Sun Storage 6580 Array
 
Sun Storage 2540-M2 Array
 
Sun Storage 2510 Array
 
Sun Storage 6130 Array
 
Sun Storage 6180 Array
 
Sun Flash F5100 Array
 
Sun Storage 2540 Array
 
Sun Storage 6540 Array
 
Sun Storage 6780 Array
 
Sun Storage J4200 Array
 
Sun Storage J4400 Array
 
Sun Storage 2530 Array
 
Sun Blade 6000 System
 
Sun Storage 2530-M2 Array
 
Sun Storage Common Array Manager (CAM)
 
Sun Storage J4500 Array
 
Sun Storage 6140 Array
 

PLA-Support>Sun Systems>DISK>Disk Device Software>SN-DK: CAM
 
.Old GCS Categories>Sun Microsystems>Storage Software>Modular Disk Device Software
 

Applies to:

Symptoms

If there is a problem with array registration in Solaris CAM, where it fails at Step 5 with the following error :

"A Fault Management Service authentication communication error occurred. For further information, refer to the Sun StorageTek[tm] Common Array Manager Release Notes."

and/or CAM is unable to display Alarms, reporting the error :

An Internal Error occurred. The CAM FMS engine may be in an invalid state.

and/or CAM reports the general error :

The CAM FMS engine may not be responding. Please contact your Technical Support Representative for assistance.

Check the console_debug_log file in the /var/log/webconsole/console directory to see if 401 errors are reported when attempting to connect to the FMS webserver, http://localhost:8654/ e.g. :

java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8654/rashttp?GO=Client::Config::getRenv&GO2=Client::Alarm::summary

or :

com.sun.netstorage.fm.storade.service.StoradeException: Error communicating with FMS. Details:java.io.IOException: Server returned HTTP response code: 401
for URL: http://localhost:8654/rascgi?GO=Client::Device::Insert&class=storage.6130&ip=se6130-ctlr-a&iplist=10.4.143.59&...

Cause

The Fault Management Service (FMS) is a separate part of CAM, and the control mechanism for FMS is via it's own webserver, running on port 8654. By default, for security reasons, the FMS webserver will only respond to local requests that contain a security token. The security token is only available on the local machine. If authentication fails, then an HTTP unauthorized 401 response code is returned.

To authenticate, FMS and Java Web Console (Lockhart) both need to be able to access the file :

/var/opt/SUNWsefms/IPC_Access

FMS accesses this file through a symlink :

/opt/SUNWsefms/var/IPC_Access

The file IPC_Access should contain :

peer:peer<generated-password>

The permissions and ownership for IPC_Access should be :

-rw------- 1 noaccess noaccess 49 Sep 1 16:33 IPC_Access

The ownership is "noaccess" because Java Web Console runs as the user "noaccess" by default.

A common cause of the 401 errors is that Java Web Console is running as a different user than "noaccess".

Solution

Check if Java Web Console is running as a different user than "noaccess".
In the file :

/etc/webconsole/console/status.properties

Look for the line :

username=noaccess

If this reports a different user than "noaccess", then the ownership of the IPC_Access file should be modified to match. This can be done with the "chown" and "chgrp" commands. For example, if the user has been changed to "nobody", then run the following commands :

chown nobody /var/opt/SUNWsefms/IPC_Access
chgrp nobody /var/opt/SUNWsefms/IPC_Access

To activate this change, both Java Web Console and FMS will need to be restarted.

To restart Java Web Console, run :

/usr/sbin/smcwebserver restart

To restart FMS run,

pre-Solaris 10 :

/opt/SUNWsefms/sbin/fmservice.sh restart

Solaris 10 :

/usr/sbin/svcadm restart fmservice


FMS security can also be completely disabled, by removing the file /opt/SUNWsefms/var/IPC_Access and then restarting Java Web Console and FMS. After doing this, no authentication is required by FMS.

WARNING : If FMS security is disabled, then it's possible for any user to access all of the FMS cli commands, without administrator privileges. This can be considered a security risk.

This solution has no attachment