The Platform Agent reports "ForceServerVersionNumber" errors in the nproduct.log

  • Document ID:7023432
  • Creation Date:10-Oct-2018
  • Modified Date:13-Mar-2019
    • Micro Focus Products:
      eDirectory
      Sentinel

Environment

Sentinel - Nsure Audit 1.0.3 Patch 2 and newer
Platform Agent 2.0.x

Situation

The Platform Agent (PA) reports error messages in the nproduct.log repeatedly:
--------------------------------------------------------------------------------------------------------------------------------
Wed Feb 14 10:56:11 2018 [Novell Audit Platform Agent]: Attempting to re-establish connection to secure log server for application eDir Inst.
Wed Feb 14 10:56:44 2018 [Novell Audit Platform Agent]: The log server has an older version of lengine.
The server should be upgraded for full functionality.
Wed Feb 14 10:56:44 2018 [Novell Audit Platform Agent]: Server Protocol is: 1
Wed Feb 14 10:56:44 2018 [Novell Audit Platform Agent]: ForceServerVersionNumber has not been enabled in the logevent config file.
When working with log servers from previous versions of audit,
ForceServerVersionNumber must be enabled in the logevent config file.
Wed Feb 14 10:56:44 2018 [Novell Audit Platform Agent]: Authentication Failure
--------------------------------------------------------------------------------------------------------------------------------

Resolution

The Sentinel CM server (Audit Connector) rejected the PA’s connection because the Audit Connector is already loaded with the huge events. The Audit Connector has an upper limit for caching the events locally. When the caching limit is reached, the Audit Connector will reject the PA’s connections until already cached events are processed."

The Platform Agent transitioned down to it's lowest communication level, in order to process through the data in the lcache file, and logged this message in the nproduct.log until the Audit Connector stopped rejecting the PA's connection.

Cause

A network outage occurred causing a disconnect between the eDirectory Platform Agent (PA) and the Sentinel CM server. Lcache correctly cached audit events because the Sentinel CM was not reachable. This network outage lasted sufficiently long to allow lcache to build to such a point that when the  network connection was re-established, the events sent to the Sentinel CM server (Audit Connector) exceeded the upper limit of the Audit Connector.