Table of Contents
Advertisement
B
Troubleshooting
Server/NIC Connectivity
Secured computer did not
make first contact with a Policy
Server in the domain
Not receiving heartbeats from a
secured computer
Policy or configuration
distribution timed out
Policy or configuration
distribution failed
72
Suggested Solution
For an automatically registered NIC, you can determine that it has not made first contact if it does
not appear in the Default device set in the tree-view portion of the Management Console, or if you
cannot locate it by entering its IP address using the Find function. For a manually registered NIC, you
can determine that it has not made first contact if the last wake-up or heartbeat time has not been
updated on the information window for this NIC.
If a secured computer has not made first contact with a Policy Server, verify the communication
between the secured computer and the Policy Server (see "Policy Server-to-NIC Communication
Check" on page 76).
The secured computer may be offline, which is a normal condition.
I
Heartbeats are sent using the UDP protocol and can therefore be lost due to intermittent network
I
problems. Occasional missed heartbeats may indicate a network problem rather than a problem
with EFW. You may want to wait for another heartbeat interval before investigating the problem
if only one heartbeat interval was missed.
Heartbeats are replicated between Policy Servers every two minutes. To see a heartbeat
I
immediately when it arrives, connect to the last Policy Server to cummunicate with this NIC
(usually its primary Policy Server) and view the Last Wakeup or Heartbeat field on the NIC
information window.
Verify communication between the secured computer and the Policy Server (see "Policy Server-to-
I
NIC Communication Check" on page 76).
This time-out indicates that the Policy Server did not receive an acknowledgement from the NIC that
it received the distribution. This lack of acknowledgement may happen if the NIC is offline. The
identities of the individual NICs that timed out on a distribution can be found in the Details window
available via the Distribution Progress window and in the audit log). Check the Management Console
NIC information window to see when the last heartbeat was received. If the NIC is online, there may
be a connectivity problem. Verify communication between the secured computer and the Policy
Server (see "Policy Server-to-NIC Communication Check" on page 76).
This failure indicates that the Policy Server encountered an error condition related to the distribution
before it attempted to contact the NIC. The policy may contain an unresolveable IP address or may be
too large for the target device. The system may not have a primary or backup policy server available for
the device, or encountered some other unexpected error when preparing to perform the distribution.
The Details windows available via the Distribution Progress window can be viewed to see error
messages. Policy distribution failures are also audited in the audit log, and the audit log indicates
whether the policy size was the problem. (For information on determining the size of a policy, see
"Determining the Size of a Policy" on page 48).
Advertisement
Table of Contents
Troubleshooting
