Known Issues

Report Number	Description
SD-11964	Spurious email warning when restoring a Services Director backup. Under certain circumstances, when restoring a backup of the Services Director the admin can receive an email warning of 'Crash of process x86_64'. This does not represent a problem and can be safely ignored.
SD-12558	Upgrading a HA pair of Services Directors may require the use of the ssc database validation-err ignore command on the Secondary node. When performing an upgrade of a Services Director HA pair, the user may be presented with an error message "Cannot validate service configuration or database. Please check log for details. Use the command 'ssc database validation-err ignore’ to override validation result and redo image install/upgrade." If appearing on the second node to be upgraded, the warning can safely be disregarded and the ssc database validation-err ignore command used to allow the upgrade to progress. If appearing on the first node to be upgraded, it may indicate a problem with Services Director's inventory; users should consult Pulse Secure Support in this case.
SD-12652	Upgrading a HA pair directly from versions earlier than 17.1 to version 18.1 or later can fail to update internal passwords. Customers following affected upgrade paths should run the CLI command ssc high-avail refresh-state after the upgrade on the Primary node, and (once that is complete) also on the Secondary node. Note that standalone Primary nodes are unaffected by this issue.
SD-13085	Creating HA primary node after 'ssc high-avail reset' leaves Services Director service stopped. Restarting the Services Director service through "System->Service Status" or the CLI command "pm process ssc restart" will restore the services.
SD-13108	Disabling NTP and setting time manually causes Services Director service to terminate. To workaround this issue, reboot the Services Director VA after changing the time.
SD-13881	The following validation error can erroneously be seen when upgrading a Secondary Services Director from version 2.4r1: "% Cannot validate service configuration or database. Please check log for details. Use command 'ssc database validation-err ignore' to override validation result and redo image install/upgrade." It is safe to follow the indicated instructions to override the validation.
SD-13913	Executing the ssc high-avail force-failover CLI command on AWS can result in the following error: "% Failed to fetch operation status: Service endpoint IP address <IP> not raised on interface primary". Force failover can be successfully executed via the Services > Manage HA page of the GUI when logged in to your secondary Services Director."
SD-14000	Setting the SSL cipher list to contain only unsupported ciphers disables parts of the CLI and breaks Instances page. To workaround this issue, manually modify the file /opt/riverbed-ssc/conf/ssc_config.ini to use the following default ciphers: ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS:DH+AES256 Then, restart Services Director using the command: pm process ssc restart.
SD-14071	Services Director comms channel links to individual vTM instances can in rare circumstances become blocked. This is recognisable by repeated occurrences of "Error: Second connection attempt from <uid>" in the Services Director Log and a corresponding monitoring failure. The workaround for this problem is to restart the Services Director API (System > Service Status > Restart on the VA, see the Services Director Advanced User Guide for Ubuntu and CentOS).

SD-11964

Spurious email warning when restoring a Services Director backup. Under certain circumstances, when restoring a backup of the Services Director the admin can receive an email warning of 'Crash of process x86_64'. This does not represent a problem and can be safely ignored.

SD-12558

Upgrading a HA pair of Services Directors may require the use of the
ssc database validation-err ignore command on the Secondary node. When performing an upgrade of a Services Director HA pair, the user may be presented with an error message "Cannot validate service configuration or database. Please check log for details. Use the command 'ssc database validation-err ignore’ to override validation result and redo image install/upgrade." If appearing on the second node to be upgraded, the warning can safely be disregarded and the ssc database validation-err ignore command used to allow the upgrade to progress. If appearing on the first node to be upgraded, it may indicate a problem with Services Director's inventory; users should consult Pulse Secure Support in this case.

SD-12652

Upgrading a HA pair directly from versions earlier than 17.1 to version 18.1 or later can fail to update internal passwords. Customers following affected upgrade paths should run the CLI command ssc high-avail refresh-state after the upgrade on the Primary node, and (once that is complete) also on the Secondary node. Note that standalone Primary nodes are unaffected by this issue.

SD-13085

Creating HA primary node after 'ssc high-avail reset' leaves Services Director service stopped. Restarting the Services Director service through "System->Service Status" or the CLI command "pm process ssc restart" will restore the services.

SD-13108

Disabling NTP and setting time manually causes Services Director service to terminate. To workaround this issue, reboot the Services Director VA after changing the time.

SD-13881

The following validation error can erroneously be seen when upgrading a Secondary Services Director from version 2.4r1: "% Cannot validate service configuration or database. Please check log for details. Use command 'ssc database validation-err ignore' to override validation result and redo image install/upgrade." It is safe to follow the indicated instructions to override the validation.

SD-13913

Executing the ssc high-avail force-failover CLI command on AWS can result in the following error: "% Failed to fetch operation status: Service endpoint IP address <IP> not raised on interface primary". Force failover can be successfully executed via the Services > Manage HA page of the GUI when logged in to your secondary Services Director."

SD-14000

Setting the SSL cipher list to contain only unsupported ciphers disables parts of the CLI and breaks Instances page. To workaround this issue, manually modify the file /opt/riverbed-ssc/conf/ssc_config.ini to use the following default ciphers:

ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS:DH+AES256

Then, restart Services Director using the command: pm process ssc restart.

SD-14071

Services Director comms channel links to individual vTM instances can in rare circumstances become blocked. This is recognisable by repeated occurrences of "Error: Second connection attempt from <uid>" in the Services Director Log and a corresponding monitoring failure. The workaround for this problem is to restart the Services Director API (System > Service Status > Restart on the VA, see the Services Director Advanced User Guide for Ubuntu and CentOS).