Technical Tip: Registration fails with multiple adapters when one adapter is invalid
Description
This article describes that the registration can fail with multiple adapters (for example an Agent registration) when one adapter is invalid.
Example:
A rogue host has two adapters. One adapter has a MAC Address whose OUI is not listed in the vendor OUI list. This could be due to one of the following:
- Is not in the vendor OUI list under System -> Settings -> Identification- > Vendor OUIs.
- Is a randomized MAC address (randomized MAC addresses are not in the vendor OUI table).
The host meets an endpoint compliance policy configured to scan using the dissolvable agent. Once the scan completes, host remains a rogue despite host information being populated.
Two ‘Host Registration Success’ events are listed under events view for the host, but the host maintains the "Rogue" status and is not switched to the production network.
The following error is seen in output.master:
yams SEVERE :: 2020-05-14 06:26:15:383 :: java.lang.NullPointerException
yams SEVERE :: 2020-05-14 06:26:15:383 :: at com.bsc.plugin.dynamic.HostServer.updateEtherRelations(HostServer.java:3397)
Scope
FortiNAC v8.6.4 and v8.7.2.
Solution
Workaround: Disable valid MAC address check via the CLI. Contact Support for assistance.
Solution:
Addressed in v 8.6.5 and v8.7.4.
Modify the property file as follows on both Primary and Secondary Servers:
- Log in to the CLI as root of the Control Server.
- Using vi or another editor, modify /bsc/campusMgr/master_loader/.masterPropertyFile.
- Add the following lines.
FILE_NAME=./properties_plugin/devicemanager.properties
{
com.bsc.plugin.manager.DeviceManager.checkValidMAC=false
}
-
Save the changes to the file.
-
Restart processes.
shutdownNAC
Wait 30 seconds.
startupNAC
- Create or modify the current README file in /bsc/campusMgrUpdates to indicate these settings will need to be undone after upgrading to the fixed version.
Example:
---------------------------------------------------------------------------
Ticket <FortiCare ticket number> <Date> <support eng initials>
Mantis 0636170
Bypasses valid MAC address check as a workaround. Fixed in 8.6.5 and 8.7.4.
Added the following lines to /bsc/campusMgr/master_loader/.masterPropertyFile
FILE_NAME=./properties_plugin/devicemanager.properties
{
com.bsc.plugin.manager.DeviceManager.checkValidMAC=false
}
To re-enable MAC address check after upgrading to fixed version:
1. Delete the lines above from .masterPropertyFile
2. Restart processes
shutdownNAC
<wait 30 seconds>
startupNAC
-----------------------------------------------------------------------------
Bypasses valid MAC address check as a workaround. Fixed in 8.6.5 and 8.7.4.
Added the following lines to /bsc/campusMgr/master_loader/.masterPropertyFile
FILE_NAME=./properties_plugin/devicemanager.properties
{
com.bsc.plugin.manager.DeviceManager.checkValidMAC=false
}
To re-enable MAC address check after upgrading to fixed version:
1. Delete the lines above from .masterPropertyFile
2. Restart processes
shutdownNAC
<wait 30 seconds>
startupNAC
-----------------------------------------------------------------------------