Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Troubleshooting Replication in Split Configuration Environment

03/26/2020 18 People found this article helpful 193,419 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Troubleshooting Replication in Split Configuration Environment

    Resolution

    In situations where there are issues with updated settings being replicated in split mode configuration environments, the user may receive alerts such as usermap is stale from a Remote Analyzer (RA). This document will help with troubleshooting steps to prioritize between basic connection issues and how to reference them through logs as well as commandline instructions. Periodically, a user may receive a usermap is stale alert from the Remote Analyzer or one of the Remote Analyzers may be rejecting or deleting legitimate messages due to DHA.

    Troubleshooting Questions:  

    1)       Make sure all servers of the split configuration environment are running the same version.

    2)       Is the server using IP address to connect or hostname?

    3)       Is the IP address being displayed correctly in server.xml and hostlist.xml?

    4)       Can the Control Center telnet to the Remote Analyzer on the configured port, for example port 80?

    5)       Can the Remote Analyzer telnet to the Control Center on port 2599?

    6)       Are the servers on the subnet?

    7)       Is there a firewall between Control Center and Remote Analyzer?

    8)       Are NIC’s set to auto negotiate? What kind of NIC, switch?

     

    Logs to Look At:

     

    rpl.log                          Logging level has no affect on the contents of this log. This file lists all files that have been sent and received at the Control Center

                                          and the Remote Analyzer.

      

    mlftunnel.log               This log will help to troubleshoot at the data level as it confirms data flow from Control Center To Remote Analyzer. Set to log level 2

                                            in order to capture additional data in this log. This log will help show if the request is being made from CC to RA or and if the request

                                            is being accepted or denied.

     

    mlfreplicator.log         In log level 2, this log helps to troubleshoot at the application level. It will show information on the max gsn.idx as well as which files

                                            are being replicated to which Remote Analyzer.

     

    Quick TIP:

    To verify that the copy of any config file on the RA is the same copy of the latest updated config file sitting on the Control Center, you can run the following commandline instructions to verify the indexed number. If replication has taken place properly, you should be able to run these commandline instructions and the numerical output should be the same from both servers.

     

    Windows:

    mlfreplicator –d gsn.idx | find “usermap.xml”

     

    Appliance:

    ./MlfReplicator –d gsn.idx | grep  “usermap.xml”

     

    Look at the rpl.log for the relevant day on the Remote Analyzer to confirm that the RA  had received the updated config file form the Control Center.
     

    Other than telnetting from CC to RA over port 80 and telnetting from RA to CC on port  2599 to test connectivity, you can run the following as well to check if mlftunnel is running correctly and able to connect properly.

    Mlftunnel –l –p 80 –d remoteanalyzer

     

    Most Common Scenarios:

    1)    Something on the network has changed (ie: firewall or different subnet)

    2)    Sometimes the gsn.idx on the RA has become corrupt and needed to be rebuilt.

     

    NOTE: It is not recommended to have the gsn.idx on the Control Center be rebuilt. Especially in a large deployment with many users.

    mdcxxx.log                 This log helps to identify if the system is able to download the needed data from the datacenter. There have been cases whereby if for example Thumbprint downloads are failing, other processes may be stalled.

    Related Articles

    • Network Security Essentials eLearning Training Course
    • How do I check if syslogs are getting forwarded by an Email Security Appliance?
    • How to add inbound path in Hosted Email Security

    Categories

    • Email Security > Email Security Appliance
    • Email Security > Email Security Software
    • Email Security > Hosted Email Security

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top