Server status appears as "offline" in Hosts Console

  • 7016996
  • 17-Nov-2015
  • 30-Apr-2019

Environment

Privileged Account Manager

Situation

Server status appears as "offline" in Hosts Console after agent was successfully registered
Agent registered with Framework Manager, but now shows "offline"
Agent appears in an "offline" state in the Administration, Hosts Console
Agent already or previously registered

Resolution

Please verify the following:

  1. The Agent is running and there was no problem loading the installed modules / packages:
    • From a terminal on the Agent server, please run the following to verify the process is running:

      service npum status
      OR
      /etc/init.d/npum status
      Note: For Windows, check the Status of the Privileged Account Manager Service.

    • Check the Agent's unifid.log and verify the installed modules are loading successfully and that there are no errors regarding initialization. When the Agent starts up, the log should show something like the following:

      Info, ========================================
      Info, Version 3.5.0 (Rev:27220,Bld:217)  [<OS release info>]
      Info, Database Version 3.7.15.2
      Info, [strfwd 3.5.0 (Rev:27144,Bld:217) ] module loaded
      Info, [rexec 3.5.0 (Rev:27329,Bld:217) ] module loaded
      Info, [regclnt 3.5.0 (Rev:27253,Bld:217) ] module loaded
      Info, [distrib 3.5.0 (Rev:27323,Bld:217) ] module loaded
      Info, Service  listening on 0.0.0.0:29120
      Info, Checking service registration for <Agent Name> (<License Name>)
      Info, valid from Wed Jan 23 03:56:36 2019 to Fri Jan 25 03:09:40 2019 (registry offset 0 seconds)

  2. Agent resolves and is reachable by the Manager by using the DNS names with which it has been registered:
    Note: To determine the Agent's registered DNS Name / IP Address, view the host details in the Hosts Console.

    nslookup Agent's DNS Name
    ping Agent's DNS Name / IP Address

  3. Manager and Agent can communicate in both directions via the port specified when the agent was registered with the Framework Manager (default is 29120):
    Note: See Opening Firewall Ports.
    • (Option A) Verify network communication is possible:
      Note: It may be required to Install Telnet Client on Windows for this option.
      • From the Manager server:
        telnet <Agent's DNS Name / IP Address> 29120
        netcat -zv <Agent's DNS Name / IP Address> 29120
      • From the Agent server:
        telnet <Manager's DNS Name / IP Address> 29120
        netcat -zv <Manager's DNS Name / IP Address> 29120
    • (Option B) Check the status of servers according to application communication:
      Note: In the following commands, please replace with the appropriate Name configured in the Hosts Console. Verify that 'Status' appears as 'online.'
      • From the Manager server:
        /opt/netiq/npum/sbin/unifi -u admin regclnt status -s <Agent Name> -M rexec 
      • From the Agent server:
        /opt/netiq/npum/sbin/unifi -u admin regclnt status -s <Manager Name> -M rexec

  4. Time is synchronized between the Manager and Agent.
    Note: Time synchronization is a service that maintains consistent server time across the network. Time synchronization is provided by the server operating system, not by Privileged Account Manager (PAM). PAM relies on the time reported by the server operating system. Please refer to operating system documentation for more details regarding time synchronization strategies.

    More details regarding this scenario can be found in the following document:
    TID 7005911 - Peer authorization error accessing regclnt.svcInfo, Authentication token is inactive

Cause

Network infrastructure issues with communication or configuration. For example, time has not been synchronized, improper or failed DNS lookups, firewall blocking port 29120, etc.

Additional Information