Forum Discussion
NimbostratusAced Service restarting
Hi,
Every time I edit my access policy i get errors logged to console where the aced services is restarting. APM log shows that it is unable to bind to the address. I have to add that dont have a separate management network so my MGT interface is just a fake IP and I'm managing the server via self-ip. It seems related also to my RSA SecurID that I have added, and even removing the authentication profile, the errors remain. These errors are killing the box up to the point of it rebooting unexpectedly.
Errors logged to console
Dec 8 04:33:31 localhost emerg logger: Re-starting aced
Dec 8 04:33:33 localhost emerg logger: Re-starting aced
Dec 8 04:33:35 localhost emerg logger: Re-starting aced
Dec 8 04:33:38 localhost emerg logger: Re-starting aced
Errors in APM log
Dec 8 04:47:59 localhost err aced[27279]: 01490000:3: Profile[/Common/Hatch_RSA]: exception: Could not accept socket, function: accept, error: Interrupted system call.
Dec 8 04:48:01 localhost err aced[27320]: 01490000:3: Main: exception: Could not bind to port, function: bind, error: Address already in use. exiting main...
Dec 8 04:48:01 localhost err aced[27341]: 01490000:3: Profile[/Common/Hatch_RSA]: exception: Could not accept socket, function: accept, error: Interrupted system call.
Dec 8 04:48:05 localhost err aced[27375]: 01490000:3: Main: exception: Could not bind to port, function: bind, error: Address already in use. exiting main...
Dec 8 04:48:05 localhost err aced[27398]: 01490000:3: Profile[/Common/Hatch_RSA]: exception: Could not accept socket, function: accept, error: Interrupted system call.
7 Replies
soymanueI'm suffering the same issue. Have you been able to solve it?
HendrikvanniekeI opened a support case and they have since then supplied me with an Engineering Hotfix. You will need to open a case with F5 to get this hotfix immediately.
Since the hotfix it has been working for me flawlessly.
- soymanue
Thank you. Do you have the bug ID or the name of the hotfix?
- Hendrikvannieke
Thhey didn't share the ID with me, however here is the Hotfix file name they gave me, Hotfix-BIGIP-11.6.0.3.34.412-HF3-ENG.iso. Hope this helps.
RobLL_77876I ran into this same issue. I resolved it by binding the RSA SecurID Agent Host IP to an SelfIP that was not a floater. Once I did that, no issues. And didn't need an eng hotfix for it. Running 11.6.0 HF3.
- RobLL_77876
So troubleshooting this more...if you use a floating SelfIP, the unit that doesn't own the address continually throws the restarting messages in the APM logs mentioned earlier in this thread. The active unit does not since it owns the traffic group with the floater.
- Hendrikvannieke
In my case I didn't setup the unit with a MGT interface. I have the virtual edition and my host is configured with one subnet at this point in time, so there is no way to have a SelfIP and MGT on the same subnet. So I'm using the SelfIP to manage the unit. This also had me attach the SecurID to use this interface as the source for requests to my RSA appliance. I think that is where the problems started, and ontop of this all I added a webtop to the SelfIP. The debug showed it couldn't attach the SecurID to the interface because the port was already in used. I think it was the perfect storm scenario. F5 identified it as a bug and said it will be released in future releases, however if you need it immediately they can assist you with the Hotfix by opening up a support ticket.
