A common question I see is why after adding a FS850 using the Add Wizard doesn't it show up in the Enterprise Manager?


There are a few things that must take place before the FS850 will show up on the Manage Engines Page in the Enterprise Manager.

  • The Scan Engine on the FS850 must be upgraded to the same version as the Database.
  • The FS850 must be made an available scan engine.
  • The FS850 must have completed the Add Wizard process successfully at least once.


Most of the time the reason the FS850 doesn't show up in the EM is because it has not upgraded to the same version as the database resulting in a database version mismatch that can be seen in the daily log file.  Though the Add Wizard process triggers the upgrade of the FS850 by configuring the FCAgent with the FCServers IP Address it doesn't actually upgrade any components.


To better understand this let me describe what the Add Wizard process does and does not do.


What it does do:

  • Confirms Certificates
  • Allows the Change of
    • NetBIOS name
    • System Time
    • Time Zone
    • Password
  • Configure which database to connect too and validates the user name and password.
  • Configures the Windows update schedule
  • Connecting to the database for the first time will pull the FCServers IP Address information from the FMSServerSettings table.


What it does not do:

  • Upgrade any component
  • Add the FS850 as an available scan engine
  • Confirm connectivity to the FCAgent to FCServer


So if the Add Wizard doesn't upgrade any components what does?


The FCServer is the central location for managing component upgrades. The FCServer handles several other functions that are necessary for the MVM environment but we will cover that functionality in future tutorials.


So what does the FCServer have to do with the upgrade of an FS850?

  • The FCServer validates the default certificate when the FS850 first checks in and pushes out a customer specific certificate.
  • The FCServer takes the running component version information provides by the FCAgent and compares it to the ComponentVersion column in the FSUpdate table in the database. If the component version in the database is greater, an update will be pushed to the agent.


So when an FS850 is receiving the database version mismatch message it is normally because it has not been upgraded to the proper version. There are several reasons why this can happen.


Common Customer Site Specific Reasons:

  • In FCAgent is configured to use a FQDN and the FS850 can not resolve the name.
  • The FS850’s FCAgent has the wrong IP Address
  • The FCAgent can not contact the FCServer on TCP port 3801.


Some of these issues are easier to solve than others. I’ll break down each issue below.


In FCAgent is configured to use a FQDN and the FS850 can’t resolve the name.


This is pretty simple issue to address.

  • Configure the FS850 to use a DNS server if it isn’t and make sure the FQDN can be resolved.
  • You can also configure the Hosts file of the FS850 using the MWI interface.
  • You can also change the FQDN to use an IP Address using the MWI interface.


An additional step to do is if the FS850 received the FQDN during the Add Wizard process--but you want new FS850’s to receive an IP Address instead of an FQDN--you can change that by opening the FMSServerSettings table in the Faultline database.


The FS850’s FCAgent has the wrong IP Address.


This is a pretty simple issue to address.

  • In the MWI interface you can change the IP Address that the FCAgent uses to contact the FCServer.


The FCAgent can not contact the FCServer on TCP port 3801.


This issue isn't as easy to solve. We can prove that packets are not arriving at the FCServer by examining a packet capture and looking for communication from the FCAgents IP Address on TCP port 3801. What is more difficult to prove is that the FCAgent is sending packets to the FCServer. Since there is no way to gather a packet capture on the FS850 we will have to try and use a device on the same LAN as the FS850 to sniff all network traffic.


This issue gets a little more complicated if the customer is attempting to use static NATing between the FCAgent and the FCServer.  If there is an issue, and the FCAgent has the correct NATed IP Address, focus should be put on the customer’s router/firewall configuration.

 

Jeff Haynes