HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SeriveGaurd not coming up after the Quality Pack I...
Operating System - HP-UX
1825791
Members
2381
Online
109687
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2007 03:38 AM
02-16-2007 03:38 AM
Hi,
Recently I have installed the quality pack patches as below
GOLDAPPS11i,GOLDBASE11i of June 2006 from June 2004
HWEnable11i of September 2005 from June 2004.
It worked fine for me on the servers which are running without ServiceGaurd but while installing the same on cluster servers I had problem in starting the cluster after the reboot of the server.
When I had run the cmruncl it took a long time and nothing came up,I found the dameons were running and in the console the error was showing as
==============================================================
rexsin09 cmclconfd[11336]: Unable to connect to server 127.0.0.1 on port 113 (Connection refused).
rexsin09 cmclconfd[11336]: Unable to properly gather the remote user for fd 4. Please make sure the remote node is running identd.
cmcheckconf -C /etc/cmcluster/rac.ascii
Begin cluster verification...
Internal error: Unable to open communications to configuration daemon: Not owner
Error: Unable to connect to configuration database.
Internal error: Unable to open communications to configuration daemon: No such file or directory
=======================================================================================
The errors were same on both the nodes.
I finally made a fix by starting the dameon /usr/lbin/identd after which I was able to start the cluster and make the packages up.
But I had checked that these daemons were not running before the installation of the patches.
identd service was required to start by my self and I could not find this in the Service Guard guide.
Could anyone help me out more on this and what would be a permanent fix for this so that It would not ask for the identd dameon or any suggestions/precautions as I would be going ahead of patching the same on remaining service gaurd machines.
Thanks in Advance
Recently I have installed the quality pack patches as below
GOLDAPPS11i,GOLDBASE11i of June 2006 from June 2004
HWEnable11i of September 2005 from June 2004.
It worked fine for me on the servers which are running without ServiceGaurd but while installing the same on cluster servers I had problem in starting the cluster after the reboot of the server.
When I had run the cmruncl it took a long time and nothing came up,I found the dameons were running and in the console the error was showing as
==============================================================
rexsin09 cmclconfd[11336]: Unable to connect to server 127.0.0.1 on port 113 (Connection refused).
rexsin09 cmclconfd[11336]: Unable to properly gather the remote user for fd 4. Please make sure the remote node is running identd.
cmcheckconf -C /etc/cmcluster/rac.ascii
Begin cluster verification...
Internal error: Unable to open communications to configuration daemon: Not owner
Error: Unable to connect to configuration database.
Internal error: Unable to open communications to configuration daemon: No such file or directory
=======================================================================================
The errors were same on both the nodes.
I finally made a fix by starting the dameon /usr/lbin/identd after which I was able to start the cluster and make the packages up.
But I had checked that these daemons were not running before the installation of the patches.
identd service was required to start by my self and I could not find this in the Service Guard guide.
Could anyone help me out more on this and what would be a permanent fix for this so that It would not ask for the identd dameon or any suggestions/precautions as I would be going ahead of patching the same on remaining service gaurd machines.
Thanks in Advance
Solved! Go to Solution.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2007 03:56 AM
02-16-2007 03:56 AM
Re: SeriveGaurd not coming up after the Quality Pack Installation
Please take a read of th efollowing documents, as they may explain this a little better for you:
http://docs.hp.com/en/6283/SGsecurityfiles.pdf
http://docs.hp.com/en/5874/securingserviceguard_nov2005.pdf
http://docs.hp.com/en/6283/SGsecurityfiles.pdf
http://docs.hp.com/en/5874/securingserviceguard_nov2005.pdf
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2007 05:01 AM
02-19-2007 05:01 AM
Re: SeriveGaurd not coming up after the Quality Pack Installation
cmclconfd[11336]: Unable to connect to server 127.0.0.1 on port 113
... is an indication that the 'identd' service is not available to /etc/inetd.conf. Usually, the problem is with one of the following:
/etc/services does not properly list the identd daemon. At 11iv1, the line should look like:
ident 113/tcp authentication # RFC1413
A partner line should be present in /etc/inetd.conf:
ident stream tcp wait bin /usr/lbin/identd identd
If you must modify /etc/inetd.conf, remember to run 'inetd -c' to make inetd re-read the file.
... is an indication that the 'identd' service is not available to /etc/inetd.conf. Usually, the problem is with one of the following:
/etc/services does not properly list the identd daemon. At 11iv1, the line should look like:
ident 113/tcp authentication # RFC1413
A partner line should be present in /etc/inetd.conf:
ident stream tcp wait bin /usr/lbin/identd identd
If you must modify /etc/inetd.conf, remember to run 'inetd -c' to make inetd re-read the file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2007 11:03 PM
02-19-2007 11:03 PM
Re: SeriveGaurd not coming up after the Quality Pack Installation
Hello:
I had kind a same problem a weeks ago.
This quality pack updates de cmcld. ( you may do a what /usr/lbin/cmcld and see what patch is applyed )
There is speciall instructions to update this process with the patch the qpk includes. This patchs modifies the way SG access the nodes. It is using know identd.
What i do is to check with the what command, the path you have installed.
Find the patch in itrc and read carefully the speciall instructions.
There is a way to not to use the identd, adding a "-i" option in ited.conf.
I hope it helps
I had kind a same problem a weeks ago.
This quality pack updates de cmcld. ( you may do a what /usr/lbin/cmcld and see what patch is applyed )
There is speciall instructions to update this process with the patch the qpk includes. This patchs modifies the way SG access the nodes. It is using know identd.
What i do is to check with the what command, the path you have installed.
Find the patch in itrc and read carefully the speciall instructions.
There is a way to not to use the identd, adding a "-i" option in ited.conf.
I hope it helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2007 01:23 AM
02-20-2007 01:23 AM
Solution
I had the same problem.
Here's the fix:
1) On all nodes in ClusterA and ClusterB, as well as all
nodes that communicate with ClusterA and ClusterB,
verify that the sendmail product is installed with
a patch level of PHNE_28810 or later. The sendmail
product contains the identd binary, and patch
PHNE_28810 is the minimum patch level supported by
Serviceguard. Please note that Serviceguard does not
support the usage of the "-n" or "-N" command line
options of identd.
2) On all nodes in ClusterA and ClusterB, as well as all
nodes that communicate with ClusterA and ClusterB,
verify that identd is enabled. Although it will be
enabled by default when installing the sendmail
product, some customers may have turned this daemon off
or configured firewall rules that block TCP port 113.
This includes (but is not limited to) Serviceguard
Cluster Object Manager (COM) nodes used by Serviceguard
Manager for the monitoring, administration and
configuration of Serviceguard clusters.
3) Halt NodeA1: "cmhaltnode -f NodeA1".
4) Install this patch (PHSS_31071) and COM Patch
PHSS_31073 onto NodeA1.
5) Disable the Serviceguard identd functionality by
adding a "-i" option to the TCP cmclconfd and cmomd
command lines in /etc/inetd.conf.
The cmclconfd line should appear as:
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd \
cmclconfd -c -i
The cmomd line should appear as:
hacl-probe stream tcp nowait root \
/opt/cmom/lbin/cmomd /opt/cmom/lbin/cmomd -i -f \
/var/opt/cmom/cmomd.log -r /var/opt/cmom
6) Reload inetd: "/usr/sbin/inetd -c"
7) Run NodeA1: "cmrunnode NodeA1"
8) Perform steps 3, 4, 5, 6, and 7 on nodes NodeA2,
NodeB1, and NodeB2.
Here's the fix:
1) On all nodes in ClusterA and ClusterB, as well as all
nodes that communicate with ClusterA and ClusterB,
verify that the sendmail product is installed with
a patch level of PHNE_28810 or later. The sendmail
product contains the identd binary, and patch
PHNE_28810 is the minimum patch level supported by
Serviceguard. Please note that Serviceguard does not
support the usage of the "-n" or "-N" command line
options of identd.
2) On all nodes in ClusterA and ClusterB, as well as all
nodes that communicate with ClusterA and ClusterB,
verify that identd is enabled. Although it will be
enabled by default when installing the sendmail
product, some customers may have turned this daemon off
or configured firewall rules that block TCP port 113.
This includes (but is not limited to) Serviceguard
Cluster Object Manager (COM) nodes used by Serviceguard
Manager for the monitoring, administration and
configuration of Serviceguard clusters.
3) Halt NodeA1: "cmhaltnode -f NodeA1".
4) Install this patch (PHSS_31071) and COM Patch
PHSS_31073 onto NodeA1.
5) Disable the Serviceguard identd functionality by
adding a "-i" option to the TCP cmclconfd and cmomd
command lines in /etc/inetd.conf.
The cmclconfd line should appear as:
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd \
cmclconfd -c -i
The cmomd line should appear as:
hacl-probe stream tcp nowait root \
/opt/cmom/lbin/cmomd /opt/cmom/lbin/cmomd -i -f \
/var/opt/cmom/cmomd.log -r /var/opt/cmom
6) Reload inetd: "/usr/sbin/inetd -c"
7) Run NodeA1: "cmrunnode NodeA1"
8) Perform steps 3, 4, 5, 6, and 7 on nodes NodeA2,
NodeB1, and NodeB2.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2007 09:33 PM
02-22-2007 09:33 PM
Re: SeriveGaurd not coming up after the Quality Pack Installation
Hi,
Thanks all for your contribution.
I found this to be a new security feature added for the service gaurd where it requires identd be configured to achieve greater security.
I have decided for identd to run on the service gaurd servers and I will uncomment the identd entry in the inetd.conf which is commented out earlier and will include this in the server startup/shutdown scripts.
Do anyone think of disadvantage with identd and impact of this on any other system applications/services?
Thanks all for your contribution.
I found this to be a new security feature added for the service gaurd where it requires identd be configured to achieve greater security.
I have decided for identd to run on the service gaurd servers and I will uncomment the identd entry in the inetd.conf which is commented out earlier and will include this in the server startup/shutdown scripts.
Do anyone think of disadvantage with identd and impact of this on any other system applications/services?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP