13 Replies Latest reply on Jul 19, 2019 11:09 PM by Tammy Ryan

    Patrol Agent denied the connection

    Robert Pidde
      Share This:

      Hi Community,

       

      I installed a TSIM and a TSPS with version 11.3.02. I created a package with Patrol Agent and installed it on both servers. They successfully connected to TSIM and were displayed in TSPS. After a bug I tried to reinstall the agents but now I get this error in TrueSightAgent[..].log:

       

      Agent received a connection request from /4.2.12.168

      Agent denied the connection attempt from /4.2.12.168 as it is already connected to another server ( /4.2.12.196 ).

       

      I reinstalled the whole system (TSIM, TSPS and Patrol Agents) again, but the error persists.

       

      Can anyone help me?

       

      Regards,

      Robert

        • 1. Re: Patrol Agent denied the connection
          Roland Pocek

          hi Robert Pidde

           

          are you talking about the integration service that is not accepting patrol agent connections? what bug did you have and what was changed then? the message shows different ip, what is the .196 ip then?

           

          also please check Unable to connect to local ProactiveNet Agent.

          Integration service fails to connect to TrueSight Infrastructure Management Server

           

          thank you

          cheers

          rop

          1 of 1 people found this helpful
          • 2. Re: Patrol Agent denied the connection
            Robert Pidde

            Hi Roland,

             

            yeah, that's exactly what I meant. The integration service from TSIM does not accept the connection from the patrol agent.

            This was my first installation and I had the bug that my patrol user was an invalid user. I couldn't fix it, so I reinstalled the TSIM, but nothing changed.

            Then I reinstalled everything again, but the error is still there. I thought it is because of TSIM, so I installed the TSIM on a new server.

            The .196 IP is the old TSIM.

             

            Thank You

            Regards,

            Robert

            • 3. Re: Patrol Agent denied the connection
              Roland Pocek

              did the 2 links help you fix the issue? its exactly the same issue in the articles as you described

              • 4. Re: Patrol Agent denied the connection
                Robert Pidde

                I read the two articles before, but the errors that are described in their logs don't occur to me there.

                • 5. Re: Patrol Agent denied the connection
                  Roland Pocek

                  hi,

                   

                  if you checked the articles and it is not helping i would suggest to open a ticket with suppot, but please post the solution if you got one then

                   

                  PROBLEM:

                   

                   

                   

                  Unable to connect to local ProactiveNet Agent. The ProactiveNetAgent.log shows :

                    

                  INFO 09/04 19:43:09 Agent [SessionHandler(DspMsg-AgentCntl] 102451 Agent 10494 initialization completed.
                  INFO 09/04 19:50:07 Agent [AC_Listener] 102456 Agent received a connection request from /172.28.8.125
                  WARN 09/04 19:50:07 Agent [AC_Listener] 102736 Agent denied the connection attempt from /172.28.8.125 as it is already connected to another server ( /172.28.8.125).

                   

                   

                   

                   

                  SOLUTION:

                   

                   

                   

                  Legacy ID:KA354252

                    

                  The first line shows that the agent id is 10494 but for a local agent this should be 10001. This indicates that another agent has 'stolen' the local agent's connection the the agent Controller.

                   

                  In the Admin console, see if there is an agent that has IP address 0.0.0.0 as this would be the cause of the problem. The fact that it has IP address of 0.0.0.0 indicates that there has been a name resolution problem. Edit the IP address of the device which will also change the IP address of the agent. Then restart the agent controller and the local Agent.

                   

                  thanks

                  cheers rop

                  • 6. Re: Patrol Agent denied the connection
                    Robert Pidde

                    Hi Roland,

                     

                    Thanks for your help.

                    I have already created a ticket, but there hasn't been a solution yet. If I have a solution I will post it here.

                     

                    Thanks

                    Regards,

                    Robert

                    • 7. Re: Patrol Agent denied the connection
                      Robert Pidde

                      Hi Roland,

                       

                      I am contacting you because I have a question regarding to TSIM.

                      Does the TSIM have its own Integration Service and can I connect the Patrol Agents to it?

                       

                       

                      Especially I mean this proactive server.

                       

                      Kind Regards,

                      Robert

                      • 8. Re: Patrol Agent denied the connection
                        Thad White

                        Hi Robert,

                          Yes the TSIM server has an integration service and agents can be connected to it but it is not recommended for production use.  We use it for small setups when showing customers how things connect together, etc…

                         

                        Thanks,

                        Thad White

                        3 of 3 people found this helpful
                        • 9. Re: Patrol Agent denied the connection
                          Roland Pocek

                          I totally agree with Thad White

                          • 10. Re: Patrol Agent denied the connection
                            Robert Pidde

                            Thank you so much for your reply Thad.

                            I asked because the agent is not connecting to the integrated IS of TSIM. They only connect to an external IS.

                            Do I have to make any extra settings for the Partol Agents to connect to the IS of the TSIM?

                            Thanks,

                            Robert

                            • 11. Re: Patrol Agent denied the connection
                              Roland Pocek

                              hi,

                               

                              OOTB the integration service should work and behave as every other external IS, I sometimes use the TSIM integration service as a staging integration service, but for this it must be configured as staging and you would need a staging policy.

                              in my labs I have all the agents connected directly to TSIM IS without any additional configuration.

                               

                              do you get any errors or so in the agent log when it tries to connect? do you use encryption?

                               

                              cheers

                              rop

                              • 12. Re: Patrol Agent denied the connection
                                Robert Pidde

                                Hi Roland,

                                 

                                I've solved the problem by my self after a long search. The log file bppmpis-SA_DEFAULT-tsim-server.errs.log contained following:

                                 

                                "ESS Error: Security policy is either missing or unreadable: /etc/patrol.d/_opt_bmc_TSIM_pw/security_policy_v3.0/bppmpis.plc/common /etc/patrol.d/_opt_bmc_TSIM_pw/security_policy_v3.0/bppmpis.plc/server /etc/patrol.d/_opt_bmc_TSIM_pw/security_policy_v3.0/bppmpis.plc/common /etc/patrol.d/_opt_bmc_TSIM_pw/security_policy_v3.0/bppmpis.plc/server >-4<"

                                 

                                After I copied the folder "_opt_bmc_TSIM_pw" from another IS to it and restarted the TSIM, they connected the agents to the TSIM.

                                Why is the folder not created during installation?

                                 

                                Thank you for your help.

                                 

                                Best Regards,

                                Robert

                                1 of 1 people found this helpful
                                • 13. Re: Patrol Agent denied the connection
                                  Tammy Ryan

                                  We had a similar error:

                                  Sat Jul 13 11:01:59 PM 2019: ESS Error: ESS_Policy_InitSecurityPolicy() failed >-4<

                                  Sat Jul 13 11:01:59 PM 2019: ESS Error: Security policy is either missing or unreadable: /etc/patrol.d/security_policy_v3.0/proxy.plc/common /etc

                                  /patrol.d/security_policy_v3.0/proxy.plc/client /etc/patrol.d/security_policy_v3.0/proxy.plc/common /etc/patrol.d/security_policy_v3.0/proxy.plc/

                                  client >-4<

                                  Sat Jul 13 11:01:59 PM 2019: Integration Service Client policy should be at security level 2. Current Level = -1.

                                  Sat Jul 13 11:01:59 PM 2019: Could not load bmcesi. May not be able to connect to Integration Service.Make sure proxy_lib variable is correctly d

                                  efined in patrol.conf.

                                  Sat Jul 13 11:01:59 PM 2019: Could not connect to Integration Service. bmcesi library is not loaded.

                                   

                                  We resolved it by running the agent_configure.sh script ( ./agent_configure.sh -d).   This script is run at install time and sets permissions and does a bunch of other stuff.  Well apparently it did the trick, the Patrol Agent is connected to the IS.

                                  2 of 2 people found this helpful