Symantec IGA

 View Only

  • 1.  Error prompted when adding unix endpoint through provisioning manager

    Posted Apr 12, 2023 04:46 AM

    Hi All,

    Could anyone assist on below error (from jcs logs) when we trying to add unix endpoint through provisioning manager.

    2023-04-10 13:23:55,465 47723641 [ApacheDS Worker-thread-66] UNIX_v2_ (UnixServerSessionImpl.java:179) ERROR  -  IOException, while connecting to endpoint server: Cannot read full block, EOF reached.
    java.io.IOException: Cannot read full block, EOF reached.
        at ch.ethz.ssh2.crypto.cipher.CipherInputStream.getBlock(CipherInputStream.java:90)[162:com.ca.jcs.unix:1.1.0.20210219]
        at ch.ethz.ssh2.crypto.cipher.CipherInputStream.read(CipherInputStream.java:119)[162:com.ca.jcs.unix:1.1.0.20210219]
        at ch.ethz.ssh2.transport.TransportConnection.receiveMessage(TransportConnection.java:256)[162:com.ca.jcs.unix:1.1.0.20210219]
        at ch.ethz.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:413)[162:com.ca.jcs.unix:1.1.0.20210219]
        at ch.ethz.ssh2.transport.TransportManager.access$400(TransportManager.java:44)[162:com.ca.jcs.unix:1.1.0.20210219]
        at ch.ethz.ssh2.transport.TransportManager$1.run(TransportManager.java:219)[162:com.ca.jcs.unix:1.1.0.20210219]
        at java.lang.Thread.run(Unknown Source)[:1.8.0_201]
    2023-04-10 13:23:55,481 47723657 [ApacheDS Worker-thread-66] UNIX_v2_ (UnixServerSessionImpl.java:286) ERROR  -  LdapServiceUnavailableException: Cannot read full block, EOF reached.
    org.apache.directory.shared.ldap.exception.LdapServiceUnavailableException: Cannot read full block, EOF reached.

    Thanks,
    Atifah



  • 2.  RE: Error prompted when adding unix endpoint through provisioning manager

    Posted Apr 13, 2023 02:11 AM

    Hi,

    Anyone have encounter this error when try to register through provisioning manager? Did clarify with the server owner and the device is up and running fine.

    Thanks,
    Atifah


    Original Message


  • 3.  RE: Error prompted when adding unix endpoint through provisioning manager

    Posted 3 days ago
    Edited by Alan Baugher 3 days ago

    Hi Atifah,

    The IGA Unix connector v2 uses the JCS (Java Connector Server) to open a SSH tunnel to the Unix hosts.   If there is a banner or other solution deployed on the Unix host, it is possible they may be impacting the ssh login process, which may impact how the IMPS server is able to interpret information from the unix endpoint.

    To assist with troubleshooting, besides the JCS debug log (as the ssh client), you can enable debug on the Unix host for the SSHD service (server side).

    Example:

    • /etc/ssh/sshd_config
    • Add the following configuration to the file:
      LogLevel DEBUG3


      Restart the SSHD service, and monitor the login process.   You may wish to use putty to login as the 'clean' test to compare with jcs.

      If you need to go deeper into troubleshooting, you will need to leverage a proxy to view ssh traffic, or use a "force-command" in your remote service ID's .ssh/authorized_keys file to capture the sshd traffic exactly with the Unix command "script"


    Example of recording your ssh session with Unix script.

    On the vApp, using the config service ID, generate a new SSH key, then edit the .ssh/authorized_keys file.

    Below is a modified version of the script provided by John Simpson to trace any remote SSH session using the 'config' service ID on the vApp.

    Please note, this can generate a large log file if you are using a SSH client such as MobaXterm, that has the monitoring process auto-enabled (toolbar - using background process after you ssh into your host).

    Regards,



    ------------------------------
    Alan Baugher
    ANA
    ------------------------------

    Original Message


  • 4.  RE: Error prompted when adding unix endpoint through provisioning manager

    Broadcom Employee
    Posted 22 days ago

    Hi Atifah
    Please confirm the exact version and CP you are running.
    Thank you
    Rinat


    Original Message