Header Only - DO NOT REMOVE - Extreme Networks

Dragon 7.5.0.95 HIDS client cannot connect to EMS server


I have a 7.5.0.95 Dragon EMS server and sensors. One sensor (HIDS running on Linux) shows the Event Channel down in the reporting dashboard, and the management client shows it unable to communicate. The HIDS sensor keeps logging "[net-cfg-client (25650)]: Could not connect: Connection timed out." What should I look at to fix this issue? I've got other sensors working just fine, this is my odd box.

17 replies

Userlevel 2
Hi David. Thank you for posting your question to the community. I will get one of our GTAC folks involved and see if we can resolve your issue. Have you logged a trouble ticket for this situation?
Thanks for the response. I haven't logged a ticket yet. I keep thinking the solution is just around the corner and it's just a config error.
Userlevel 2
Hi David, Thanks for mailing in. Its sounds like there is some difficulty making a connection between the two systems on both the configuration and event channels. Could you confirm by running this on the Host sensor? #netstat -antuv | grep 911 We would be looking for Established back to the server for 9111 and 9112 if all was ok.
I have established connections on 9111 and 9112. I get heartbeats and system health info. In the EMS client, it shows the sensor needs to be deployed, which fails. But, it's listed as working (green checkmark). I've checked to make sure the shared secret is listed as correct too. It all looks connected, but isn't listed as up.
Userlevel 2
Hi Could we shutdown the software on the HIDS? (dragon-shutdown.sh) then check to make sure the .net-cfg-client.lock is removed from the ~/dragon/bin directory. If not, please remove it manually and then restart. The 9111 channel is responsible the configuration pushes so perhaps there is a disconnect between the software and the operating system. What version of Linux is the Host? 64 or 32 bit? Thanks
Shutdown removed the lock. No problem there. The HIDS sensor is RHEL5.9 32 bit. FWIW, all sensors connect sensor-to-server.
Userlevel 2
When the software was restarted, did it establish a connection on 9111? Also if you again for this connection a minute later do you see the local high port changing? This would indicate a constant reconnection taking place. root@snowman:/opt/dragon/bin# netstat -antuv | grep 9111 tcp 0 0 10.58.24.77:50848 10.58.24.88:9111 ESTABLISHED In the above example, 50848, is the local high port. Can you deploy to this sensor at this time? Thanks Jeff
The HIDS sensor does reconnect to port 9111, but I don't see the local high port changing. The netcfgclient.log file continues to log connection timed out error messages too. No other errors in any other log files.
Userlevel 2
Hi, Since it is not breaking the tcp connection and there are timeout messages it may relate to the network and the bandwidth available to us. Can you run some test with large file transfers via Winscp or another tcp based application? Thanks Jeff
I was able to upload the Dragon client install pack just fine over scp. It's a remote location and was slow, but it didn't fail.
Userlevel 2
Hi, We still may be having an issue with the "distance" and the protocol involved. If you would like we could run a remote desktop sharing session and look over the installation together. Thanks Jeff
Userlevel 2
Thanks for continuing to work with our GTAC group to resolve this question David. If you or Jeff could just post the results of your desktop share when it occurs, the rest of the community would appreciate knowing your resolution. Thank you!
Jeff, Tamera: Desktop share will not happen. I've uninstalled and reinstalled the client, even tried to switch the encryption. I'm left with the feeling I'm overlooking something.
Userlevel 2
Hi David, We would be happy to work on this with you until it is resolved. Due to the nature of the issue we may need to place some processes in debug mode and obtain some supporting log data. For this reason please feel free to call into the support department, 1-800-872-8440, and we will happily create a service ticket with you. Thanks Jeff
Userlevel 2
Hi David, where you able to get a satisfactory response to this issue? Please let us know if you are still having an issue. Thank you!
We experienced an unrelated system problem. I ended up re-installing the EMS server from scratch. Unfortunately, the problem did not go away.

I'm waiting to get information related to my customer's support renewal. It's been in the pipeline for quite a while, but spending was temporarily restricted.
Userlevel 2
David, were you able to log a trouble ticket with GTAC to solve this issue?

Reply