Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Security Director] How to troubleshoot generic issues with Publish Policy

0

0

Article ID: KB35045 KB Last Updated: 28 Oct 2019Version: 1.0
Summary:

Publish policy job in Security Director ensures compiling of Policy and rules in Junos space for the particular device. Under some conditions, the job may hang or fail.

This article provides workarounds that may resolve the update behavior.

Symptoms:

Some generic errors which are seen during Publish Job failure:

  • Another preview, publish or update job is in progress
  • Calculating rules to publish
  • Error while converting rule
  • Failed to remove previous associated metadata
Solution:

Check the following:

  • Go to SD > Monitor > Job Management > Check for the Publish jobs (specific to the device) which are stuck in Pending/In-Progress State at 0% for more than an hour. ​

  • Run a re-synchronize with Network job for the device. Go to SD > Devices > Security Devices > Select the device with the issue > Run Re-synchronize with Network (from top right corner)

  • Device re-assign for the policy:

    • Go to SD > Configure > Select the policy (FW,NAT or IPS) with issue > Right Click on the Policy > Un-assign Device > Click Yes to continue and confirm.

    • Validate the "Unpublish" job in the Job Management. Go to SD > Monitor > Job Management >

      The logs in the backend looks like:

less /var/log/jboss/servers/server1/SD.log | grep -i <Device Name>
Example : less /var/log/jboss/servers/server1/SD.log | grep -i  jtac-srx5400-r2004
2019-10-08 08:56:26,800 WARN  [net.juniper.jnap.sm.om.ejb.lock.ObjectLockManagerBean] (ajp-space-005056bd0e10/10.219.59.26:8009-6) 
locking object Object ID: 3047425, Service Name: jtac-srx5400-r2004,Service Type: POLICY, User: super, Browser ID: 52619e0e-d6d2-4f8a-97b3-8fddff318625,
expiry time: 1570506116797, hasExpired: false
2019-10-08 08:56:36,446 WARN[net.juniper.jnap.sm.provisioning.jobManager.SDProvisioningJobManagerBean] (JobThread4751401) [Publish Sub Job :4751401]
[Device: jtac-srx5400-r2004] Starting conversion
2019-10-08 08:56:37,279 WARN  [net.juniper.jnap.sm.provisioning.jobManager.SDProvisioningJobManagerBean] (JobThread4751401) [Publish Sub Job :4751401]
[Device: jtac-srx5400-r2004] Conversion done
2019-10-08 08:56:37,310 WARN  [net.juniper.jnap.sm.provisioning.jobManager.SDProvisioningJobManagerBean] (JobThread4751401) [Publish Sub Job :4751401]
[Device: jtac-srx5400-r2004] Starting persit for 
net.juniper.jmp.jpa.LogicalDevice:524289
2019-10-08 08:56:37,591 WARN  [net.juniper.jnap.sm.provisioning.jobManager.SDProvisioningJobManagerBean] (JobThread4751401) [Publish Sub Job :4751401]
[Device: jtac-srx5400-r2004] Publish to device is successfull.
2019-10-08 08:56:37,725 WARN  [net.juniper.jnap.sm.om.ejb.ServiceRegistryBean](JobThread4751401)Clear the time stamp for publish success case services:
[3047425],devices:[2949120], lastModifiedTime []
  • Once validated, go to SD > Configure > Select the policy (FW,NAT or IPS) > Right Click on the PolicyAssign Device > Select the Device (specific to the policy) from the drop-down > Click Ok to Confirm.

Check if the Publish issue is fixed. If not, try the device deletion process next.

  • Device Deletion Process:

    • Ensure the device doesn't have VPNs created from Space.

    • Un-assign the device from the policy (steps shared as above)

    • Delete the device and then Re-discover the Device in SD. Ensure that the option "Import policies automatically after device(s) being discovered successfully" is NOT checked.

    • Assign the device to the old policy (steps shared as above) and re-check for the Publish Job.

If these do not resolve the issue, contact your JTAC representative.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search