Messaging Gateway

Trying to stand up a new 9.5.4 envionment in my lab and running into a problem adding the scanner to the control center.

Any assistance would be welcome.  Other posts have not resovled issue

Troubleshooting info follows

----------

-- Full error when attempting to add via "Add Scanner Wizard" --

Cannot find an Agent that is running. Please check the specified host, and that the Agent will allow connections from this IP address.

-- Envionment is Virtual, using default machines pulled down from partnernet fileconnect

-- First time build out

-- Both machines machines are pingable from oneanother

-- When telnet via 41002 (in either direction from either machine), quickly connects, and then disconnects

-- agent-config on scanner is running and confirmed to have the control center machine IP inside ip.   Also registered cc outside ip for testing, still no goodness.  Stopped and restarted 'agent' service outside of normal 'restart' when an IP is added, still no joy

-- cc-config on control center is confirmed running.  

-- Restarted both boxes, still no joy

-- Upgraded control center to 10.0.0 via update download, still no joy

-- Restored intial factory snapshot of both boxes and reconfigured from default, still no joy

Are they both on the same subnet? Is there a firewall between them performing NAT? What this basically means is that the IP address of the Control Center's incoming traffic doesn't match the IP address that it is expecting to connect.

When telnet via 41002 (in either direction from either machine), quickly connects, and then disconnects

If accurate, I think this might be the root of the problem. Another possible key is what Jeremy was alluding to:

control center machine IP inside ip.   Also registered cc outside ip for testing

So, what you need for the Control Center to add the Scanner is:

1. Agent is running.
2. Agent is configured to allow the connecting IP (Control Center).
3. Control Center can succesfully connect to the Agent.

You have confirmed the first. The second and third iffy by your quotes above, the IP listed by the Scanner must be the IP that the Control Center is actually connecting from. So, if the Control Center has an IP of 192.168.X.X, the Scanner has an IP of 10.X.X.X, NAT is occuring between subnets, and is the Agent is configured to allow connections from 192.168.X.X, then it will not allow the Control Center since the IP will be NAT changed to a 10.X.X.X address.

When you telnet to 41002, a proper connection will just sit and you have to forcefully terminate it or feed it data so it terminates. If it terminates on its own right after connection, then the network connection is being severed. This can occur if the wrong IP is connecting or there is something affecting the connection (firewall).

Your best bet is to trace the network communications to make sure that things are as they should be (unless you can confirm already that the wrong IP is connecting). Support can help you determine this information as well, which opening a support ticket may be the best option. As it stands, it does sound like there is either interference on the network (firewall, IDS, etc) or that NAT is modifying the connecting IP.

Good luck,

Art

They are on the same subnet and can ping each other cleanly using the IP's they've been assigned, and both can connect to the other using telnet (ip) 41002 -- though the connection is quickly disconnected

(when i telnet using another non brightmail port, the connection is quickly refused)

I have also disabled the firewall on the host vmware machine and there was no change in what i'm seeing

I had very similar thoughts about the IPS possiblity, but I can not find anything which would be causing such a response

There is no natting going on, and connectivity is confirmed there between both virtual machines.  I originally had only the inside ip of the CC box setup in the agent-config.  Only added the the outside for troubleshooting when it didnt work the original way.

Both are bridging off of the same physical nic from the host, but i've got exceptions in place for the virtual boxes -- and to be safe, i've disabled the hips/firewall client 

When I wireshark off the the physical interface of the host, I see the initial arp who has broadcast when the CC is looking for the scanner's mac -- but that's it.     And that's all I expected to see given we're talking about two virtual ports talking to each other -- rather than activity that would touch the physical nic (other than the initial arp broadcast)

I havent found a way to do a tcpdump from the brightmail boxes themselves. Do you know of a way?  I'd rather not rig up a another virtual gateway or hub so i could sniff traffic if I dont have to.  Particuarly since that means I'd have to configure the boxes on different subnets -- and that wont meet my final configuration goal

Also, other virtual devices are the subnet are communicating without issue.  (for example, a SEPM box connecting to the lab AD for authentication) -- though those are admitedly are using different ports than what Brightmail is using

Circling back on this problem back on this problem