The following article describes common Linux and Unix scan issues and how to resolve them -
- Authentication error / expired password
- Unsupported shell
- No permission to run read-only commands (no sudo)
- "no tty present and no askpass program specified" error message
- Incorrect private key type
- Key too long
- Environment variables not preserved by sudo
- Scan timeout
- Connection error
- Partial scan status
Authentication error / expired password
Ensure you have the correct user name and password, and that the password is valid. Attempt to login manually through utilities such as putty. Re-enter the credentials into AvailabilityGuard and attempt to re-scan.
The account used for scanning should be defined with either sh, bash or ksh. Other shells (such as csh or tcsh) are not supported and should be avoided.
No permission to run read-only commands (no sudo)
Certain read-only commands require elevated permissions. The account used for scanning should have the permissions to run those commands. A common method for granting the permission is through using sudo or similar access control solution (PowerBroker, UPM, CA eTrust, etc.). Refer to Recommended /etc/sudoers configuration for additional information about sudo configuration.
"no tty present and no askpass program specified" error message
if requiretty is enabled in the sudoers file, sudo will only run when the user is logged in through a terminal.
This issue can be resolved in two different ways -
Option 1: comment out the requiretty option in the sudoers file on the target host.
Option 2: When configuring the sudo options in AvailabilityGuard, select Yes for the PTY drop-down list.
Incorrect private key type
When using SSH public key authentication, note that AvailabilityGuard requires a PEM key (not PPK). If your key is of the ppk type, you can convert it to pem using a tool such as puttygen.
To convert a ppk key to pem key using putty Key generator, use the following instructions:
- Download puttygen and run it.
- Click Actions --> Load --> select your ppk file --> Open
- Click Conversions --> Export OpenSSH Key.
- Choose Yes for passphrase warning.
Key too long
When using SSH public key authentication, the key size is limited to 2048 characters.
Environment variables not preserved by sudo
Certain version of sudo will not perserve environment variables unless the sudo command is executed with the -E option. This may impact commands such as powermt which rely on variables.
To resolve this issue, edit the sudo configuration in AvailabilityGuard and add the -E flag.
There could be various reasons for a scan timeout such as -
- When user logs in for the first time, a question is presented. In such scenarios, the first login should be done manually to answer the question, thus allowing AvailabilityGuard to connect automatically in subsequent login attempts.
- A specific command is timing out. for example, the command df may hand when there's a stale NFS file handle error. Refer to the Scan Troubleshooting report for additional information regarding timed out commands.
- Sudo is not configured properly and a password prompt is presented for some of the read-only commands requiring sudo. Run the command manually to verify and ensure that sudoers is accurately configured with the required commands.
Possible reasons -
- Firewall does not enable SSH access from AvailabilityGuard to the target host.
- Non-default port is used for SSH. To resolve, change the port in the AvailabilityGuard policy by adding a new protocol to the Use Protocol drop-down list.
Partial scan status
Possible reasons -
- Required Utilities are missing. AvailabilityGuard may require certain utilities to be available on the target hosts depending on the Operating System and on storage systems access. Refer to the Scan Requirements section for additional detail. For example, the free EMC tool inq may be required on hosts accessing EMC VMAX storage systems.
- A specific command is failing. Refer to the Scan Troubleshooting report for additional information regarding failed commands and error messages.