Latency while accessing shares due FPolicy service account privileges

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 124

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9 and later
Komprise Fpolicy

Issue

Performance of shares degraded due to Fpolicy server errors
FPolicy is not responding to notifications. Engine shows connected.
Scan-mandatory is set to true
EMS logs:

Thu Feb 01 09:52:46 +0000 [NETAPP-02: kernel: Nblade_CifsOperationTimedOut_1:error]: params: {'commandName': 'SMB2_COM_SET_INFO', 'suspensionCnt': '3160', 'cmdRestartCnt': '0', 'lastCsmError': 'CSM_OK', 'remoteBladeID': '3ehg6fa4-0cc4-11ea-a9ed-d039de126683 (NETAPP-02)', 'isQosEnabled': 'QoS_disabled', 'lastSpinNpError': 'SPINNP_ERR_FPOLICY_REQD', 'clientIpAddress': '10.18.79.46', 'localIpAddress': '16.22.02.62', 'vserverId': '6', 'dsId': '1288', 'vserverName': 'SVM03'}

[?] Thu Feb 01 09:53:30 +0000 [NETAPP-02: kernel: Nblade.fpolPassthruDisconn:info]: Pass-through read channel with the FPolicy server is disconnected. Vserver ID [13], FPolicy server IP address [16.22.44.24], Disconnect reason [Connection closed by pipe client (FPolicy server)].

[?] Thu Feb 01 09:55:15 +0000 [NETAPP-02: fpolicy: fpolicy.server.connectError:error]: Node failed to establish a connection with the FPolicy server "16.22.44.24" of policy "komprise-SVM03" for Vserver SVM03 (reason: "Select Timed out.").

FPolicy service account (on FP Engine) is not able to start/enable FPolicy
FPolicy service account is not able to write to logs, modify registry settings, etc.