Solved: Warning <System> ironport.company.com: Error connecting to cluster

Michael Donaldson · ‎01-26-2016

Hi,

Could someone please shed some light on the meaning of the following warning message. I've check the cluster status (two C170's) and everything is sync'd and communicating.

The Warning message is:

Error connecting to cluster machine company.com (Serial #:XXXX-0000) at IP Y.Y.Y.Y - Existing connection dropped - Unexpected error: ('connection/channel.py open|223', "<class 'ssh.connection.channel.Channel_Open_Error'>", "Channel ID 255 Open Error: 1 (administratively prohibited): 'open failed'", '[cluster/cluster_command_client.py safe_call|338] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11760)|1099] [cluster/cluster_command_client.py connect|281] [connection/channel.py open|223]')

Version: 9.7.0-125

Serial Number: XXXX-0000

(Cluster MX)> clustercheck

No inconsistencies found on available machines.

Thanks,

Mike.

Robert Sherwin · ‎01-26-2016

Known and seen defect:

https://tools.cisco.com/bugsearch/bug/CSCzv91435/?referring_site=bugquickviewredir

Symptom:
When accessing GUI data on a remote clustered machine, the following error message can be generated:

Error connecting to cluster machine smtp1.example.com (Serial #: 123456789012-ABCD123) at IP 10.20.30.1 - Existing connection dropped - Unexpected error: ('connection/channel.py open|223', "";, "Channel ID 41 Open Error: 1 (administratively prohibited): 'open failed'", '[cluster/cluster_command_client.py safe_call|338] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11759)|1099] [cluster/cluster_command_client.py connect|281] [connection/channel.py open|223]')

Conditions:
Accessing GUI data on a remote clustered machine

Workaround:
None

Can you tell me if you have both CCS and SSH enabled for the IP address that the cluster connects over? Also - how is the cluster setup ---- using just SSH, or is CCS used?

-Robert

Cheers,
Robert Sherwin

View solution in original post

Robert Sherwin · ‎01-26-2016

Known and seen defect:

https://tools.cisco.com/bugsearch/bug/CSCzv91435/?referring_site=bugquickviewredir

Symptom:
When accessing GUI data on a remote clustered machine, the following error message can be generated:

Error connecting to cluster machine smtp1.example.com (Serial #: 123456789012-ABCD123) at IP 10.20.30.1 - Existing connection dropped - Unexpected error: ('connection/channel.py open|223', "";, "Channel ID 41 Open Error: 1 (administratively prohibited): 'open failed'", '[cluster/cluster_command_client.py safe_call|338] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11759)|1099] [cluster/cluster_command_client.py connect|281] [connection/channel.py open|223]')

Conditions:
Accessing GUI data on a remote clustered machine

Workaround:
None

Can you tell me if you have both CCS and SSH enabled for the IP address that the cluster connects over? Also - how is the cluster setup ---- using just SSH, or is CCS used?

-Robert

Cheers,
Robert Sherwin

Michael Donaldson · ‎01-26-2016

Hi Robert,

Thanks for the quick response. Both SSH and CCS are enabled on our management (inside) interfaces.

How can I verify which protocol is being used for the cluster setup? I would have through 'clusterconfig -> CONNSTATUS' however this output is exactly the same as the 'LIST' command.

Mathew Huynh · ‎01-27-2016

Hey Michael,

You can verify which protocol is being used through the following:

(Machine c370.lab)> clusterconfig

This command is restricted to "cluster" mode. Would you like to switch to "cluster" mode? [Y]>

Cluster Test_cluster

Choose the operation you want to perform:
- ADDGROUP - Add a cluster group.
- SETGROUP - Set the group that machines are a member of.
- RENAMEGROUP - Rename a cluster group.
- DELETEGROUP - Remove a cluster group.
- REMOVEMACHINE - Remove a machine from the cluster.
- SETNAME - Set the cluster name.
- LIST - List the machines in the cluster.
- CONNSTATUS - Show the status of connections between machines in the cluster.
- COMMUNICATION - Configure how machines communicate within the cluster.
- DISCONNECT - Temporarily detach machines from the cluster.
- RECONNECT - Restore connections with machines that were previously detached.
- PREPJOIN - Prepare the addition of a new machine over CCS.
[]> communication

Should all machines in the cluster communicate with each other by hostname or by IP address?
1. Communicate by IP address.
2. Communicate by hostname.
[1]>

All machines in the cluster will communicate with each other by IP address.

Group Main_Group:
1. Machine c370.lab: using IP address 10.66.1.10 port 22

Where port 22 would be SSH (Default port used for SSH)

And port 2222 is for CCS (Default port used for CCS)

I hope this helps.

Regards,

Matthew

Michael Donaldson · ‎01-27-2016

Thanks Matthew and Robert,

The cluster is running CCS as the communication protocol. I'll run up a change to disable CCS and only use SSH.

Cheers,

Michael.

Robert Sherwin · ‎01-27-2016

I would recommend to turn off CCS and go strictly with SSH. This may require you to change the communication used in cluster - as Matthew points out. With both CCS and SSH, we see oddities with clustering at times - and your error seen may be side-effect.

-Robert

Cheers,
Robert Sherwin

Guillaume BARBEROT · ‎09-20-2016

Hello

we are having this issue at one customer using C190 running version 9.1.2-028

we are just running SSH cluster (css disabled)

this version is not mentionned in the bug you are refering

https://tools.cisco.com/bugsearch/bug/CSCzv91435/?referring_site=bugquickviewredir

Cisco has not given any fix or info if this error is critical regarding ironport health => Robert, do you have any feedback regarding this error on your side ?

thanks