Views:

When you check the problem host's Event Log inside, the Deep Security Diagnostic Package shows the following error message:

Time: December 01, 2010 11:22:01  Level: Error  Event ID: 3006  Event: Operating System Call Error  Description: Error on call to 'getaddrinfo' for 'servername.domain.com': Temporary failure in name resolution    Time: December 01, 2010 11:22:01  Level: Warning  Event ID: 4012  Event: Heartbeat Failed  Description: Unable to contact all available Deep Security Managers for heartbeat. Will attempt again at next heartbeat interval.

After a few minutes, the host machine reported "Description: Security configuration updated."

When the DSA fails to communicate with the DSM, it eventually recovers on its own. However, the failed event is still sent to DSM and the DSM will flag a critical or warning alert on this machine.

You need to check why the host is having problems resolving the DSM FQDN. If possible, add the DSM FQDN to the \etc\hosts file in the Linux machine to resolve the issue.

If you are using an agent installed on the manager to act as Deep Security Relay, there should be no communication issue. However, you must ensure that the related ports on the local machine are all opened. Otherwise, the error will still pop-up.

 
For more details about all required communication ports, refer to this article: Communication ports used by Deep Security
Keywords: DSA node status issue,communication problem,DSM heartbeat interval,heartbeat rejected
Comments (0)