Issues during fencing startup on SFCFSHA cluster nodes set up for server-based fencing


Issues during fencing startup on SFCFSHA cluster nodes set up for server-based fencing
Prev	Troubleshooting server-based fencing on the SFCFSHA cluster nodes	Next

Table: Fencing startup issues on SFCFSHA cluster (client cluster) nodes

Issue	Description and resolution
cpsadm command on the SFCFSHA cluster gives connection error	If you receive a connection error message after issuing the cpsadm command on the SFCFSHA cluster, perform the following actions: Ensure that the CP server is reachable from all the SFCFSHA cluster nodes. Check that the SFCFSHA cluster nodes use the correct CP server virtual IP or virtual hostname and the correct port number. Check the /etc/vxfenmode file. Ensure that the running CP server is using the same virtual IP/virtual hostname and port number.
Authorization failure	Authorization failure occurs when the CP server's nodes or users are not added in the CP server configuration. Therefore, fencing on the SFCFSHA cluster (client cluster) node is not allowed to access the CP server and register itself on the CP server. Fencing fails to come up if it fails to register with a majority of the coordination points. To resolve this issue, add the CP server node and user in the CP server configuration and restart fencing. See Preparing the CP servers manually for use by the SFCFSHA cluster.
Authentication failure	If you had configured secure communication between the CP server and the SFCFSHA cluster (client cluster) nodes, authentication failure can occur due to the following causes: Symantec Product Authentication Services (AT) is not properly configured on the CP server and/or the SFCFSHA cluster. The CP server and the SFCFSHA cluster nodes use different root brokers, and trust is not established between the authentication brokers:

Issue

Description and resolution

cpsadm command on the SFCFSHA cluster gives connection error

If you receive a connection error message after issuing the cpsadm command on the SFCFSHA cluster, perform the following actions:

Ensure that the CP server is reachable from all the SFCFSHA cluster nodes.
Check that the SFCFSHA cluster nodes use the correct CP server virtual IP or virtual hostname and the correct port number.

Check the /etc/vxfenmode file.
Ensure that the running CP server is using the same virtual IP/virtual hostname and port number.

Authorization failure

Authorization failure occurs when the CP server's nodes or users are not added in the CP server configuration. Therefore, fencing on the SFCFSHA cluster (client cluster) node is not allowed to access the CP server and register itself on the CP server. Fencing fails to come up if it fails to register with a majority of the coordination points.

To resolve this issue, add the CP server node and user in the CP server configuration and restart fencing.

See Preparing the CP servers manually for use by the SFCFSHA cluster.

Authentication failure

If you had configured secure communication between the CP server and the SFCFSHA cluster (client cluster) nodes, authentication failure can occur due to the following causes:

Symantec Product Authentication Services (AT) is not properly configured on the CP server and/or the SFCFSHA cluster.
The CP server and the SFCFSHA cluster nodes use different root brokers, and trust is not established between the authentication brokers: