Before troubleshooting issues with older versions of the Manager software, it is recommended that you upgrade to the latest version of the application.
user information file is missing or corrupt
This error message can appear in the Agent log file when the Signiant Process Control service fails to start after a Manager upgrade.
Note: This issue can also affect some Managers.
To resolve the issue:
In your terminal, navigate to <install directory>/security/server/
.
Delete the userInfo
file.
Start the Signiant Process Controller service.
Linux/macOS: Run siginit start
(e.g. /usr/signiant/dds/init/siginit start sigagent
).
Windows: Open the System Settings and use the Services tool to start the Process Controller.
If the problem persists:
dds_admin
utility.cachepw root <root password>
dds_admin
program: quit
9021 This agent does not permit any relay operations.
54034 The attempt to connect to agent (<agent.domain.com>) has failed.
Some Agent properties are not available for editing. Administrative session request failed.
These errors can appear if an Agent attempts to resolve to the IP address of another Agent on the network and cannot connect.
You can correct this error in the DNS or modify the Agent's hosts file so that the hostname resolves to the correct IP address.
Alternatively, the Agent or the Manager can be configured to communicate with the destination Agent using a relay.
Connection request rejected: Too many simultaneous relays
If there is an Agent where the IP address resolves to the server, but the Agent does not know itself as that hostname, the connection request results in a relay loop. The loop runs 127 times, the maximum number of possible relay hops, and occurs with every transfer. The looping can be seen in the dds_udp_relay
log.
Connection request rejected: Too many simultaneous connections
This error is displayed when more than 16 SSL connections attempting to establish concurrently. This issue can appear when Agents and relays are in load balanced configurations. In this case, SSL connections are partially set up between the source and all possible targets, using all available paths through the specified relay Agents. With pairs or multiples of Agents/relays, and multiple DMZ levels, the number of concurrent SSL setups through relays grows exponentially, until it surpasses the simultaneous connections that are allowed.
The grant or password for '%dds_default_user% on <target agent> is unavailable
Running a connection test dds_cnctst
fails with the error message:
Log on as a batch job
These error messages can appear upon job failure on some Windows Agents when the user requires permission to Log on as a batch job. You must grant the user access in the Local Security Policy.
Note: If this is a domain account, the change must be made to the Domain Security Policy.
To change the Local Security Policy:
Log on as a batch job
, open Properties and add any users that require this permission.UDP transport select error for communicating with <agent>: An established connection was aborted by the software in your host machine
This error message can appear upon failure of a UDP transfer because the MTU (maximum transmission unit) and/or the MSS (maximum segment size) is set too low to allow larger packets. For UDP transfers to succeed, the network path must allow a MTU of 1500 bytes and a MSS of 1460 bytes.
Agents typically send packets with a data payload of 1438 bytes, but they also send smaller packets. One indication that the MTU and/or MSS is set too low is that smaller payload packets will pass between Agents while larger packets are dropped.
Where MTU/MSS are below default levels for firewalls, routers, and clients, you can set them manually.
You can determine your MTU and MSS settings by the following methods:
Using iperf, begin with a data payload of 687 bytes and increase the payload until failure
Running a connection speed test to identify your MTU, MSS, and other TCP/IP parameters
Using ping to return the max packet size
Linux: ping -M do -s <size in bytes> -c 4 <host>
Windows: ping -f -l <size in bytes> <host>
Increase the packet size until you see an error message:
Linux: Frag needed and DF set (mtu = XXXX)
Windows: Packet needs to be fragmented but DF set
Note: If the MTU is set sufficiently high, you should reach a payload size of 1472 bytes.
Prototypejava.sql.SQLException: File input/output error: java.io.IOException: org.hsqldb.HsqlException: Unexpected token:
This error message can appear in the Agent's logs if the external job monitor configuration files are corrupted.
To rebuild the configuration files:
In the terminal on the Agent, run the dds_admin
utility.
Linux: /usr/signiant/dds/bin/dds_admin
Windows: C:\Program Files\Signiant\Mobilize\bin\dds_admin
Delete the protocol: delprotocol event
Note: Leave dds_admin
running. You will return to it in Step 5.
Make a backup of the conf
and embedded-db
directories on the Agent:
<install directory>\bin\prtcl_servers\conf
<install directory>\bin\prtcl_servers\embedded-db
Copy the conf
and embedded-db
directories on the Manager to the Agent, overwriting the Agent directories.
<install_directory>\stage\<agent platform>\prtcl_servers\conf
<install_directory>\stage\<agent platform>\prtcl_servers\embedded-db
Return to the dds_admin
utility on the Agent and add the protocol : addproto event port=5222
Exit the dds_admin
program: quit
Return to your Manager and re-enable the external job monitor on the Agent by right-clicking on the Agent and selecting the Monitor option.