Agile Controller-Campus running V100R001C00SPC316 is used and three servers are deployed on the enterprise's network. The service manager and server controller are installed on the witness server and the service controller is installed on the master server and mirror server. The Portal authentication is used. Users can only access the enterprise's intranet and extranet after passing the admission authentication on the AnyOffice client or authentication web page. However, after a period of time, all users fail the admission authentication.
1. Users fail the login authentication on the AnyOffice client.
2. Log in to the Agile Controller-Campus management page. Choose System > Server Configuration > SC Server Configuration. It is found that the authentication server, Portal server, RADIUS server, and Network server are all disconnected. On the status monitoring page, it is found that Service Manager fails to communicate with the authentication server and RAIDUS server.
1. Ping the three Agile Controller-Campus servers from the intranet of the customer's enterprise to check whether the network is normal. If the ping operation succeeds, the fault is not caused by the network.
2. Check with the customer whether the admission authentication was successful and no operations are performed on Agile Controller-Campus. If so, the fault is not caused by misoperations.
3. Restart a witness server and a master server. After the restart, users can pass the admission authentication and the network is restored. Log in to the Agile Controller-Campus management page and choose System > Server Configuration > SC Server Configuration. It is found that the mirror server of the authentication server, Portal server, and RADIUS server are still displayed as disconnected. Restart the servers, and the status of the servers are displayed as connected. In this case, the fault may be caused by uncertain issues such as bugs after the software or OS runs for a long time.
4. It is confirmed that the mirror server has been running for more than 497 days. Microsoft confirms that TCP/IP network resource ports will not be automatically released after the Windows Server 2008 R2 runs for more than 497 days. In this case, you need to install OS patches to prevent the fault from happening again.
5. Install OS patches on the three servers and restart the servers. After the restart, log in to the Agile Controller-Campus management page and check that the three servers are properly connected and user login is normal. If so, the fault is rectified.
After the Windows Server 2008 R2 runs for more than 497 days, TCP/IP network resource ports will not be automatically released. As a result, no network resource is available for servers, the components requiring network resources cannot work properly, and then users fail the admission authentication.
1. If no Windows OS patch is obtained, you are advised to restart the servers to quickly restore services.
2. To prevent the fault from happening again, you are advised to obtain the patches of the Windows OS, install the patches, and restart servers.
For hardware products (routers, switches, and firewalls) or software products (Agile Controller-Campus and Agile Controller-DCN), pay attention to the official notices released by Huawei and update the software versions of the devices to the recommended versions or install the latest patches to ensure that the devices can run stably.