Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1002778.1
Update Date:2012-05-17
Keywords:

Solution Type  Problem Resolution Sure

Solution  1002778.1 :   Sun StorageTek [TM] Common Array Manager (CAM) Reports a "Fault Management Service authentication communication error"  


Related Items
  • Sun Storage 6580 Array
  •  
  • Sun Storage 2540-M2 Array
  •  
  • Sun Storage 2510 Array
  •  
  • Sun Storage 6130 Array
  •  
  • Sun Storage 6180 Array
  •  
  • Sun Flash F5100 Array
  •  
  • Sun Storage 2540 Array
  •  
  • Sun Storage 6540 Array
  •  
  • Sun Storage 6780 Array
  •  
  • Sun Storage J4200 Array
  •  
  • Sun Storage J4400 Array
  •  
  • Sun Storage 2530 Array
  •  
  • Sun Blade 6000 System
  •  
  • Sun Storage 2530-M2 Array
  •  
  • Sun Storage Common Array Manager (CAM)
  •  
  • Sun Storage J4500 Array
  •  
  • Sun Storage 6140 Array
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>Disk Device Software>SN-DK: CAM
  •  
  • .Old GCS Categories>Sun Microsystems>Storage Software>Modular Disk Device Software
  •  

PreviouslyPublishedAs
203796


Applies to:

Sun Storage 2510 Array - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 2530 Array - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage J4500 Array - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 6130 Array - Version Not Applicable to Not Applicable [Release N/A]
Sun Blade 6000 System - Version Not Applicable to Not Applicable [Release N/A]
Oracle Solaris on SPARC (64-bit)
Oracle Solaris on x86-64 (64-bit)
OpenSolaris
***Checked for relevance on 15-June-2011***


Symptoms

If there is a problem with array registration in Solaris CAM, where it fails at Step 5 with the following error :

"A Fault Management Service authentication communication error occurred. For further information, refer to the Sun StorageTek[tm] Common Array Manager Release Notes."


and/or CAM is unable to display Alarms, reporting the error :

An Internal Error occurred. The CAM FMS engine may be in an invalid state.

and/or CAM reports the general error :

The CAM FMS engine may not be responding. Please contact your Technical Support Representative for assistance.

Check the console_debug_log file in the /var/log/webconsole/console directory to see if 401 errors are reported when attempting to connect to the FMS webserver, http://localhost:8654/ e.g. :

java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8654/rashttp?GO=Client::Config::getRenv&GO2=Client::Alarm::summary

or :

com.sun.netstorage.fm.storade.service.StoradeException: Error communicating with FMS. Details:java.io.IOException: Server returned HTTP response code: 401
for URL: http://localhost:8654/rascgi?GO=Client::Device::Insert&class=storage.6130&ip=se6130-ctlr-a&iplist=10.4.143.59&...



Cause

The Fault Management Service (FMS) is a separate part of CAM, and the control mechanism for FMS is via it's own webserver, running on port 8654. By default, for security reasons, the FMS webserver will only respond to local requests that contain a security token. The security token is only available on the local machine. If authentication fails, then an HTTP unauthorized 401 response code is returned.

To authenticate, FMS and Java Web Console (Lockhart) both need to be able to access the file :

/var/opt/SUNWsefms/IPC_Access

FMS accesses this file through a symlink :

/opt/SUNWsefms/var/IPC_Access


The file IPC_Access should contain :

peer:peer<generated-password>

The permissions and ownership for IPC_Access should be :

-rw------- 1 noaccess noaccess 49 Sep 1 16:33 IPC_Access


The ownership is "noaccess" because Java Web Console runs as the user "noaccess" by default.

A common cause of the 401 errors is that Java Web Console is running as a different user than "noaccess".

Solution

Check if Java Web Console is running as a different user than "noaccess".
In the file :

/etc/webconsole/console/status.properties

Look for the line :

username=noaccess

If this reports a different user than "noaccess", then the ownership of the IPC_Access file should be modified to match. This can be done with the "chown" and "chgrp" commands. For example, if the user has been changed to "nobody", then run the following commands :

chown nobody /var/opt/SUNWsefms/IPC_Access
chgrp nobody /var/opt/SUNWsefms/IPC_Access


To activate this change, both Java Web Console and FMS will need to be restarted.

To restart Java Web Console, run :

/usr/sbin/smcwebserver restart

To restart FMS run,

pre-Solaris 10 :

/opt/SUNWsefms/sbin/fmservice.sh restart

Solaris 10 :

/usr/sbin/svcadm restart fmservice


FMS security can also be completely disabled, by removing the file /opt/SUNWsefms/var/IPC_Access and then restarting Java Web Console and FMS. After doing this, no authentication is required by FMS.

WARNING : If FMS security is disabled, then it's possible for any user to access all of the FMS cli commands, without administrator privileges. This can be considered a security risk.




Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback