Problem with IPSec on  solaris 9

Hi all
I'm facing a problem with IPSec on solaris 9 that I didn't have with Solaris 8 (With the Security package installed).
I've an application that creates SA's by using the pf-key interface.
What it does is first doing a GETSPI to a specific SPI and a specific Destination IP Address.
This will create an SA and put it in a LARVAL state. After about a minute my application will do an UPDATE to this SPI and that command should change the state of the SA from LARVAL to MATURE but instead I get an error saying that this SPI & IP address already exist (errno = 17).
Well of course it's already exist that's the all point it should just change the state of an existing SA.
This exact scenarion was is working fine on Solaris 8.
Am I doing somthing wrong (maybe there is a package on the solaris 9 that I need to install ?)
or is this a bug in solaris 9.
If anyone has any idea on how to do that (without using a one step ADD for a new SA) I will be very thankfull.

Sorry for using reply for querying.
I got a problem in creating a Security Association using the PF_KEY Socket (first used SADB_GETSPI and got SPI,with SPI tried to update SADB_UPDATE).
Getting this problem on Sun Solaris 8.
It returns errno 122 . operation not supported.
Here is my mailId [email protected]
I got few more queries regarding PF_KEY socket.
Not much directions are available also for pf_key socket in internet.
Monitor produces the following error.
# ipseckey monitor
"Base message (version 2) type UPDATE, SA type AH.
Error Operation not supported on transport endpoint from PF_KEY.
Message length 16 bytes, seq=4294967294, pid=450."
Here is my mailId [email protected]
Thanks in Advance.
ssundar.

Similar Messages

  • Problem with telnet on solaris 9

    Hi all,
    I have a problem with telnet on my sun fire v440 server with solaris 9 system, whenever I telnet to this server as a normal user ,after entering the username and password ,the user environment will switch to root. but i have checked the 'id' as i telnet the system ,it was not root. Pls refer the below message as i login the server:
    SunOS 5.9
    login: prad
    Password:
    Last login: Thu Apr 14 11:14:54 from 10.60.64.59
    Sun Microsystems Inc.   SunOS 5.9       Generic May 2002
    You have mail.
    root@T-Server02 # id
    uid=1017(prad) gid=10(staff)
    root@T-Server02 # cat /etc/passwd | grep prad
    prad:x:1017:10::/export/home/prad:/bin/sh
    root@T-Server02 # ls -lrt profile*
    -rwxrwxrwx   1 prad     other        174 Feb  7  2008 local.profile
    -rw-r--r--   1 prad     other        144 Feb  7  2008 backupprofile
    root@T-Server02 # pwd
    */export/home/prad*
    root@T-Server02 #
    Does any one have idea on how to solve this problem?

    Thanks . I'm pretty new in SUN OS, and not quite get your point . Here is the local.profile showed as below:
    This is a newly happened issue, I think we haven't change any profile setting in server:
    SunOS 5.9
    login: prad
    Password:
    Sun Microsystems Inc.   SunOS 5.9       Generic May 2002
    You have mail.
    root@T-Server02 # more local.profile
    *# Copyright (c) 2001 by Sun Microsystems, Inc.*
    *# All rights reserved.*
    *# ident "@(#)local.profile 1.10 01/06/23 SMI"*
    stty istrip
    PATH=/usr/bin:/usr/ucb:/etc:.
    export PATH
    root@T-Server02 #

  • Problems with ipsec and crls

    Hello all
    I�d really appreciate it if you could provide me your comments regarding a problem I have when using CRLs (Certificate Revocation Lists) in a Solaris-10 IPSec connection. I establish an IPSec tunnel between two servers, Solaris-10 and MS Windows 2003, and it works fine. However, when I try to implement CRLs in the Solaris conf, I get some errors in the logs and the connection doesn�t work.
    At the end of the message I show you IPSec configuration I�m using. This conf works ok if I don�t use CRL. I changed the �etc/inet/ike/config� file to the following:
    #ignore crls
    use_http
    I used OpenSSL to generate the CRL and both the servers and the CA digital certificates. I put the distribution point �http://192.168.1.1/test-crl.crl� inside the CA certificate which is in the Solaris 10 server. This HTTP server is an IIS in the other MS Windows I mentioned. I also have generated the certificates in several ways including PEM and DER trying to see what the Solaris is expecting.
    I would appreciate your opinion about:
    (a)     Do you think the problem could be an incompatibility with the certificates and/or the CRL file formats?
    (b)     What is the format that Solaris supports for the certificates and CRLs?
    I am also attaching the logs I got from Solaris. I guess it shows that the server can not obtain the CRL, but I�m not sure.
    Thank you so much and I look forward to hearing from you at your earliest convenience,
    ***** IPSec conf *****
    - ID Type: Fully Qualified Domain Name (FQDN)
    - Phase 1 mode: Main Mode
    - Authentication method: RSA Signatures
    - Encryption algorithm � Phase 1: Triple DES
    - Hash - Phase 1: SHA-1
    - SA lifetime - Phase 1: 28800
    - Diffie-Hellman group � Phase 1: Group 2
    - SA lifetime - Phase 2: 1800
    - IP Compression: NO
    - Protocol - Phase 2: ESP
    - Encryption Algorithm - Phase 2: Triple DES
    - Hash - Phase 2: SHA-1
    - Encapsulation: Transport Mode
    - Diffie-Hellman group � Phase 2(PFS): Group 2
    ***** Solaris Logs *****
    lun 26 sep 05 14:59:30: in.iked: In ssh_policy_find_private_key.
    lun 26 sep 05 14:59:30: in.iked: Start ssh_policy_request_certificates
    lun 26 sep 05 14:59:30: in.iked: Requesting certs for 1 CA's
    lun 26 sep 05 14:59:31: in.iked: spsi: ike_udp_callback_common -1
    lun 26 sep 05 14:59:34: in.iked: spsi: ike_udp_callback_common -1
    lun 26 sep 05 14:59:38: in.iked: spsi: ike_udp_callback_common -1
    lun 26 sep 05 14:59:41: in.iked: Could not retrieve certificate list, ca=0.
    lun 26 sep 05 14:59:41: in.iked: spsi: ike_send_packet -1
    lun 26 sep 05 14:59:41: in.iked: ssh_policy_negotiation_done_isakmp:
    natt_state -1
    lun 26 sep 05 14:59:41: in.iked: Phase 1 negotiation error: code 24
    (Authentication failed).
    *****

    Jason,
    Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
    However, just looking at your configuration, I did see that your hashing algorithm on the YMCA side is using SHA and group 1 for isakmp policy 20 while on the Server side you are using 3des and group2 for policy 20.
    Good Luck,
    Bill

  • Problem with Java in solaris 10 zone

    HI ,
    i get this error message in my solaris 10 zone :
    #./java version
    Exception java.lang.OutOfMemoryError: requested -4 bytes for size_t in /BUILD_AREA/jdk1.5.0_11/hotspot/src/os/solaris/vm/os_solaris.cpp. Out of swap space?
    in global zone , java works fine !
    uname -a
    SunOS Server 5.10 Generic_141414-07 sun4u sparc SUNW,SPARC-Enterprise
    best regards

    I see mention of a similar problem, but only with early development releases of solaris10 branded zones running on Solaris 11 development bits. It seems as though this is not what you are running.
    Since there are no swap caps nor brand emulation in place, the next thing I would suspect would be that you somehow have inconsistencies between key libraries (e.g. libc) and the kernel. This could happen if you have a full-root zone that has been force attached (zoneadm -z <zone> attach -F). In the past, I've seen products that do this under the covers (e.g. Veritas Cluster) so it may have happened without your knowledge. If it is a sparse root zone, you may want to run "zoneadm -z <zone> detach; zoneadm -z <zone> attach -u". Prior to doing so, take whatever precautions you would normally take when patching a system.
    If you open a support call about this I bet the first advice you are going to get is to patch, as you seem to be 2+ years behind. Also, newer releases of Java 5 are available at http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase5-419410.html.

  • Problems with ipsec on pix 501

    I have been running a 501 for a few years with several site to site vpns with no problems. At first there was 1 vpn and it has slowly grown to 4. They are all the same 501's with the latest software.
    The first few years were problem free but as more sits have been added the problems are getting worse.
    When i added the third site, i restored factory defaults to remove the remernace of old configerations. form that point onward i have had problems. The second site would not maintain a tunnel after 2 minutes. I have checked the configs, replaced the modem, replaced all cables, replaced the pix and still cannot solve the problem. At the moment i cannot get any of the vpns to connect.
    Using the monitor facility within the pdm, the ipsec tunnel does not connect and the ike tunnel connects for about 40 secs then drops, it keeps repeating the same cycle. I am using a pre shared key on the IKE, the pre shared key is definatly correct as i have copied and pasted it into both 501's with the same computer.
    During the  time of the first errors i was getting an error code of 402101 using the debug level log.
    I have employed a local cisco engineer to help me with the problem, he adivsed that the configeration be changed as i was putting the pix behind a netgear router and forwarding the correct ports, this config worked several years, i have now changed all sites so the pix is configuered to be directly to the internet. The engineer was happy all the configerations were correct and he could not solve the problem, after spending six hours on our sites, he only charged me for 1 hour and was never to be seen again. The problem is getting worse.
    I am able to connect the remote sites using a vpn client, all other functions of the firewall seem good. I have been throught the wizards many times on all units and am certain the configerations are correct.
    What am i doing wrong??, they used to work but know they don't.
    I have attached the two configerations but removed all the inportant info of ip's, usernames and passwords. again, the ip's were correct.
    Have i missed out a step after resoting factory defaults?
    I would greatly appreciate any help anybody has to offer.

    Jason,
    Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
    However, just looking at your configuration, I did see that your hashing algorithm on the YMCA side is using SHA and group 1 for isakmp policy 20 while on the Server side you are using 3des and group2 for policy 20.
    Good Luck,
    Bill

  • Windows Replication RPC Problems with IPSec GRE Tunnel

    We have been having significant issue in troubleshooting random RPC errors with our directory controllers (MS AD 2008R2) and our distributed file shares.  Both services will randomly stop working, throwing RPC errors as the resulting cause.  We have been all over both Cisco and Microsoft forums in trying to troubleshoot this problem.  I'm trying to the Cisco forums first to see if anyone has any network layer thoughts as to best practices or ways to configure the tunnel.
    Our network is simple: two small branch offices connected to each other with two Cisco 2901 ISRs.  An IPSec GRE tunnel exists between both offices.  Interoffice bandwidth is approximately 10mbps.  Pings between offices work, remote desktop works most of the time, file transfers work, and DNS lookups work across both locations.  We really don't have a complicated environment, I'd think it wouldn't be too hard to set up.  But this just seems to be escaping me.  I can't think of anything at the network layer that would be causing problems but I was curious whether anyone else out there with knowledge of small office VPNs might be able to render some thoughts on the matter.
    Please let me know if there is anything further people need to see.  My next step is MS forums but I wanted to eliminate layer 3 first.
    Tunnel Config:
    crypto map outside_crypto 10 ipsec-isakmp
    set peer x.x.x.x
    set transform-set ESP-AES-SHA
    match address 102
    crypto ipsec df-bit clear
    interface Tunnel0
    bandwidth 10240
    ip address x.x.x.x x.x.x.x
    no ip redirects
    ip mtu 1420
    ip virtual-reassembly in
    zone-member security in-zone
    ip tcp adjust-mss 1375
    tunnel source GigabitEthernet0/0
    tunnel destination x.x.x.x
    crypto ipsec df-bit clear
    end

    Hi,
    Based on the third-party article below, you can setup VPN connection between Windows VPN client and Cisco firewall:
    Step By Step Guide To Setup Windows 7/Vista VPN Client to Remote Access Cisco ASA5500 Firewall
    What is the Windows server 2008 R2 for, a RADIUS server? If yes, maybe the links below would be helpful to you:
    RADIUS: Configuring Client VPN with Windows 2008 Network Policy Server (NPS) RADIUS Authentication
    Configuring RADIUS Server on Windows 2008 R2 for Cisco Device Logins
    RADIUS authentication for Cisco switches using w2k8R2 NPS
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Best regards,
    Susie

  • Problem with Jni on Solaris

    Hello I am using a Native code that is working perfect on Windows .
    I have used DllMain calls to initialize my threads .
    I attach my lower stack threads to the JNI by using these methods.
    Well I want to know what is way to put the same functionality on Solaris.As this particular method is specific to Windows Platform only.
    BOOL APIENTRY DllMain( HANDLE hModule,                     // handle to DLL module
    DWORD ul_reason_for_call,      // reason for calling function
    LPVOID lpReserved                // reserved
         BOOL returnValue = FALSE;
    switch (ul_reason_for_call)
              case DLL_PROCESS_ATTACH:
                   // We do not perform any initialization
                   // within this section. Instead we have
                   // chosen to use the JNI_OnLoad function
                   // as the library initialization point.
                   returnValue = TRUE;
                   break;
              case DLL_THREAD_ATTACH:
                   // We are to initialize the thread local storage
                   // variables in this call.
                   if( BridgeUtility::getInstance() -> threadInitialize() != 0 ) {
                        returnValue = FALSE;
                        printf(" Thread initialize failed..\n");
                   }else {
                        printf(" Thread initialize succed..\n");
                        returnValue = TRUE;
                   break;
              case DLL_THREAD_DETACH:
                   // We are to uninitialize the thread local storage
                   // variables in this call.
                   if( BridgeUtility::getInstance() -> threadUninitialize() != 0 )
                        returnValue = FALSE;
                   else
                        returnValue = TRUE;
                   break;
              case DLL_PROCESS_DETACH:
                   // We do not perform any uninitialization
                   // within this section. Instead we have
                   // chosen to use the JNI_OnUnload function
                   // as the library initialization point.
                   returnValue = TRUE;
                   break;

    If your aim is to load the library and initialize it
    that one time, consider using the pthread once routines
    to handle library initialization. See, for example,
    chapter 5 of Butenhof's "Programming with POSIX
    threads".

  • Problem with Syslog in Solaris 10

    I have 2 hosts (both are actually Solaris 10 Zones). One has no issues with syslog and the other won't send its messages to our loghost. Both have the same /etc/syslog.conf files, /etc/resolv.conf and /etc/nsswitch.conf files. The one works and the other just says in the /var/adm/messages files :
    May 3 11:16:42 svanyc128 syslogd: line 22: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 23: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 28: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 29: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 30: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 31: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 32: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 33: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 34: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 35: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 36: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 37: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 38: WARNING: loghost could not be resolved
    May 3 11:16:42 svanyc128 syslogd: line 39: WARNING: loghost could not be resolved
    I can resolve the name loghost though with ping and nslookup and they're going to the correct IP. Does anyone have any other idea why these hosts don't behave the same?

    Ah, one of the guys I work with figured it out. /etc/services file was messed up. It's working now. :)

  • Problems with oracle10 and solaris 10

    Hello,
    I been trying for 3 days to install and make oracle 10g work with solaris 10. I've downloaded oracle 10.1.0.2 (it's the only one available for solaris 64 bitS). I've followed every bit of documentation I found in this forum but still no go. I've read this thread and followed did what it says but still no go.
    Oracle Database10g on Solaris 10
    My questions are:
    1. I've set the semsys and shmsys as instructed in the documentation, but when I run the installer and it comes to the checking kernel security paramters it says that I need to update the kernel system paramaters BIT_SIZE and noexec_user_stack. According to the docs that I've read, the noexec_user_stack is only for soalris versions up to 5.8, but just to test I added it to the kernel but I still get the same error. What gives? Where do I change the BIT_SIZE and what value should i put?
    2. After ignoring these errors, and the installation has finished, I get this error on the console
    Aug 1 18:19:18 db1 root: [ID 702911 user.alert] (Oracle CSSD will be run out of init)
    Any assistance will be very much appreciated.
    Thanks

    I've downloaded oracle 10.1.0.2 (it's the only one available for solaris 64 bitS).I hope you installing this on Solaris Sparc 64bit.
    According to the docs that I've read, the noexec_user_stack is only for soalris versions up to 5.8noexec_user_stack was introduced in Solaris 7 and is valid for all >7 versions (9, 10 too)
    Aug 1 18:19:18 db1 root: [ID 702911 user.alert] (Oracle CSSD will be run out of init)You could safely ignore this message

  • Problems with sudo on Solaris 8

    Greetings all,
    I am trying to set up user accounts with scripts that will restart services, should they fail. I am setting up the default shell as the script that I want to have run when they log in and at the completion it will kick them off. A nice secure way to get things going again without our network operations people getting their hands dirty.
    I am attempting to use sudo for this and it keeps asking for a password even though I have put in the ALL=NOPASSWD tag in the sudoers file for this users entry. When I enter the users password it is not correct and when I enter root it is not correct and in the end it will not run the script. I need to somehow bypass this asking of a password and get sudo to run the command. This is to restart our SunOne messaging server and will likely be applied to various other processes.
    Any suggestions are appreciated. I have checked the sudo site and checked the config.h from the compile and had no luck so it is not the shadow passwords issue that they list on their support site. I also tried to download and use the precompiled package that they had on SunFreeware, but that will not install on to any of these servers... can't get pkgadd to acknowledge it as a solaris package.
    Thank you in advance!
    Lee Stevens

    Try to remove this disk from server and insert in again.
    Then run devfsadm command.

  • Problems with rsh in solaris 8

    I have tried to execute a command with "rsh", like a "prstat", and it works but if I execute a "snoop" command, I see that the machine that runs the command(rsh) lost information. There is packets from TCP that has been return (in some occasions partially), this provokes the application losts information.
    Which can the problem be ?

    OK, but the problem is not in C++. Your C++ code just invokes invokes the shell and remote operations, and returns the result. The local C++ program cannot cause or repair communication problems between machines.

  • Problems with LDOMs in Solaris 11

    I got a new T5-2 server, installed Solaris 11 and was going to configure LDOMs. However "ldmd" can't be started and in turn ldm doesn't work.
    root@Solaris11U1-T5:/opt/SUNWldm/bin#
    root@Solaris11U1-T5:/opt/SUNWldm/bin# ldm
    Failed to connect to logical domain manager: Connection refused
    root@Solaris11U1-T5:/opt/SUNWldm/bin#  svcadm enable svc:/ldoms/ldmd:default
    root@Solaris11U1-T5:/opt/SUNWldm/bin# svcs | grep svc:/ldoms/ldmd:default
    maintenance    12:22:28 svc:/ldoms/ldmd:default
    root@Solaris11U1-T5:/opt/SUNWldm/bin# tail /var/svc/log/ldoms-ldmd\:default.log
    [ Sep  3 12:08:35 Disabled. ]
    [ Sep  3 12:08:39 Enabled. ]
    [ Sep  3 12:08:39 Executing start method ("/opt/SUNWldm/bin/ldmd_start"). ]
    Sep 03 12:08:39 fatal error: HV MD unable to assign frag @ 0x0.0x3900000 from free PRI list
    [ Sep  3 12:08:41 Method "start" exited with status 95. ]
    [ Sep  3 12:22:25 Enabled. ]
    [ Sep  3 12:22:25 Rereading configuration. ]
    [ Sep  3 12:22:25 Executing start method ("/opt/SUNWldm/bin/ldmd_start"). ]
    Sep 03 12:22:25 fatal error: HV MD unable to assign frag @ 0x0.0x3900000 from free PRI list
    [ Sep  3 12:22:28 Method "start" exited with status 95. ]
    root@Solaris11U1-T5:/opt/SUNWldm/bin#

    Hi 69768d81-19e9-4597-ad17-b29f5c618a87  
    I am also getting the same error (fatal error: HV MD unable to assign frag @ 0x0.0x3900000 from free PRI list) while booting the Solaris 11.1 server on T5-2.
    Can you please let me know how did you upgrade the SRU version.
    Nov 14 11:23:21 fatal error: HV MD unable to assign frag @ 0x0.0x3900000 from free PRI list
    [ Nov 14 11:23:24 Method "start" exited with status 95. ]
    [ Nov 14 12:05:42 Enabled. ]
    [ Nov 14 12:05:42 Rereading configuration. ]
    root@blrgxr2701:~# pkg info entire
              Name: entire
           Summary: Incorporation to lock all system packages to the same build
       Description: This package constrains system package versions to the same
                    build.  WARNING: Proper system update and correct package
                    selection depend on the presence of this incorporation.
                    Removing this package will result in an unsupported system.
          Category: Meta Packages/Incorporations
             State: Installed
         Publisher: solaris
           Version: 0.5.11
    Build Release: 5.11
            Branch: 0.175.1.0.0.24.2
    Packaging Date: September 19, 2012 07:01:35 PM
              Size: 5.46 kB
              FMRI: pkg://solaris/[email protected],5.11-0.175.1.0.0.24.2:20120919T190135Z
    root@blrgxr2701:~# pkg update --accept
    No updates available for this image.
    root@blrgxr2701:~# pkg update --be-name s11.1sru --accept
    No updates available for this image.
    Thanks.
    Prasad P.

  • Multi-Owner Diskset problem with SC3.1U4 & Solaris 10

    Hi All,
    My Problem is after configured the mulit-owner diskset of SVM. If either one node has been restarted/rebooted. The rebooted node can't join back to the diskset like below status. I have tried to use some metaset commands to put the rebooted node to join backed the diskset but failed.
    After both nodes rebooted. Then I run "metaset" command on both nodes, the status seems can't synchronize. "See below status for detail"
    root@IMDUFSDBM01 # metaset -s racset
    Multi-owner Set name = racset, Set number = 1, Master = IMDUFSDBM01
    Host Owner Member
    IMDUFSDBM01 Yes
    IMDUFSDBM02 No
    Driv Dbase
    d6 Yes
    root@IMDUFSDBM02 # metaset -s racset
    Multi-owner Set name = racset, Set number = 1, Master =
    Master and owner information unavailable until joined (metaset -j)
    Host Owner Member
    IMDUFSDBM01 multi-owner Yes
    IMDUFSDBM02 No
    Driv Dbase
    d6 Yes
    -------------------------------------------------------------------------Failed to use commands to put the IMDFUSDBM02 to diskset "racset".
    root@IMDUFSDBM01 # metaset -s racset
    Multi-owner Set name = racset, Set number = 1, Master = IMDUFSDBM01
    Host Owner Member
    IMDUFSDBM01 multi-owner Yes
    Driv Dbase
    d6 Yes root@IMDUFSDBM01 # metaset -s racset -d -h IMDUFSDBM02
    metaset: IMDUFSDBM01: racset: host IMDUFSDBM02 does not have set
    root@IMDUFSDBM01 # metaset -s racset -M -a -h IMDUFSDBM02
    metaset: IMDUFSDBM01: racset: host IMDUFSDBM02 is already in the set
    Dear all, any idea or experience on this problem?
    Chowsingsing from Hong Kong

    Hi Tim/All,
    I have party fixed the multi-owner diskset problem after create the resource for SUNW.rac_framework, SUNW.rac_udlm & SUNW.rac_svm. But the new problem is generated. The new problem is if two nodes are up, then the multi-owner diskset can be access via two nodes. But if either one node is down, the remain node can�t access the diskset (but the scstat status is fine). For example: node2 is down, node1 is up. Then multi-owner diskset membership of node1 is lost. If node1 is down, node2 is up. Then multi-owner diskset membership of node2 is lost. After both nodes become online, the diskset will resume to normal and can be access.
    normal status of scstat and metaset
    -- Cluster Nodes --
    Node name Status
    Cluster node: node2 Online
    Cluster node: node1 Online
    -- Cluster Transport Paths --
    Endpoint Endpoint Status
    Transport path: node2:qfe1 node1:qfe1 Path online
    Transport path: node2:qfe0 node1:qfe0 Path online
    -- Quorum Summary --
    Quorum votes possible: 3
    Quorum votes needed: 2
    Quorum votes present: 3
    -- Quorum Votes by Node --
    Node Name Present Possible Status
    Node votes: node2 1 1 Online
    Node votes: node1 1 1 Online
    -- Quorum Votes by Device --
    Device Name Present Possible Status
    Device votes: /dev/did/rdsk/d2s2 1 1 Online
    -- Device Group Servers --
    Device Group Primary Secondary
    -- Device Group Status --
    Device Group Status
    -- Multi-owner Device Groups --
    Device Group Online Status
    Multi-owner device group: racset node1,node2
    -- Resource Groups and Resources --
    Group Name Resources
    Resources: rac-rg rac-framework-rs rac-udlm-rs rac-svm-rs
    -- Resource Groups --
    Group Name Node Name State
    Group: rac-rg node1 Online
    Group: rac-rg node2 Online
    -- Resources --
    Resource Name Node Name State Status Message
    Resource: rac-framework-rs node1 Online Online
    Resource: rac-framework-rs node2 Online Online
    Resource: rac-udlm-rs node1 Online Online
    Resource: rac-udlm-rs node2 Online Online
    Resource: rac-svm-rs node1 Online Online
    Resource: rac-svm-rs node2 Online Online
    -- IPMP Groups --
    Node Name Group Status Adapter Status
    IPMP Group: node2 sc_ipmp0 Online hme1 Online
    IPMP Group: node2 sc_ipmp0 Online hme0 Online
    IPMP Group: node1 sc_ipmp0 Online hme1 Online
    IPMP Group: node1 sc_ipmp0 Online hme0 Online
    Multi-owner Set name = racset, Set number = 1, Master = node1
    Host Owner Member
    node1 multi-owner Yes
    node2 multi-owner Yes
    Mediator Host(s) Aliases
    node1
    node2
    Driv Dbase
    d2 Yes
    After shutdown node1, node2 remain running
    -- Cluster Nodes --
    Node name Status
    Cluster node: node2 Online
    Cluster node: node1 Offline
    -- Cluster Transport Paths --
    Endpoint Endpoint Status
    Transport path: node2:qfe1 node1:qfe1 faulted
    Transport path: node2:qfe0 node1:qfe0 faulted
    -- Quorum Summary --
    Quorum votes possible: 3
    Quorum votes needed: 2
    Quorum votes present: 2
    -- Quorum Votes by Node --
    Node Name Present Possible Status
    Node votes: node2 1 1 Online
    Node votes: node1 0 1 Offline
    -- Quorum Votes by Device --
    Device Name Present Possible Status
    Device votes: /dev/did/rdsk/d2s2 1 1 Online
    -- Device Group Servers --
    Device Group Primary Secondary
    -- Device Group Status --
    Device Group Status
    -- Multi-owner Device Groups --
    Device Group Online Status
    Multi-owner device group: racset node2
    -- Resource Groups and Resources --
    Group Name Resources
    Resources: rac-rg rac-framework-rs rac-udlm-rs rac-svm-rs
    -- Resource Groups --
    Group Name Node Name State
    Group: rac-rg node1 Offline
    Group: rac-rg node2 Online
    -- Resources --
    Resource Name Node Name State Status Message
    Resource: rac-framework-rs node1 Offline Offline
    Resource: rac-framework-rs node2 Online Online
    Resource: rac-udlm-rs node1 Offline Offline
    Resource: rac-udlm-rs node2 Online Online
    Resource: rac-svm-rs node1 Offline Offline
    Resource: rac-svm-rs node2 Online Online
    -- IPMP Groups --
    Node Name Group Status Adapter Status
    IPMP Group: node2 sc_ipmp0 Online hme1 Online
    IPMP Group: node2 sc_ipmp0 Online hme0 Online
    Multi-owner Set name = racset, Set number = 1, Master = node1
    Host Owner Member
    node1 multi-owner Yes
    node2 No
    Mediator Host(s) Aliases
    node1
    node2
    Driv Dbase
    d2 Yes
    Anyone can help!!
    Chowsingsing from HK

