All the traps agents are disconnected

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

All the traps agents are disconnected

Hi Community,

 

All the agents in my traps setup on ver 4.2.5 shown as disconnected. As the issue looks like ESM server related, i have followed the document https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-admin/troubleshooting/tr... but no luck. i cannot navigate to agent installation package page as well in ESM console.

i can see the agents as 'connected to server <>' in agent console but having the last check in time much older.

I can see there are multiple established connections on 2125 port on ESM core using netstat.

Any info on what will be the reason for this behaviour ?

Thanks in advance!.


Accepted Solutions
Highlighted
L4 Transporter

Hi @BPry ,

 

Thanks for your input.

I have checked the ESM and i were able to see two entries  for same server under Multi ESM (one was in inactive state), i just disabled one of them which were duplicate, post this i can see the agents are getting online and everything works fine.

 

Even though it looks illogical, can we have two core instance on same server ?. i am not sure how it got added even.

 

EDIT:- This was the issue, looks like somebody changed the server table in the traps DB, which added one more entry of same core server, it was causing all mess. post deleting the duplicate entry, everything is fine

View solution in original post


All Replies
Highlighted
Cyber Elite

@Abdul_Razaq,

That really sounds like an ESM issue, or a compatibility issue between your ESM and the agent version. Regardless, if you've already gone through that document and can't find the issue I would open up a TAC case so they can look over your ESM server.

Highlighted
L4 Transporter

Hi @BPry ,

 

Thanks for your input.

I have checked the ESM and i were able to see two entries  for same server under Multi ESM (one was in inactive state), i just disabled one of them which were duplicate, post this i can see the agents are getting online and everything works fine.

 

Even though it looks illogical, can we have two core instance on same server ?. i am not sure how it got added even.

 

EDIT:- This was the issue, looks like somebody changed the server table in the traps DB, which added one more entry of same core server, it was causing all mess. post deleting the duplicate entry, everything is fine

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!