Secure Connect Gateway Virtual Edition (Virtual Appliance/SCG-VE): Kan ikke registrere gateway for sikker tilkobling

Summary: Secure Connect Gateway kan ikke registreres på grunn av standard MTU-størrelse, og kan ikke koble til Dell-serverdelen.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Registrering av gateway for sikker tilkobling mislykkes med følgende feil, selv om det lokale systemet kan koble til Dell Enterprise-serverne via port 443 og 8443.

We cannot connect to the Dell backend. Please check and verify your network configuration, ports 8443 and 443 are required and must be open to esrs3-core.emc.com,esrs3-coredr.emc.com.

 

SCG_registration_failed

 

connectivityreport.log:

2023-02-12 07:12:41,863 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , IOException ConnectTimeoutException
2023-02-12 07:12:41,863 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , Exception - Connect to esrs3-core.emc.com:8443 [esrs3-core.emc.com/128.221.236.246] failed: Read timed out
2023-02-12 07:12:41,863 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] connStatus after skipProxy false
2023-02-12 07:12:41,863 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy not enabled, try bypass proxy 
2023-02-12 07:12:41,863 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy is null so skipProxy()
2023-02-12 07:12:41,872 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , IOException ConnectTimeoutException
2023-02-12 07:12:41,872 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , Exception - Connect to esrs3-coredr.emc.com:8443 [esrs3-coredr.emc.com/168.159.224.236] failed: Read timed out
2023-02-12 07:12:41,872 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy false
2023-02-12 07:12:41,872 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy not enabled, try bypass proxy 
2023-02-12 07:12:41,872 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy is null so skipProxy()
2023-02-12 07:12:52,068 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , IOException ConnectTimeoutException
2023-02-12 07:12:52,069 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 8443 , Exception - Connect to esrs3-core.emc.com:8443 [esrs3-core.emc.com/128.221.236.246] failed: Read timed out
2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] connStatus after skipProxy false
2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Call populateConnectivityBean: host esrs3-core.emc.com port: 8443
2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy not enabled, try bypass proxy 
2023-02-12 07:12:52,069 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy is null so skipProxy()
2023-02-12 07:12:52,087 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , IOException ConnectTimeoutException
2023-02-12 07:12:52,088 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 8443 , Exception - Connect to esrs3-coredr.emc.com:8443 [esrs3-coredr.emc.com/168.159.224.236] failed: Read timed out
2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy false
2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Call populateConnectivityBean: host esrs3-coredr.emc.com port: 8443
2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy not enabled, try bypass proxy 
2023-02-12 07:12:52,088 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy is null so skipProxy()
2023-02-12 07:12:54,485 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , IOException SSLHandshakeException
2023-02-12 07:12:54,485 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure
2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server.
2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy true
2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ]  avgCount: 1 timeTaken: 2397 host: esrs3-coredr.emc.com 
2023-02-12 07:12:54,485 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy not enabled, try bypass proxy 
2023-02-12 07:12:54,486 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Proxy is null so skipProxy()
2023-02-12 07:12:54,503 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , IOException SSLHandshakeException
2023-02-12 07:12:54,503 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure
2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server.
2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] connStatus after skipProxy true
2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ]  avgCount: 1 timeTaken: 2434 host: esrs3-core.emc.com 
2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy not enabled, try bypass proxy 
2023-02-12 07:12:54,503 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-1, , ] Proxy is null so skipProxy()
2023-02-12 07:12:56,838 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , IOException SSLHandshakeException
2023-02-12 07:12:56,838 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Host: esrs3-coredr.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server.
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] connStatus after skipProxy true
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ]  avgCount: 2 timeTaken: 4750 host: esrs3-coredr.emc.com 
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Call populateConnectivityBean: host esrs3-coredr.emc.com port: 443
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] Time taken: 4750
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-2, , ] avgPingTime: 2375.0
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] Latch count is   1
2023-02-12 07:12:56,838 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl$GetThread [pool-5-thread-2, , ] ----------------------------------------
2023-02-12 07:12:56,945 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , IOException SSLHandshakeException
2023-02-12 07:12:56,946 ERROR com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , Exception - Received fatal alert: handshake_failure
2023-02-12 07:12:56,946 INFO com.emc.esrs.connectivityreport.service.ConnectivityReportServiceImpl [pool-5-thread-1, , ] Host: esrs3-core.emc.com Port: 443 , SSLException or SSLHandshakeException. Consider this as success as just we are checking connectivity to backend core enterprise server.

 

Nettverkssporene som fanges opp av Tcpdump kommandoen indikerer at SCG-VE kunne koble Dell Enterprise-serverne via portene 443 og 8443.
Nettverksspor fanget opp av tcpdump-kommandoen

 

Cause

Secure Connect Gateway bruker som standard 1500 MTU-størrelse for å koble til Dell Enterprise-servere. Kundens Internett-leverandør tillater imidlertid ikke størrelsen på 1500 MTU.

 

Resolution

Utfør kommandoene nedenfor direkte på SCG-VE for å endre MTU-størrelsen til 1454.
Endring av MTU-størrelsen på eth0 på SCG-VE løser ikke problemet siden en av dokkingstasjonene med navnet "esrsde-app" på SCG-VE, kobles til Dells serverdel.

 

Sjekk gjeldende MTU-størrelse på sae-srs-bro:

ifconfig sae-srs-bridge
# ifconfig sae-srs-bridge
sae-srs-b Link encap:Ethernet  HWaddr 02:42:25:62:85:66
          inet addr:172.18.0.1  Bcast:172.18.0.7  Mask:255.255.255.248
          inet6 addr: fe80::42:25ff:fe62:8566/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2472 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2528 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12309976 (11.7 Mb)  TX bytes:289066 (282.2 Kb)

Ta et øyeblikksbilde av den virtuelle maskinen før noen endringer utføres som beskrevet nedenfor:

docker network disconnect sae-srs-bridge saede-app
docker network disconnect sae-srs-bridge esrsde-app
docker network disconnect sae-srs-bridge esrsalert-app
docker network rm sae-srs-bridge
docker network create --driver bridge --subnet 172.18.0.1/29 --opt com.docker.network.bridge.name=sae-srs-bridge --opt com.docker.network.driver.mtu=1454 sae-srs-bridge
docker network connect sae-srs-bridge esrsde-app
docker network connect sae-srs-bridge saede-app
docker network connect sae-srs-bridge esrsalert-app

Verifisere:

ifconfig sae-srs-bridge
# ifconfig sae-srs-bridge
sae-srs-b Link encap:Ethernet  HWaddr 02:42:DE:D8:AB:D2
          inet addr:172.18.0.1  Bcast:172.18.0.7  Mask:255.255.255.248
          inet6 addr: fe80::42:deff:fed8:abd2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1454  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:746 (746.0 b)

 

FYI:
Hvis du ikke får tilgang til brukergrensesnittet etter endringen ovenfor, må du enten starte VM på nytt og vente i 4 minutter på at beholdere skal initialiseres. Eller start tjenesten systemctl på nytt, start esrsve.service på nytt.

 

Affected Products

Secure Connect Gateway, Secure Connect Gateway - Virtual Edition
Article Properties
Article Number: 000210912
Article Type: Solution
Last Modified: 24 Jul 2024
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.