-interactive for invalid user MCUser from 192.xxx.x.x(Example) port xxxx ssh2
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: error: xxx: User not known to the underlying authentication module for illegal user MCUser from 192.xxx.x.x(Example)
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: Failed keyboard-interactive/xxx for invalid user MCUser from 192.xxx.x.x(Example) port xxxx ssh2
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: Disconnecting: Too many authentication failures for MCUser
Oct 4 19:28:54 AvamarUtilityNode sshd[108141]: error: getsockname failed: Bad file descriptorCause
Possible causes include
SSH requests are made to the Avamar server using an account and the requests are denied.
The messages do not represent an error. If the cause is known, they can be ignored.
- A network security scan testing passwords.
- Storage management software misconfigured to use the MCUser account (Such as "APTARE").
SSH requests are made to the Avamar server using an account and the requests are denied.
The messages do not represent an error. If the cause is known, they can be ignored.
Resolution
1. Locate the source IP or hostname of the SSH requests (from the errors in /var/log/messages):
a. Determine if a script or process is running.
b. Verify the authentication methods being used. Usage of the MCUser account is not permitted to Avamar OS.
c. If the host cannot be located, and there are no scripts or programs running, this may be considered malicious. Take the necessary precautions to remove the intrusion.
2. Enable the avfirewall service on the Avamar server to prevent requests from an unknown IP address. See the Avamar Security Guide for more details.
a. Determine if a script or process is running.
b. Verify the authentication methods being used. Usage of the MCUser account is not permitted to Avamar OS.
c. If the host cannot be located, and there are no scripts or programs running, this may be considered malicious. Take the necessary precautions to remove the intrusion.
2. Enable the avfirewall service on the Avamar server to prevent requests from an unknown IP address. See the Avamar Security Guide for more details.
Affected Products
AvamarProducts
Avamar, Avamar ServerArticle Properties
Article Number: 000169666
Article Type: Solution
Last Modified: 24 Sep 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.