Connection lost to idsm blade

jodr · ‎10-27-2003

Since half a week, we are experiencing connection troubles to one our idsm blades. After a reset, the blade is functioning properly during the day. However, when we return in the morning the next day, we don't have any connection anymore to our blade. It even doesn't respond to pings anymore. No console session possible, also. So the only possibility is to power down the module and power up. The only thing we do, is applying the signature updates. But we have been doing this on the other blade without any problems there.

We have no specific logging. The only thing we see in the logging of the switch, is the power up of the blade.

Thanks for help.

Johan Derycke.

jstewart · ‎10-27-2003

I am having the same problem on one of my IDSM2 blades and I was about to open a TAC case. Most of the time shutdown and reset don't work. Sometimes power down and up works. Sometimes removing the blade and reinserting it works, and somtimes I've had to reinstall all of the software. Does anyone have any ideas on how to view error information, system logs, etc.

jodr · ‎11-06-2003

Hi,

Our problem has been solved by installing patch IDS-K9-patch-4.1-1b.rpm.pkg . Our Idsm-2 module is now stable for a couple of days. It is still in observation, but it seems good.

Regards,

Johan.

marcabal · ‎11-06-2003

FYI:

The 4.1(2)S58 Service Pack containing these fixes in an official build has just been released.

IDS-K9-sp-4.1-2-S58.rpm.pkg

The fixes in the 4.1(1b) engineering patch are incorporated into the 4.1(2) service pack along with other fixes.

The announcement should come out later today.

jodr · ‎11-14-2003

Hello,

I'm sorry I somehow missed this reply. However this answer is very important, because it is related to two of our current problems.

First of all, I have to withdraw my statement that the issue of the instability of the IDSM-2 blade was solved by applying the engineering built. We still encounter the same problem ; we had to do a couple of resets this week.

So I waited to apply this service pack, because we have another issue that came up by applying this service pack to our IDS MC. I did apply this service pack to four of our sensor appliances without a problem. But on the IDS MC, we don't have any access anymore to the IDS MC and security monitor. Here is the description of the problem :

On Friday the 7th, I did the upgrade of four of our appliance IDS sensors. No problem. Afterwards I did the upgrade on the IDS MC and at the next logon, I did't have any access anymore to IDS MC and Security Monitor :

'You are not authorized to request the Action associated with screenID: "/s510"' or 'You are not authorized to request the Action associated with screenID: "/s550"' depending on the screen I want to access.

Now there seems to be an issue with authentication via ACS (TACACS+) in combination with fall-back to CS local authentication. However disabling fall-back or ACS doesn't solve the problem. Before this upgrade we didn't have this problem (of course).

We are talking to our supplier and a case has already been opened, but after a week, we don't have a solution yet.

This is really urgent, because we don't have any access to our events anymore.

The IDS MC still is generating reports and sending emails to us. So it's a pure access problem, I think.

Rather peculiar is that we can't change also the AAA server in the VMS (IDS MC) administration. It always wants to check with a TACACS+ server even if we configured the CS local authentication in the CS security setup.

So we are really blocked now in our implementation of the IDS setup !

Best regards,

Johan Derycke.

kristianaasen · ‎01-13-2004

Hey guys.

Are you still having these problems? I'm currently having somewhat the same problem on our IDSM2 module. Problem I was told by TAC, is that the box will not respong to logins, possibly due to a service failure. I was told to try the 4.1-3b patch, but this has not helped.

Would be great if anyone could give me some feedback if you have been able to solve the problem.

Regards

Kristian Aasen

jodr · ‎01-13-2004

Hi,

Indeed, we still have the same problems. For the instability of the IDSM-2 module, we have decided to ask for an advanced replacement. It seems that our problem could be related to problems on the harddisk. As far as I can tell, most of the times we get this error at startup after a hangup :

IdsEventStore/W errWarning Event store circular buffer may be in an invalid state, recovering ...

Concerning the access problem to IDS MC after the 4.1.2-s58 upgrade, we still use the workaround of setting the VMS AAA server to CS local and keep on using TACACS+ for logging into CS Common Services. However we still have to do the normal procedure of synchronising the VMS AAA server with the setting in Common Services and then the setting should jump again to ACS.

Regards,

Johan.

jodr · ‎03-18-2004

End of februari, our replaced blade was not communicating anymore and it wouldn't even startup anymore. So we tried another slot ; no use. So we asked a third replacement, put it in the same slot and were able to configure it properly. However after one hour, this blade stopped communicating also and we were - again - not able to restart it. Interesting to know was that there were already a couple of minor hardware errors. So we got a fourth blade and we installed it directly into another slot of our 6k swith and now the blade is already running stable for a couple of weeks. So we are suspecting the slot in the switch now. The switch will probably have to be replaced.

We still don't have a solution for our authentication in the ids mc. Even on a second fresh installed management station we have the same phenomenom.