JuniperForum.com
September 02, 2010, 08:45:35 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: If you have an interesting idea for an article or knowledgebase entry, please submit it!
 
  Home Help Login Register  
* *

Latest Knowledgebase Articles

Pages: [1]
« previous next »
  Print  
Author Topic: IDP Scio command  (Read 812 times)
Marclor
Newbie
*
Posts: 36


View Profile
« on: July 07, 2010, 07:41:02 AM »
Hi everyone,

We have a Juniper IDP 75. It was used in demos for clients. I've upgraded it from 4.1r2 to 5.0r2. The upgrade succeeded.
I didn't link it to NSM yet. I've noticed that when I want to use the scio command, I get this message:

[root@idp ~]# scio management
[14:33:46] Error: sc_device.c: sc_dev_open: connect to server call failed 0
[14:33:46] Error: sc_device.c: sc_dev_construct: sc_dev_open() failed
[14:33:46] Error: scio.c: scio: can't construct idp device for cpu 0

Can anyone help me? Thanks.
Logged
Marclor
Newbie
*
Posts: 36


View Profile
« Reply #1 on: July 07, 2010, 08:53:25 AM »
Hi,

I've noticed that processes are stopped and restarted over and over again!

The service --status-all command show that:

service --status-all
anacron (pid 19857) is running...
atd (pid 19895) is running...
crond (pid 19824) is running...
dc_client is stopped
dc_server is stopped
hald (pid 19919) is running...
httpd (pid 19921 19917 19913 19802) is running...
Retrieving status...
idpinit...........................................off
idpengine_0.......................................off
idpLogReader......................................off
agent.............................................off
idpHMD............................................off
sciod.............................................off
pkid..............................................off
Usage: /etc/init.d/idprepservice {start|stop|restart}
Kdump is operational
insmod: error inserting '/usr/idp/device/lib/bpctl2.ko': -1 File exists
cat: /sys/module/jnet_igb/sections/.text: No such file or directory
cat: /sys/module/jnet_igb/sections/.data: No such file or directory
mcstransd is stopped
dbus-daemon (pid 18774) is running...
multipathd is stopped
netconsole module not loaded
netplugd is stopped
Configured devices:
lo eth0 eth1 eth2
Currently active devices:
lo eth0 eth2 eth1
ntpd is stopped
Process accounting is disabled.
rdisc is stopped
smartd (pid 20072) is running...
snmpd (pid 18950) is running...
snmptrapd is stopped
sshd (pid 18963) is running...
syslogd (pid 18696) is running...
klogd (pid 18702) is running...
Logged
ScottDennis
Newbie
*
Posts: 28


View Profile WWW
« Reply #2 on: July 08, 2010, 04:58:15 PM »
Try this:

Log into the IDP's ACM and run though the setup process again and save it. It looks like the ACM settings may not have taken  on the IDP.
ACM Access: http://<IDP_IP_Address>/admin


JNCIA-IDP, JNCIS-FWV, JNCIS-ER
Logged
Best regards,
Scott Dennis
JNCIA-IDP, JNCIA-FWV, JNCIS-FWV, JNCIA-ER, JNCIS-ER
Volcanoman
Jr. Member
**
Posts: 50


View Profile
« Reply #3 on: July 09, 2010, 01:30:09 AM »
Hi, the problem you face is a bug in my opinion. I did some tests a while back and reported this bug which was accepted by TAC.

The issue occurs when you upgrade from 4.x to 5.x with no policy installed.

If you do the following all will work:

factory reset with the USB key
upgrade to 4.1r3 (earliest that will upgrade direct to 5)
connect to NSM and push any policy
upgrade to 5

The policy can be anything. Use one of the example ones available. You can change it later. It is an annoyance as it would be nice to be able to upgrade direct to the latest without having to use NSM. However, every USB key I've seen was built with 4.1r2

I suspect there will be a migration to using SRX as the host for future IDP so there might not be the development in such issues. But that's another discussion...
Logged
ScottDennis
Newbie
*
Posts: 28


View Profile WWW
« Reply #4 on: July 09, 2010, 06:23:29 AM »
Actually there are several known issues like this, however the one he is getting is directly connected to his upgrade so re-imaging will not fix the issue. There was a bug causing the restarting of processes over and over again in 4.1r2 and was fixed in 4.1r3 and all subsequent code releases. These are two separate issues. We saw that when IDPs were upgraded to 5.x code that the processes would restart constantly. The fix I gave should resolve the issue without you having to re-image the IDP. I have done it many times.   Wink

Also there could be other issue with that box. Take a look at the techsupport.

Here is how to get run the tech support scripts:
Log into the IDP  as admin
"su -"
put in roots password

Tech Support without core files:
"sh /usr/idp/device/utils/tech-support"

Tech Support with core files:
"sh /usr/idp/device/utils/tech-support -c"

Core files will need to be analyzed by Juniper's engineers so you will need a case with JTAC and have the case escalated to ATAC. The only caveat here is that this is a Demo box. If you have core files then don't waste your time putting in a case with JTAC as they will just have you re-image the box anyway and put the 4.1r2 code on, then upgrade to 4.1r4 or 5.0r2. Most likely the 5.0r2 as the 4.1r4 is going to be EOL soon.

As a side note:
Whenever you get a demo box it is always good practice to re-image the box as the images get destroyed by previous users and the IDPs are not always re-imaged.


Enjoy!
Logged
Best regards,
Scott Dennis
JNCIA-IDP, JNCIA-FWV, JNCIS-FWV, JNCIA-ER, JNCIS-ER
Marclor
Newbie
*
Posts: 36


View Profile
« Reply #5 on: July 09, 2010, 02:40:56 PM »
Hi all,

Thanks a lot for your replies. This is the first time I'm working with an IDP. What are core files?
The box doesn't contain a policy. I'm able to connect to ACM.
Do I have to re-image the box? Thanks
Logged
ScottDennis
Newbie
*
Posts: 28


View Profile WWW
« Reply #6 on: July 09, 2010, 02:54:51 PM »
I could not say for sure if you need to re-image or not. Just run through the ACM setup process and then see if the processes are all running.

What is a core file:
Please refer to this link.
http://www.unixguide.net/linux/faq/07.13.shtml
Logged
Best regards,
Scott Dennis
JNCIA-IDP, JNCIA-FWV, JNCIS-FWV, JNCIA-ER, JNCIS-ER
Marclor
Newbie
*
Posts: 36


View Profile
« Reply #7 on: July 09, 2010, 03:08:44 PM »
Hi Scott,

Thanks. I'll do it sunday and will update the post.
Logged
Marclor
Newbie
*
Posts: 36


View Profile
« Reply #8 on: July 11, 2010, 03:07:31 AM »
Hi everyone,

I've run the ACM setup process. It worked fine and all the processes were running. The processes stopped rebooting endlessly, even after rebooting the box. I think that the problem is solved. Your solution was very helpful. Thanks.
Logged
Pages: [1]
  Print  
JuniperForum.com > Security > IDP > Topic: IDP Scio command
 « previous next »
 
Jump to:  

Navigation

Donate

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Tools

Submit Article/KB - Do not submit questions here.

Recent

Stats

Members
Stats
  • Total Posts: 40480
  • Total Topics: 11163
  • Online Today: 73
  • Online Ever: 393
  • (August 06, 2008, 07:40:57 AM)
Users Online
Users: 0
Guests: 32
Total: 32
TinyPortal v1.0 beta 4 © Bloc
Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!

Sponsored in part by CollarWise

Page created in 0.247 seconds with 35 queries.