Troubleshoot policy installation failure due to connection timeouts
Resolve problems when policy installation fails because the connection between the engine and the Management Server times out.
The engine is up and running, but policy installation fails when the Management Server is contacting the nodes. When node-initiated contact is active, the Management Server might also wait for contact from a node, but the contact never happens.
The connection might time out for the following reasons:
- There is no network-level connectivity.
- The engine or the Management Server uses the wrong IP address.
- The engine and the Management Server reject each others’ certificates.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Check for network problems, such as faulty or loose cables, mismatching speed/duplex settings, IP addresses, and routing.
- Check the Locations and Contact Addresses of the Secure SD-WAN Manager components, which are required if NAT is applied to these system communications.
- In a cluster, all nodes that the Management Server tries to contact must be reachable and operational to install a policy on any of the clustered engines. If you have taken down an engine for maintenance, temporarily disable it to install the policy on the other cluster members.
- If the problem seems to be related to certificates, you can recertify the engine to re-establish contact between the engine and the Secure SD-WAN Manager.
- Check the engine software version (shown in the Info pane when you select the element in the Management Client). See the Release Notes for information regarding version compatibility between the engine and Secure SD-WAN Manager software versions.