Jump to content


Photo

Configuration Updates - Failed with IOStreamSock

ioStreamSock

This topic has been archived. This means that you cannot reply to this topic.
3 replies to this topic

#1 Markus Völkl

Markus Völkl
  • Members
  • 23 posts

Posted 29 May 2020 - 02:24 AM

Hello,

 

I have changed a firewall rule and activated it. The Configuration Updates Panel now says that

one Firewall has "C Update completed". The primary/active Firewall is shown as "Failed" with the

Reason "F Can't commit: IOStreamSock: Receive() TIMEOUT"

 

Is there anything i can do without failover and inerruption? Restart service?

 

Markus



#2 Micha Knorpp

Micha Knorpp
  • Members
  • 195 posts

Posted 02 June 2020 - 03:26 AM

I would try a combined "Complete Update" / "Update Now" action.


regards,
-micha-

#3 Markus Völkl

Markus Völkl
  • Members
  • 23 posts

Posted 03 June 2020 - 02:36 AM

I have tried anything including Complete Update. In the meantime the box cpu load increased more and more.

The only chance was failover to passive node and reboot the problematic box.

 

After reboot the logwrap service wont start, i have tried to block and start but it fails without any error message.

I fired a "/opt/phion/modules/box/boxsrv/logwrap/bin/logwrapd -w & &>/dev/null" on the box - and the service came up.



#4 Manuel Huber

Manuel Huber
  • Members
  • 166 posts

Posted 03 June 2020 - 05:48 AM

This sounds like an issue we know for at least two years, from firmware version back then to recent 7.2.5 or so.

 

Someone was doing configuration changes, and for some reasons, these changes didn´t appear on the box. After a "Complete Update" the load rises steadily and quite quickly to ridiculously high values and the best you can do is to switch to the HA partner as soon as possible. O

 

I am not 100% sure if a "Complete Update" really triggers this, as I also saw a steady increase of the load over several hours and just coincidentally noticed it or the monitoring system showed an unusually high load.

 

Usually I opened a case at Barracuda, but once I noticed such behaviour, it was quite urgent to switch to the HA partner (which never had an immediate problem, so it´s not the configuration change itself), and support couldn´t find a hint about the cause. After a reboot the firewall behaves normally. There might have been issues with logwrapper once or twice, I´m not sure now, might also have been Eventing daemon.

 

So far, it happened only on our "larger" firewalls, probably every 3-4 months. It´s independent of hardware, because it affected all kinds of appliances or setups with SF licenses. I even thought there might be a pattern related to uptime, but then again there are maintenance windows to install patches or other necessary reboots, and I didn´t keep a log about all this.

 

In short, support and I never found any dump files or the like and we cannot connect laptops on serial interfaces for months either, so there is no solution yet.

 

It´s obviously an annoying problem, hopefully Barracuda can find a cause somehow soon.