Somewhere I’ve read a thread about randomly not connected ICG devices after upgrade to > 11.08.330, but couldn’t find it anymore.
I’ve faced same issue since upgrading some devices from 11.08.290 to 11.08.330, .360 and now the latest one 361.
Is there an known issue ?
Are you using UMS12/ICG12?
kb.igel.com/igelicg-12.01/en/known-issues-configuration-of-unlimited-session-timeout-for-icg-12-01-100-88016384.html kb.igel.com/igelicg-12.01/en/known-issues-configuration-of-unlimited-session-timeout-for-icg-12-01-100-88016384.html
It is UMS12 but ICG 2.05.110:
A few ideas
please check if you can access: yourICG:8443/usg/server-status yourICG:8443/usg/server-status from this devices when it happens
checking Time between UMS, ICG and IGEL OS would be great. And if not done, specify a NTP Server on all three components
On logs side: UMS Server: IGELRemoteManagerrmguiserverlogs, Catalina
ICG: /opt/IGEL/icg/usg/logs/ may also help.
Is there a AV/Firewall between UMS and ICG? I would disable them temporarily
Thank you!! 👍
@member Thank you, I will check this as fast as possbile.
Stange – now I wanted to test the situation, and my device is connected to the ICG 😞 I will check this tomorrow when I’m back in my homeoffice – seems to be a very randomly issue 🙂
I can reproduce the issue after 5 times of reboot, 3 times the device is not connected. I’ve at least 4 devices with .360 and same issue here. Another issue apeears when ICG is not connected: the client needs about 3 minutes to reboot/shutdown. When ICG is connected, reboot and shutdown needs just 5 secondes.
a) NTP is set
b) ICG Log showes am entry like this:
[2023-06-22 07:18:31.859] ERROR de.igel.apps.usg.handler.PingPongSubProtocolWebSocketHandler.handleTransportError – java.io.EOFException
c) catalina log seems to be not written since upgrade to UMS 12:
Ok, I will open a ticket. But seems to be only related to devices with >= OS 11.08.330.
@member Regarding the extended shutdown time. I occasionally see this behaviour, but haven’t had a chance to really understand the problem. 11.08.236 ICG connected device. A shutdown will occasionally take 2 minutes or so, most of that time sitting at a black screen – visibly I can tell because the power led has not yet turned off. It’s a bit confusing because there are no visible indicators on the screen, just black as if it were completely off. Finally the led just goes off, and then I know it has completed shutdown. UMS 6.10.150 / ICG 2.05.110.
@member Yes thats the correct issue. Black screen until LED on the device goes off (2 -3 minutes).
But only if device wasn’t connected to the ICG. When its connected, shutdown runs in seconds.
I can only check this when I’m at homeoffice. So is there any logfile on the client where I can take a look for the ICG issue ?
On the server (UMS and ICG) I can’t see any connection errors in the timespan were my client was bootet and not connected to the ICG.
Because of the client is not connected I won’t see anything on server side I think. Also getting supportlogs via UMS from the device is not possible because it is not connected.
After 4 reboots the client is connected and I can get the the logs via UMS, but now there is no issue anymore 😞
journalctl mostly…
THX Sebastien, found some issues with journalctl, that I would like to analyze with our network team before opening a ticket. Seems that the ICG address sometimes connects to the external address and sometimes to the internal of the ICG.
Could someone help me to understand where ICG configurations are stored on the clients filesystem ? In UMS I can’t find any configuration issue so I think it’s something on the client itfelf. thx.
The files are: setup.ini and group.ini in /wfs
For IGEL Cloud Gateway Config: .icg.cfg
Checked out the differences between client that is connected to the ICG and the client which is not connected. But both do have the same .icg.cfg and group.ini entries for ICG setup. Very strange.
In journalctl the not connected client tries to connect to the internal address of the ICG server – on the client which is connected the external address is used. In both ways (connected/not connected) the .icg.cfg has the correct external address.
This realy only happens on clients with OS >= 11.08.330. With .290 anything works fine.
I would open an case @member but the problem is, that I only can reproduce it when I’m in homeoffice.
Additionaly – in UMS there is only the internal ICG server address configured. But Host (external) is empty. But I can’t edit the settings in the UMS to add the external host:
Ok, this is tough… Let me check if I see something on my end.
journalctl:
Not connected device:
“Jun 22 21:08:30 CLIENT igelrm_agent[10678]: WARNING: gethostip(localhost_address) failed: Name or service not known. Use localhost_address as fallback.
Jun 22 21:08:30 CLIENT igelrm_agent[10678]: Executing local command: icg_connect (server=localhost_address)
Jun 22 21:08:30 CLIENT igelrm_agent[10678]: ICG is enabled
Jun 22 21:08:30 CLIENT igelrm_agent[10678]: Connect to ICG server: localhost_address:8443 …
Jun 22 21:08:30 CLIENT igelrm_agent[10678]: lws_protocol_init_vhost: protocol ICG failed init”
Connected device:
“Jun 22 21:23:54 CLIENT igelrm_agent[10628]: Executing local command: icg_connect (server=EXTERNAL_IP)
Jun 22 21:23:54 CLIENT igelrm_agent[10628]: ICG is enabled
Jun 22 21:23:54 CLIENT igelrm_agent[10628]: Connect to ICG server: EXTERNAL_IP:8443 …
Jun 22 21:23:54 CLIENT igelrm_agent[10628]: Received HTTP cookie: JSESSIONID=X4E0A19E58B120X73B9BD39FDA3BE5XX
Jun 22 21:23:54 CLIENT igelrm_agent[10628]: ICG Websocket is connected.
Jun 22 21:23:54 CLIENT igelrm_agent[10628]: ICG connection is established.
Jun 22 21:23:54 CLIENT igelrm_agent[10628]: ICG postconnect: Initiate …
local_address = FQDN of the local ICG server address
Sometimes 3 reboots and device is connected and the next 4 times the client is not connected. Rolling back to 11.08.290 with same policies no unconnected device after 10 times of reboots.
Continue reading and comment on the thread ‘Randomly not connected ICG devices after upgrade’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!