Solved

The server Computer is not reachable. Please check the network and the firewall

  • 10 July 2021
  • 9 replies
  • 12960 views

Badge +1

Hello,

Last for 4 days, i’m still have facing problem for install media agent at linux client (rhel 7.9), where the process installation at half process and stuck at “ Firewall Configuration “

“The server computer is not reachable. Please check the network and the firewall”

Info:

Commserv :V11sp20 FR55. (Windows 2019)

Client (rhel 7.9)

 

Telnet from Commserve to Client (Success)

Telnet from Client to Commserve (Success)

Ping both of them, status reply.

Any one can help me?

 

Regards

Nilles

icon

Best answer by Mike Struening RETIRED 16 August 2021, 23:41

View original

9 replies

Userlevel 5
Badge +8

Hi Nilles, 

Have you confirmed all the ports you are using are open.

Have a look in the cvfwd.log on the commserve and client for more information on what is happening to produce that error.

 

Please see the ports here https://documentation.commvault.com/commvault/v11/article?p=8572.htm. Also be aware that communication can be over dynamic higher ports. 

Could try configuring a 1way firewall to use a a tunnel port https://documentation.commvault.com/commvault/v11/article?p=7198.htm

 

Hope this helps. 

 

Badge +1

Hi Nilles, 

Have you confirmed all the ports you are using are open.

Have a look in the cvfwd.log on the commserve and client for more information on what is happening to produce that error.

 

Please see the ports here https://documentation.commvault.com/commvault/v11/article?p=8572.htm. Also be aware that communication can be over dynamic higher ports. 

Could try configuring a 1way firewall to use a a tunnel port https://documentation.commvault.com/commvault/v11/article?p=7198.htm

 

Hope this helps. 

 


Yes sir,  for Client MA and Commserver port 8400-8404 has open and add in the security group.

for cvfwd.log see the capture (as attachment) and also i have configure firewall tunnel port.

And still failed (same failed “ Firewall Configuration”)

 

 

Userlevel 5
Badge +8

Hi Nilles, 

I can see the log states that the nchatterflag is set to 1. If the nChatterFlag additional setting is set to 1, normal Communication and Connection testing will work properly but communication between MediaAgent or Client and the CommServe will continue to fail.

There is most likely a reason why this was set but this set to 1 will cause you issues. 

You can change the flag in additional settings.

It is recommended to stop Commvault services on the MediaAgent(s) and/or Client(s) before modifying additional settings.

  1. Check the nChatterFlag additional setting.
    • From the CommCell Browser, navigate to Client Computers.
    • Right-click the <Client> or MediaAgent, and then click Properties.
    • Click Advanced and then click Additional Settings tab.
    • Click Add.
    • In the Name box, type nChatterFlag.
    • The Category and Type fields are populated automatically.
    • In the Value box, type 0.

      This enables communication to the CommServe.

    • Click OK.
  2. Restart Commvault services.
Badge +1

Hi Nilles, 

I can see the log states that the nchatterflag is set to 1. If the nChatterFlag additional setting is set to 1, normal Communication and Connection testing will work properly but communication between MediaAgent or Client and the CommServe will continue to fail.

There is most likely a reason why this was set but this set to 1 will cause you issues. 

You can change the flag in additional settings.

It is recommended to stop Commvault services on the MediaAgent(s) and/or Client(s) before modifying additional settings.

  1. Check the nChatterFlag additional setting.
    • From the CommCell Browser, navigate to Client Computers.
    • Right-click the <Client> or MediaAgent, and then click Properties.
    • Click Advanced and then click Additional Settings tab.
    • Click Add.
    • In the Name box, type nChatterFlag.
    • The Category and Type fields are populated automatically.
    • In the Value box, type 0.

      This enables communication to the CommServe.

    • Click OK.
  2. Restart Commvault services.

Hi Sir,

Sorry for late give feedback, i’m done for add nChatterFlag additional setting at Commserver(after change, restart services) and the result still same at linux client.

1360 0550 07/10 07:28:37 ######## ######## nChatterFlag=1, nIgnoreChatterFlag=0, not creating persistent tunnels

1360 0550 07/10 07:30:27 TN:00003 ######## ERROR: cvfwd_outgoing_tunnel_startup_timeout(): Timed-out while waiting for outgoing tunnel to finish initialization.

[root@ibkpma05p10 Log_Files]#

There’s anyway to force change values nChatterFlag=0 at linux client before resume or start Installation? any path or directory?.

