cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to delete an erroneous secondary manager IP from a sensor

For some unknown reason, I've noticed that one of our sensors has a secondary IP address for the primary manager config.  I have no idea why or how this got there as we just moved this sensor from an NSM 8.1 instance to a new 8.2 instance via "deinstall" and "setup".  During the setup wizard when it prompts you for a secondary IP, none was listed and we selected "No" to that question.  However, it still has an extra IP.  This IP strangely belongs to our dev 8.2 instance, but that instance has never even had this sensor in it to the best of my (and my team's) knowledge, so it makes no sense to me.  I found the sensor CLI command "set manager secondary ip" and thought maybe using 0.0.0.0 would remove it, but that fails of course.  Then I found the command "deletemgrsecintf" which seems to be exactly what I want but when I run that, I just get an error that reads "This operation is not allowed while in MDR mode. Please do this operation from the Manager."  So I'm not sure how to proceed as I don't know of a way to run sensor CLI commands from the Manager nor do I know how to find this IP address within the Manager.

Here's the trimmed output from the "show" command--the "2.2.2.2" example IP is the one that doesn't belong in my case.

[Manager Config]

Manager IP addr         : 1.1.1.1          (primary intf)

Manager IP addr         : 2.2.2.2          (secondary intf)

<trimmed>

[Peer Manager Config]

Manager IP addr         : 3.3.3.3           (primary intf)

Thanks in advance!

3 Replies
petermason
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: How to delete an erroneous secondary manager IP from a sensor

Hi Allen,

I ran into the same issue recently, the secondary manager ip had been set in a previous version (possibly 6) and was never removed when we implemented MDR I assume.

Support advised that this was probably a bug and sent it to development.

The only work around they gave me was to perform a resetconfig on the sensor and then reinstall it into the manager.

I had asked them if breaking the MDR pair would allow me to run the command but they were unsure.

They did tell me there was no impact in having this value set and that it should be fixed in a future release.

Peter

Re: How to delete an erroneous secondary manager IP from a sensor

Thanks for the response.  Unfortunately, I don't currently have physical access to this sensor, so a resetconfig is going to take me down.  I may try to break the MDR pair to fix it.  Will report back if I do that.

msitko
Level 10
Report Inappropriate Content
Message 4 of 4

Re: How to delete an erroneous secondary manager IP from a sensor

Running 'deinstall' should trick the sensor into believing there is no MDR pair, which should allow you to remove the second IP address.  Just run 'setup' or 'set sensor sharedsecretkey' to reestablish trust with the manager.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community