Frequent disconnection to FPolicy server due to concurrent access from two different collectors
Applies to
- ONTAP 9
- Varonis
- FPolicy
Issue
- Connection to the FPolicy server disconnects frequently
- Below error messages can be seen in event logs :
[cluster-01: mgwd: mgmt.fpolicy.policy.disabled:info]: FPolicy policy Varonis is disabled on Vserver SVM.
[cluster-01: fpolicy: fpolicy.server.disconnect:error]: Connection to the FPolicy server "10.10.10.51" is broken ( reason: "FPolicy server is removed from external engine." ).
- AUDIT-MLOG-TXT.GZ under ASUP shows the incoming fpolicy disable/enable ONTAPI request from 2 different servers
[kern_audit:info:1840] 8503e80002f1f371 :: cluster-s1:ontapi :: 10.10.10.51:49623 :: SVM:DOMAIN\priv_user :: fpolicy-disable-policy :: Success:
[kern_audit:info:1840] 8503e80002f1f399 :: cluster-s1:ontapi :: 10.10.10.51:49626 :: SVM:DOMAIN\priv_user :: fpolicy-enable-policy :: Success:
[kern_audit:info:1840] 8503e80002f1f4bc :: cluster-s1:ontapi :: 10.11.12.91:54216 :: SVM:DOMAIN\priv_user :: fpolicy-disable-policy :: Success:
[kern_audit:info:1840] 8503e80002f1f4f8 :: cluster-s1:ontapi :: 10.11.11.91:54221 :: SVM:DOMAIN\priv_user :: fpolicy-enable-policy :: Success:
- Running the command
vserver fpolicy show
back-to-back may show inconsistent results in the status column