How to check communications (4249349)

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

How to check communications
Description

If a connection issue exists between Quest Privilege Manager for Unix (QPM4U) components, then a number of checks are recommended to ensure that communications are correctly enabled.
Resolution

1. DNS name resolution
The QPM4U Master and Agent validate the communications by verifying the IP address against the hostname. Both components must be able to perform forward and reverse DNS lookup on each other, either through DNS or the /etc/hosts file.
To test communications:
From the Master, can the Agent be pinged, e.g. ping
From the Agent , can the Master be pinged, e.g. ping
2. QPM4U configuration
Check also that communications and encryption settings are the same in pm.settings at the Master and Agent. To establish the initial communications the Agent attempts to connect to the Master specified under the masters setting in /etc/opt/quest/qpm4u/pm.settings, e.g masters mymasterhost.mydomain.com
The Agent must be able to contact this server. It will also validate the request returned from this master by trying to match the IP address from the packet to this name.
If there are problems try the following:
a). Try specifying the shortname instead of the fully qualified DNS name, e.g. masters mymasterhost
b). Try adding the following setting which will force QPM4U to accept shortnames instead of fully qualified DNS names, eg shortnames yes
3. Run the following command and check the output matches /opt/quest/bin/pminfo -s
4. To check the status of the QPM4U services run the following commands, this is assuming you are using the default ports.

netstat -an | grep 1234
FROM MASTER:
netstat -an | grep 1234
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN
FROM AGENT:
netstat -an | grep 1234
tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:12346 0.0.0.0:* LISTEN
If the problem still exists, make further network connectivity checks, and check the firewall configuration and logs.
Additional Information

The firewall needs to be configured so that the agent host can communicate with the policy servers over the pmmasterd port (12345 by default), and so the policy servers can communicate back with the agent host over the pmlocald port (12346 by default). When on different sides of the firewall or DMZ additional configureation is required to restrict the port range or to use tunneld. Please refer to Advanced Configuration Guide

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

How to check communications (4249349)

Title

Description

Resolution

Additional Information

Leave a Comment