Solved: Hi, I thing this might be it.

bufycisco77 · ‎04-17-2015

Hi Guys,

I have a strange issue with Iron port cluster.

Everything is working fine, but I would like to know if this is anything to be worried about.

We are getting this error messages :

Re: Warning <System> ironport1.company.com: Error connecting to cluster machine ironport2.company.com

Error connecting to cluster machine ironport2.company.com (Serial #: 000000000000000) at IP 172.16.3.112 - Connection failure - 000000000000 -> ironport2.company.com: Serial number 000000000000000 not present in cluster.
Last message occurred 61 times between Tue Apr 14 10:44:45 2015 and Tue Apr 14 11:44:46 2015.
Version: 8.0.1-023

when connected to devices and do LIST and CONNSTATUS command I am getting this:

ironport1

AsyncOS 8.0.1 for Cisco IronPort C370 build 023
Welcome to the Cisco IronPort C370 Messaging Gateway(tm) Appliance

[]> CONNSTATUS

Cluster compcluster
===================
Group Main_Group:
    Machine ironport1.company.com (Serial #: 000000000000)
        Machine ironport2.company.com (Serial #: 000000000001)
- disconnected: 000000000000 -> ironport2.company.com: Serial
number 000000000000 not present in cluster. (Fri Apr 17 11:18:04 2015
IST)
    Machine ironport2.company.com (Serial #: 000000000000) -
disconnected: 000000000000 -> ironport2.company.com: Serial number
000000000000 not present in cluster. (Fri Apr 17 11:18:04 2015 IST)

Cluster compcluster
Cluster compcluster
===================
Group Main_Group:
Machine ironport1.company.com (Serial #: 00000000000000000000)
Machine ironport2.company.com (Serial #: OOOOOOOOOOOOOOOOOOO1)

ironport2
AsyncOS 8.0.1 for Cisco IronPort C170 build 023
Welcome to the Cisco IronPort C170 Messaging Gateway(tm) Appliance

[]> CONNSTATUS
Cluster compcluster
===================
Group Main_Group:
Machine ironport1.company.com (Serial #: 00000000000000000000) -
disconnected: unknown (Fri Apr 17 11:22:58 2015 IST)
Machine ironport2.company.com (Serial #: 00000000000000000000)

[]> LIST
Cluster compcluster
===================
Group Main_Group:
Machine ironport1.company.com (Serial #: 00000000000000000000)
Machine ironport2.company.com (Serial #: 00000000000000000000)

Looks like devices can NOT communicate with each other although they can ping each other by name and IP no problem.

I have tried to DISCONNECT and RECONNECT to cluster but no success. All seems to be working fine and I search internet for some answers but no luck. Did anybody came across this error?

Thanks

Martin

stsiarno · ‎04-18-2015

Hi,

Please check if "Centralized Management" feature keys are active with "featurekey" CLI command.

View solution in original post

stsiarno · ‎04-20-2015

Hi Martin,

This feature key should be active on all machines in the cluster.

Re >>> "One of them was replaced and this could the case that license was not re hosted ?"

If it is RMAed appliance there should be a guidance included explaining how to move licenses from old to new ESA.

Re >>> "I did not this is a feature you need the license for ?"

Starting from AsyncOS 8.5.6 feature key is not needed for Centralized Management anymore.

Re >>> "I assume both of them have to have it, is it right ?"

Yes, it is correct for version 8.0.1.

Thanks,

Stas

View solution in original post

stsiarno · ‎04-18-2015

Hi,

Please check if "Centralized Management" feature keys are active with "featurekey" CLI command.

bufycisco77 · ‎04-20-2015

Hi,

I thing this might be it. One of them was replaced and this could the case that license was not re hosted ?

One of them has it:

[]> CHECKNOW

No new feature keys are available.

Module                              Quantity   Status     Remaining   Expiration Date
Centralized Management              200        Active     222 days    Sun Nov 29 09:05:02 2015
IronPort Email Encryption           1          Dormant    30 days     Wed May 20 10:59:04 2015
IronPort Anti-Spam                  200        Active     222 days    Sun Nov 29 09:05:02 2015
Sophos Anti-Virus                   200        Active     222 days    Sun Nov 29 09:05:02 2015
Bounce Verification                 1          Dormant    Perpetual   N/A
Incoming Mail Handling              1          Active     Perpetual   N/A
Outbreak Filters                    200        Active     222 days    Sun Nov 29 09:05:02 2015
McAfee                              1          Dormant    30 days     Wed May 20 10:59:04 2015

the other one is missing this :

[]> CHECKNOW

No new feature keys are available.

Module                              Quantity   Status     Remaining   Expiration Date
RSA Email Data Loss Prevention      1          Dormant    30 days     Wed May 20 10:58:11 2015
Incoming Mail Handling              1          Active     Perpetual   N/A
IronPort Email Encryption           1          Dormant    30 days     Wed May 20 10:58:11 2015
Bounce Verification                 1          Dormant    Perpetual   N/A
McAfee                              1          Dormant    30 days     Wed May 20 10:58:11 2015

I did not this is a feature you need the license for ?

I assume both of them have to have it, is it right ?

Thanks

Martin

stsiarno · ‎04-20-2015

Hi Martin,

This feature key should be active on all machines in the cluster.

Re >>> "One of them was replaced and this could the case that license was not re hosted ?"

If it is RMAed appliance there should be a guidance included explaining how to move licenses from old to new ESA.

Re >>> "I did not this is a feature you need the license for ?"

Starting from AsyncOS 8.5.6 feature key is not needed for Centralized Management anymore.

Re >>> "I assume both of them have to have it, is it right ?"

Yes, it is correct for version 8.0.1.

Thanks,

Stas

bufycisco77 · ‎04-21-2015

Thank you all guys, much appreciated

I know what to do now to fix it.

Regards

Martin

ironport cluster issue. C370 and C170 ver 8.0.1- 023