HPE Community
Operating System - HP-UX
1847015 Members
4514 Online
110258 Solutions
New Discussion

Re: MCSG & ident

 
Doug O'Leary
Honored Contributor

‎05-25-2005 01:23 AM

‎05-25-2005 01:23 AM

MCSG & ident

Hey;

I ran into this little issue twice while trying to update a cluster configuration. The error that I received, both times, is as follows:

# cmrunnode
Error: Fail to load data from configuration database.
Internal error: Unable to open communications to configuration daemon: Not owner
Error: Unable to connect to configuration database.
cmrunnode : Unable to determine the nodes on the current cluster
cmrunnode : Either no cluster configuration file exists, or the file is corrupted, or cmclconfd is unable to run

The first time it was pretty easy to fix. Examining the syslog.log showed messages about unable to connect to identd. Remove comment in /etc/inetd.conf and everything works.

Second time was bit more of an issue. identd wasn't commented in /etc/inetd.conf. After *LOTS* of troubleshooting, I found that port 113 was listed as auth, not ident, in /etc/services. Corrected and everything works.

This definitely gets added to the list of symptoms on the lessons learned page...

Hope this helps someone...

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
7 REPLIES 7
Marvin Strong
Honored Contributor

‎05-25-2005 02:03 AM

‎05-25-2005 02:03 AM

Re: MCSG & ident

hmm interesting, I have run into ident problems before with SG. But never had problems with /etc/services.

what do you suspect changed your /etc/services?

I think ident is 113 by default.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎05-25-2005 02:35 AM

‎05-25-2005 02:35 AM

Re: MCSG & ident

I have ident commented out of inetd.conf - and no issues with MC/SG.

It was part of a security initiative - to close down unnecessary ports...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎05-25-2005 04:48 AM

‎05-25-2005 04:48 AM

Re: MCSG & ident

hmm, did you update SG version, or install an SG patch?

You may wish to read the following documents regarding the new security bits in SG:
http://www.docs.hp.com/en/5874/securingserviceguard.pdf
http://www.docs.hp.com/en/6283/SGsecurityfiles.pdf

My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Kent Ostby
Honored Contributor

‎05-25-2005 04:49 AM

‎05-25-2005 04:49 AM

Re: MCSG & ident

Doug -- if you could post the messages that you got on the second server to this thread, I can write up a certified document on the issue.

Best regards,

Kent M. Ostby
"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎05-25-2005 05:35 AM

‎05-25-2005 05:35 AM

Re: MCSG & ident

Hey;

The message after the cmrunnode is the error from the second run. It's the same message for both runs.

Thanks for the links on MCSG security; I'll be reading them shortly.

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎05-26-2005 04:32 AM

‎05-26-2005 04:32 AM

Re: MCSG & ident

I have seen an increase in the number of calls coming into the HP Solution Center pertaining to this issue.

I -believe- the 'auth' line comes from 10.20 install. 11.xx changes the port reference to 'ident' from what I have learned but I'm not certain if upgrading to 11.xx includes a conversion of the 'auth' reference to 'ident'.
Can anyone confirm this.
0 Kudos
Reply
Rashid Hamid
Regular Advisor

‎12-30-2005 08:21 AM

‎12-30-2005 08:21 AM

Re: MCSG & ident

Hi Doug O'Leary

I just hit the problems after edit the cluster configuration.

Thank you very much for the solution.


I wonder why the ident was comment off coz I did not touch inetd or any other configuration files except cluster and pkg configuration files.

Thanks again


Rashid Hamid
I'm Parit Madirono/Parit Betak Boyz
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.