Introduction
This document describes why the backup process from a source Cisco Security Management Appliance (SMA) to a target SMA fails with the error "Server denied roaming - [Errno 32] Broken pipe."
Background Information
Ensure that these restrictions and requirements for backups are fulfilled:
- Same AsyncOS version
- Target SMA on the network
- Communication between appliances with Secure Shell (SSH)
- The capacity of the target appliance is the same or greater
- Only one backup process runs at a time
Problem
When you back up data from one SMA to another SMA, the backup fails. See the error messages appear in the backup log here:
Wed Jun 11 15:40:07 2014 Warning: BACKUP: Errors: ssync errors during backup to
10.7.72.15, Reason: Server denied roaming - Write failed: Broken pipe - - errors:
"[Errno 32] Broken pipe" - Wed Jun 11 15:40:40 2014 Warning: BACKUP:
Errors: ssync errors during backup to
10.7.72.15, Reason: Server denied roaming - Write failed: Broken pipe - errors:
"[Errno 32] Broken pipe"
Wed Jun 11 15:40:40 2014 Warning: BACKUP: Failed: phase One for the service: isq
Wed Jun 11 15:40:57 2014 Critical: BACKUP: FAILED: Backup job(migrace) for
mgmt2.iol.cz scheduled to start at 11 June 2014, 15:34 to 10.7.72.15 failed with errors
- tracking:Server denied roaming - Write failed: Broken pipe - - errors:
"[Errno 32] Broken pipe"
isq:Server denied roaming - Write failed: Broken pipe - - errors: "[Errno 32]
Broken pipe" - isq:Server denied roaming - Write failed: Broken pipe - errors:
"[Errno 32] Broken pipe".
Solution
The error [Errno 32] Broken pipe error typically occurs when the system attempts to continue and use a connection that has already closed. Check for any potential layer two problems and look at the results from etherconfig > media and netstat -ni on both SMAs using the CLI.
source_SMA> etherconfig
Ethernet interfaces:
1. Data 1 (100baseTX full-duplex: ) 00:1e:c9:51:9a:20
2. Data 2 (Autoselect: ) 00:1e:c9:51:9a:22
3. Management (100baseTX full-duplex: ) 00:10:18:34:d4:bf
source_SMA> netstat -ni
Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll
Data 2 1500 < Link#1 > 00:1e:c9:51:9a:22 0 0 0 0 0 0
Mana~t 1500 < Link#2 > 00:10:18:34:d4:bf 11081531 0 0 11779530 0 0
Mana~t 1500 10.7.72.0 10.7.72.18 1746167 - - 1870789 - -
Data 1 1500 < Link#3 > 00:1e:c9:51:9a:20 24323550 0 0 23750730 0 0
Data 1 1500 192.168.30.0 192.168.30.252 6139415 - - 6089676 - -
target_SMA> etherconfig
Ethernet interfaces:
1. Data 1 (100baseTX full-duplex: ) d4:ae:52:87:f4:44
2. Data 2 (Autoselect: ) d4:ae:52:87:f4:46
3. Data 3 (Autoselect: ) d4:ae:52:87:f4:48
4. Management (100baseTX full-duplex: ) d4:ae:52:87:f4:42
target_SMA> netstat -ni
Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll
Mana~t 1500 < Link#1 > d4:ae:52:87:f4:42 122700 62 0 12289 0 0
Mana~t 1500 10.7.72.0 10.7.72.15 38051 - - 1033 - -
Data 1 1500 < Link#2 > d4:ae:52:87:f4:44 154093 1235 0 54906 0 0
Data 1 1500 192.168.30.0 192.168.30.245 45116 - - 50445 - -
Data 2 1500 < Link#3 > d4:ae:52:87:f4:46 0 0 0 0 0 0
Data 3 1500 < Link#4 > d4:ae:52:87:f4:48 0 0 0 0 0 0
The appliance that receives (target_SMA) shows input errors on both the Management and Data 1 ethernet interfaces. If you check that the switch that the target_SMA is connected to, you see that the problem is an incompatibility between SMA and the Cisco switch. Despite automatic detection of interface speed and duplex, both devices are unable to choose the same settings. The SMA detects 100baseTX full-duplex, but on the switch, there is only the 100baseTX half-duplex and it must be configured to 100baseTX full-duplex.
Feedback