Problems in config sync (nsnetsvc not running)

[Zohaib Yunus]

hello,

 

I have a netscaler pair in HA. The problem is that they are not doing a config sync. Both devices can reach each other. There is no ACL blocking the tcp ports for config sync.

 

Upon troubleshooting, I checked if the 'nsnetsvc' process is running, but to my surprise it isn't as shown below. I don't see the line for nsnetsvc stream. And this could be the reason to the config sync issue. I was wondering how do I turn on this process?

 

root@labslb-01# more /etc/inetd.conf
# Netscaler /etc/inetd.conf
#
# This file is present in the memory filesystem by default, and any changes
# to this file will be lost following a reboot. If changes to this file
# require persistence between reboots, copy this file to the /nsconfig directory
# and make the required changes to that file.
#
# Warning: This method of altering available network services may not be
# supported in the future.  
#
# The FTP and Telnet protocols are insecure.  Consider using ssh,scp, or sftp.
#ftp    stream  tcp nowait      root    /usr/libexec/ftpd               ftpd -l
#telnet stream  tcp nowait      root    /usr/libexec/telnetd    telnetd
#telnet stream  tcp6 nowait root    /usr/libexec/telnetd    telnetd

 

 

 

> sh ha node
1)      Node ID:      0
        IP:   10.17.169.102 (labslb-01)
        Node State: UP
        Master State: Primary
        Fail-Safe Mode: OFF
        INC State: DISABLED
        Sync State: ENABLED
        Propagation: ENABLED
        Enabled Interfaces : 1/1
        Disabled Interfaces : 10/2 10/1 1/6 1/5 1/4 1/3 1/2 0/1 LA/1
        HA MON ON Interfaces : 1/1
        Interfaces on which heartbeats are not seen : None
        Interfaces causing Partial Failure: None
        SSL Card Status: UP
        Hello Interval: 200 msecs
        Dead Interval: 3 secs
        Node in this Master State for: 1:1:41:40 (days:hrs:min:sec)
2)      Node ID:      1
        IP:   10.17.169.103
        Node State: UP
        Master State: Secondary
        Fail-Safe Mode: OFF
        INC State: DISABLED
        Sync State: FAILED
        Propagation: ENABLED
        Enabled Interfaces : 1/1
        Disabled Interfaces : 10/2 10/1 1/6 1/5 1/4 1/3 1/2 0/1 LA/1
        HA MON ON Interfaces : 1/1
        Interfaces on which heartbeats are not seen : None
        Interfaces causing Partial Failure: None
        SSL Card Status: UP

Local node information:
        Critical Interfaces: 1/1
 Done
> force ha sync
Warning: Unable to establish connection with the secondary. Command propagation failed
>

 

 

[Ankur Pandita]

Restart nsnetsvc process or reboot the netscalers if its feasible  so that process will restart and check

 

Also Make sure rpc passwords are same on both the nodes.you can check with below command

 

show rpcNode

 

Also what is the netscaler version here:?

[Zohaib Yunus]

Doesn't look like it is the same.

 

> show rpcnode
1)      IPAddress:  10.17.169.102 Password:  ca2a03547ec925 SrcIP:  10.17.169.102    Secure:  OFF             
2)      IPAddress:  10.17.169.103 Password:  8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28
        SrcIP:  10.17.169.102    Secure:  OFF             
 Done

 

> sh ver
        NetScaler NS10.1: Build 129.11.nc, Date: Sep 30 2014, 03:52:32  
 Done
>

[Zohaib Yunus]

Restarting the LBs also did not help. Same issue. How do I manually restart the nsnetsvc process?

[Brooks Carlson]

The RPC passwords must match.  It appears that 10.17.169.102 has a completely different password hash than 10.17.169.103.  

To create or change an RPC node password and enable a secure connection

1. In the configuration utility, in the navigation pane, expand System > Network > Advanced and then click RPC.
2. In the details pane, select the node and then click Open.
3. In Password and Confirm Password, type the new password.
4. In Source IP Address, type the system IP address of the other NetScaler Gateway appliance.
   To use an IPv6 address, select IPv6 and then enter the IP address.
5. Click Secure and then click OK. 

 

Or from CLI:

set rpcnode <ipAddress> -password <string>

 

As far as the sync process, does it show as a running process?

shell

ps –auxw | grep nsfsync

 

 

If not then you can start the sync process manually:

/netscaler/nsfsyncd –d 

or

sh /netscaler/nssync.sh start 

[Zohaib Yunus]

Perfect! Thanks.. that worked :) I set both the rpcnode passwords to match and voila!

[David Han1709161411]

Solved my problem as well after upgraded to 13 from 11.1

When tried to set with gui, doesn't work. However using cli works