I would recommend breaking down the communication problem into smaller pieces, ordered chronologically.
A connection goes through the following process and protocols:
- DNS: Look up remote host name in DNS
- TCP: Connect to the remote host
- TLS: Optionally negotiate transport layer security
- APP: Authenticate to the remote system
Check if each process is successful and returns the expected result.
For DNS, check if the IP address the expected one. Use tools like nslookup or dig. Request both A (IPv4) and AAAA (IPv6) records. Check if "resolving" based on the "hosts" file (/etc/hosts)?
For TCP, check if the network connection is successful. Use tools like nc (netcat), ncat, telnet. If connection is failing then check if the remote system is actually listening on the desired port. Check remote system firewall. Check network path using a tool like traceroute and compare ICMP-based traceroute to TCP-based traceroute on the desired port to see if an intermediate firewall is blocking the connection.
For TLS, check the remote certificate. Use a tool like "openssl s_client" to connect to the remote system and negotiate TLS. Check for certificate validation errors.
For APP, check that the login credentials still work. Use the appropriate tool to connect and authenticate to the remote service, e.g. ldapsearch for LDAP-based policy stores or a database-specific tool. Alternatively, use Policy Server tools like smldapsetup or odbctest in the Policy Server's "bin" directory.
You can really start at any point in the process and "bisect" the problem. For example, you can start at the TLS stage. If the TCP connection fails and TLS is never attempted, then troubleshoot the TCP side. If TLS seems successful, then troubleshoot the APP (authentication) side.
Hope this helps,
Brian Dyson
------------------------------
Security Integration & Adoption, Software Architect
Broadcom
------------------------------
Original Message:
Sent: 11-19-2020 02:55 AM
From: Naresh Reddy
Subject: policy server not communicationg policy store
Hi
SMPS.logs showing policy server not communicating policy store, what are the reason, how to fix this issue.
how to communicating policy server and policy store.
Regards,
Naresh