  • Problems with fpsetmask and SIGFPE

    Hello,
    I am trying to build a program that wants to do its own floating point exception handling. The developer has told me that on Sparc, using fpsetmask in ieeefp.h works. However, when I build it with the same instuctions on x86, I still get floating point exceptions. The author told me that he thought the problem was with fpsetmask in x86. Does anyone know if there are problems with this in Solaris 7 x86? Is there a fix? I searched the patches, but did not find anything. Thanks for your time.
    Brian

    I'm still wondering why it happens now at this moment in time...
    PC does seem to be a bit odd & inconsistent, the few times I've tested with it, at least so far as we content filtering goes; and if I remember rightly, you're not the first to report previously ok settings suddenly preventing some or all internet until pc is switched off altogether.
    It may work when re-enabled

  • Backup problem with LMS 3.0 on Solaris

    Hi All,
    I'm encountering problems with LMS 3.0 when I try to do a backup. After you hit OK on the window that says "Do you want to backup now?", an error would pop up saying: "Enter a new directory name or ask the system administrator of the Ciscoworks Common Services server to make the directory accessible to user casuser", thus I cannot proceed with the backup process. When I do backup, my login privilege is admin. Even tried to do backup on the same partition as my CSCOpx directory but to no avail.
    Appreciate your help on this guys. Our LMS 3.0 runs on Solaris platform. Thanks in advance.

    Hi Joe,
    Thanks for your prompt response. By the way, what is a casuser? Is he also one of the user that can be found on the Local User Setup on Common Services? The scenario here is that, I am not the one who installed the Ciscoworks LMS 3.0 on the client side, so I am not aware on how they did the installation procedure for the application. I remember assigning casuser password during installation on our other clients that has LMS 3.0.
    Will the write access on the backup directory for the casuser be done by the Solaris root administrator?
    Thanks for your help.

Maybe you are looking for

  • Hard Drives and video card for new CS5 system

    I've read through much of the threads in the hardware forums and find I still have questions.  I am just beginning to learn how to edit and it is not a source of income for me at the moment.  My sources will be from tapes from my Canon HV20 and at so

  • How to know if a session finished in jsp

    Hello, How to know if a session finished in jsp? Help me please. Best Regards. Joseph

  • Using tabs in keynote?

    I'm feeling frustrated because I feel like I am just missing a simple picture here but no matter how I try, I can't see it.  I'm trying to use tabs in the Keynote ruler. I can add tabs all day but they don't seem to have any effect on my document.  I

  • Photoshop CS6 Running Slooooow

    I am so deeply frustrated with PS CS6 right now.  I bought the Master Suite through school.  I also bought a 27-inch, late 2012 iMac with 3.2 GHz i5 and 32GB of Ram.  Everything on my computer runs lightning fast except for CS6.  Even older PS runs f

  • Register now to our series of exciting partner webinars!

    Join  Adobe Evangelist Adam Broadway on Wed, Apr 10th to learn how you can integrate Dreamweaver & Business  Catalyst and what workflows can be implemented between the two products. To make sure you can put your learning into practice, webinar partic