| Description | This articles describes some examples of issues that cause synchronization failures between FortiNAC managers and servers. |
| Scope | FortiNAC-M, FortiNAC-F. |
| Solution |
The FortiNAC Manager is used in large deployments in order to act a centralized node for managing Multiple FortiNAC servers. This documentation lists its key features.
In many cases, the Synchronization process with the managed FortiNAC appliances can fail due to misconfiguration, database issues, separate upgrades of FortiNAC servers, or DNS issues. To troubleshoot these cases, enable the following commands in the FortiNAC Manager CLI:
diagnose tail -F output.master
After this, perform a manual synchronization to the problematic FortiNAC Server through the GUI. Log messages printed out will provide information about the cause of the issue.
Example 1. Sync failed to replace Role ID.
Solution: During a Maintenance window, perform the following actions (take a VM snapshot of both the Server and FortiNAC Manager in case a rollback is needed):
Example 2. Duplicate entry 'Policy_XYZ' for key 'UNIQUE_NAME'
yams SEVERE :: 2024-09-04 02:29:39:333 :: #665 :: org.hibernate.engine.jdbc.spi.SqlExceptionHelper ERROR :: 2024-09-04 02:29:39:333 :: #665 :: (conn=24) Duplicate entry 'ISOLATE' for key 'UNIQUE_NAME' yams SEVERE :: 2024-09-04 02:29:39:337 :: #665 :: org.hibernate.engine.jdbc.batch.internal.BatchingBatch ERROR :: 2024-09-04 02:29:39:337 :: #665 :: HHH000315: Exception executing batch [could not execute batch]
Solution: In a Maintenance window perform the following actions (take a VM snapshot of both the Server and FortiNAC Manager in case a rollback is needed):
Example 3. No route to host (Host unreachable).
java.rmi.RemoteException: Error in REST RPC. target=JerseyWebTarget { https://192.168.0.20:8443/api/v2/rpc/method-call }; No route to host (Host unreachable)
Solution: This is a network issue or external change in the hops between Server and FortiNAC Manager. The routing and network configuration need to be fixed.
Example 4. Error in REST RPC / HTTPException.
yams SEVERE :: 2024-02-13 14:47:12:688 :: #551 :: java.rmi.RemoteException: Error in REST RPC. target=JerseyWebTarget { https://192.168.0.20:8443/api/v2/rpc/method-call }; nested exception is: javax.xml.ws.http.HTTPException .
Solution: This is a DNS issue. FortiNAC Manager and the server cannot resolve the FQDN to an IP. DNS server configuration needs to be checked.
Example 5. Name HibernateServer not found
Attempting to display globaloptions or enablind debugs in the FortiNAC CLI will show following errors:
Solution: Management processes have not yet started on the FortiNAC Manager. Either services are down or the manager is on a startup process. Check output.master for error logs. Make sure the license is valid, that FortiNAC can reach the internet, and that FortiNAC is configured with the minimum system resources as per page 14 of the data sheet.
Other issues seen when adding Servers to FortiNAC Manager:
a. Server appearing as "Unknown" entry in FortiNAC Manager dashboard.
Solution:
In the CLI, enter:
rm /bsc/campusMgr/.licenseKeyNCM
restartNAC
b. Unable to add Server to Manager:
Logs in output.master:
yams INFO :: 2023-11-02 17:24:56:192 :: #133 :: 192.168.0.7 incompatible CM version. yams INFO :: 2023-11-02 17:24:56:192 :: #133 :: Incompatible NAC server version.
A possible cause of this error is provided in the following article: Troubleshooting Tip: Unable to add servers to the FortiNAC Manager. |