Thanks you & Regards

Nilles

Badge +1

Hi @Blaine Williams 

After change nChatterFlag both of MA and Commserver, here’s the status cvfwd.log for resume/re-start installation.

 

 

17122 42e2 07/10 23:54:41 ######## CN:00002 Dispatching commands, read_buflen=27

17122 42e2 07/10 23:54:41 ######## CN:00002 <= fd=34      AUTH_RESPONSE(23 AF 06 FC F9 69 DB CC 93 96 F2 ED 12 0D 01 A7)

17122 42e2 07/10 23:54:41 ######## CN:00002 Authentication succeeded

17122 42e2 07/10 23:54:41 ######## CN:00002 => fd=34      AUTH_CONFIRM

17122 42e2 07/10 23:54:41 ######## CN:00002 Dispatching commands, read_buflen=50

17122 42e2 07/10 23:54:41 ######## CN:00002 <= fd=34      CLNT_ASSIGN_UUID({155a18b0-25fa-f587-d1d2-eaa67cb3b2f8})

17122 42e2 07/10 23:54:41 ######## CN:00002 Assigning UUID {155a18b0-25fa-f587-d1d2-eaa67cb3b2f8}

17122 42e2 07/10 23:54:41 ######## CN:00002 Dispatching commands, read_buflen=52

17122 42e2 07/10 23:54:41 ######## CN:00002 <= fd=34      CLNT_CONNECT(8403*@@COMMSERVE@@*0, 8400, 8400, auto, auto)

17122 42e2 07/10 23:54:41 ######## CN:00002 Routing auto/auto connection to @@COMMSERVE@@:8400/8400

17122 42e2 07/10 23:54:41 ######## CN:00002 Trying to patch client ANY=>@@COMMSERVE@@:8400/8400 through one of the tunnels.

17122 42e2 07/10 23:54:41 ######## CN:00002 Client @@COMMSERVE@@ is reachable through proxy @@GATEWAY@@, but the tunnel toward it is not up yet.

17122 42e2 07/10 23:55:25 TN:00001 ######## ERROR: cvfwd_outgoing_tunnel_startup_timeout(): Timed-out while waiting for outgoing tunnel to finish initialization.

17122 42e2 07/10 23:55:25 TN:00001 ######## Resetting PERSISTENT tunnel from "ibkpma05p10" to "@@GATEWAY@@" via (10.7.1.100, 10.7.46.81)

17122 42e2 07/10 23:55:25 TN:00001 ######## Destroying tunnel SSL/TLS

17122 42e2 07/10 23:55:41 ######## CN:00002 EOF in fd=34.

17122 42e2 07/10 23:55:41 ######## CN:00002 Application closed its end of connection

17122 42e2 07/10 23:55:41 ######## CN:00002 Putting a curse on socket fd=34

17122 42e2 07/10 23:55:41 ######## CN:00002 Finishing cursed socket fd=34

17122 42e2 07/10 23:55:41 ######## CN:00002 Deleting client for socket fd=34

17122 42e2 07/10 23:55:41 ######## CN:00002 Deleting client

17122 42e2 07/10 23:55:51 ######## ######## Killed, signal SIGTERM...

 

Userlevel 5
Badge +8

Hi Nilles, 

seems there is a communication issue there and something is stopping the traffic somewhere. 

We would need more logs to investigate, client logs, CS logs and wireshark trace from Commserve and network trace from this linux machine. 

If you could raise a ticket with all of the above we can help further. Please also pop the ticket number here so it can be tracked and we can then update this thread witht he answer. 

 

 

Userlevel 7
Badge +23

Hey @Nilles , can you share the case number so I can track it accordingly?

Thanks!

Userlevel 7
Badge +23

@Nilles , following up on this thread.  Did you get an incident created (or resolve the issue)?  I don’t see one on our end.

Thanks!

Userlevel 7
Badge +23

Found the case and resolution:

--> Customer has reported that there are multiple failed attempts in the archive index phase of the job ID 186.
--> Reviewed the logs for Job 186 and could see there are timed-out errors while connecting to Commserve.
--> Due to this, we could see multiple failed attempts in the archive index phase "CCVAPipelayer::StartPipeline() - Failed to initiate pipeline".

Solution:

--> Created a one-way firewall between the MA and Commserve.
--> This one-way firewall will create a persistent tunnel between the CS and the MA.
--> One-way tunnels are persistent tunnels that send a keepalive packet every 5 minutes so that the connection is never terminated.
--> New backup job was kicked off and it got completed successfully, customer confirmed to close the case.

Reply