Deep Security 9: Error on call to ‘getaddrinfo’ (DSVA)

During a recent Deep Security implementation we’ve experienced post-deployment issues with the Deep Security Virtual Appliances (DSVA’s). After Deployment of the DSVA’s you will get a “Communications Problem” reported from the Deep Security Manager.

Communications_Problem

By the way, the Deployment of the DSVA within ESXi 5.5 has got a known issue of not working on the first attempt. Please read this for more information.

The error looks like this:

Agent-Appliance-Error01


Troubleshooting pointed out that something was wrong with DNS resolving from the DSVA towards the Deep Security Manager. The DSVA was resolving the DSM on shortname.
To verify DNS resolving within the DSVA login the the console by pressing F2 (default username/password: dsva/dsva)

dsva01

After logon on press Alt-F2 to get the Shell Login Prompt, logon again with username dsva

dsva02

Now you can use the nslookup command to check DNS resolving. In my case shortname resolving didn’t go right while FQDN resolving was okay.

Changing the hostname of the DSVA to its FQDN didn’t solve the problem so we figured that the Search Suffix needed to be added to the DSVA.

To do this, execute the following command: sudo vi /etc/resolv.conf and add the “search yourdomain.local” entry.

dsva03

After adding this, the “Communications Error” disappear and the DSVA became “Healthy” within the Deep Security Manager.

Leave a comment

1 Comment

  1. Jen

     /  June 3, 2016

    Thank you for this! Ran into it in my lab, you saved me a lot of time.

Leave a Reply

%d bloggers like this: