|
Troubleshooting Tips
Installation / Un-Installation and Start-Up / Shutdown
- When I uninstall the product
in windows, some folder are not getting deleted.
- Server-startup fails.
- (In Linux) When I start the server
it shows "java.io.FileNotFoundException.. (Permission
Denied)" ?
- When I start the Security Manager Plus Server, I
am getting the following error "Error: write on
output file failed err=28" ?
Web Client
- I am unable to access Security Manager Plus
Server through the Web Client. Why ?
- Why does my Web Client user interface
looks crippled ?
- I am repeatedly seeing the login screen. Why ?
Asset Discovery
- Security Manager Plus is unable to discover
my network assets. Why ?
- OS detection is not happening
correctly. Why ?
- Asset discovery/scan of a Windows system fails with error message "Unable to establish connection". Why ?
- Asset discovery/scan of a Windows system fails with error message "Discovering system [hostname] failed. Remarks : Access is denied."
- Asset discovery/scan of a Windows system fails with error message "Unable to locate SAMBA service". Security Manager Plus server is installed in a Linux machine.
Scan
- Scan does not work, scan result shows
0 vulnerabilities
- Vulnerability results for
scans performed for windows machines shows "No records
found" for Missing Patches.
- Sometimes the scan is taking
a lot of time to complete and at times it does not complete
at all. Why ?
- Security Manager Plus agent is running on a Windows XP SP2 machine but scan of this machine fails with 'Connection timed out' error. Why ?
- When scanning a system, scan fails with error: "Unable to create service in the remote machine." Why ?
Patch Deployment
- When deploying patches, patch deployment fails with the error : "Failed to execute the patch. The file may either be corrupted or may not be an exe file." or "Failed to push the patch to the remote m/c. Check if the file really exists in the server store."
- When deploying MS Office patches, patch deployment fails with error : "Failed to create/run service in remote system"
Others
- Got the following error while updating
the vulnerability database : " Error occurred while
updating the Database - Error Message : Could not contact
the Central Server "
Installation / Un-Installation and Server Startup / Shutdown
| Reason |
| This usually happens when you try to uninstall the
product immediately after you have shutdown the Security Manager Plus Server. |
| Solution |
| Ensure that you uninstall the product only after the Security Manager Plus MySQL Server instance (mysqld-nt.exe process in Windows Task Manager) has been terminated completely after the server shutdown. |
|
| » Top |
| Reason |
| During the previous run of the Security Manager Plus Server if you had terminated the server abruptly or there was an unclean shutdown then some of the server processes would not have been terminated and the MySQL server instance would continue to run in the system. |
| Solution |
| Forcefully terminate the MySQL Server instance (mysqld-nt.exe in Windows, mysqld in Linux). |
|
| Reason |
| Is a Personal Firewall running in the system in which Security Manager Plus Server is installed ? Security Manager Plus Server will open available ports during Server Startup and if the firewall does not allow opening of ports, then Server startup will fail. |
| Solution |
| Disable the Personal Firewall. |
|
| Reason |
| Any other |
| Solution |
In Windows, use the 'Show Startup Logs' option from the Security Manager Plus System Tray Icon, to view the startup logs and see if you can find the cause for the failure.
Also zip the logs directory from <Security Manager Plus_Home> and send it to support@securitymanagerplus.com so that we can analyze and get back to you. |
|
| » Top |
| Reason |
| The Security Manager Plus Server might have been initially started in super user mode, then subsequently restarted in the normal user mode. |
| Solution |
Run the server only in the normal user mode. Give ownership to all the files under <Security Manager Plus_Home> installation directory, as shown below :
chown -R <username> <groupname> |
|
| » Top |
| Reason |
| This error occurs if there is not enough Hard Disk space. |
| Solution |
| Security Manager Plus Server installation and start-up requires a minimum of 200 MB Hard Disk space. |
|
| » Top |
Web Client
| Reason |
| Security Manager Plus Server not started |
| Solution |
| Start the Security Manager Plus server from the Task Tray Icon or Start Menu --> Programs --> AdventNet SecureCentral Security Manager Plus --> Start Security Manager Plus Service (Windows) or by executing Security Manager Plus.sh start from 'bin' directory (Linux) |
|
| Reason |
| Wrong URL |
| Solution |
Make sure that the correct URL is used to connect to the server, namely, http://<Security Manager PlusServerHost>:port_number/ (e.g. http://localhost:6262/ ).
The default web server port is 6262, provided this default port had not been changed during server startup.
Note : Security Manager Plus Server and Web Client also can communicate through https via port 6767 (default). |
|
| Reason |
| You did not accept the Security Certificate while connecting to the server |
| Solution |
| You must accept the security certificate that is presented to you while connecting to the Security Manager Plus Server. This is perfectly safe and necessary for the Web Client to access the Security Manager Plus Server. |
|
| Reason |
| The trial period of the Security Manager Plus Server would have expired. |
| Solution |
| Restart the Security Manager Plus Server to move to Free Edition or contact sales@adventnet.com for obtaining the Annual Subscription Professional License. |
|
| » Top |
| Reason |
| Incompatible Browser |
| Solution |
| Refer to the Security Manager Plus system requirement, and see whether your browser is supported. |
|
| Reason |
| JavaScript not enabled |
| Solution |
| JavaScript has to be enabled in your browser for you to work with Security Manager Plus Web Client. |
|
| » Top |
| Reason |
| Your browser does not accepts cookies. |
| Solution |
| Cookies should be accepted by your browser in order to communicate with the Security Manager Plus Server seamlessly. |
|
| » Top |
Asset Discovery
| Reason |
| Assets not reachable |
| Solution |
| Ensure that the IP address or host names are correct and are reachable through either TCP or ICMP ping. You can configure the ports to be used for TCP ping in the Admin page (Admin » Discovery and Scan). |
|
| » Top |
| Reason |
| Super User privileges is needed for NMap based OS
detection. |
| Solution |
| Ensure that NMap executable is available in PATH and is given Super User privileges. |
|
| » Top |
| Reason |
| The target system is a Windows XP SP2 machine with 'File and Printer Sharing' disabled in the firewall and/or 'simple file sharing' enabled. |
| Solution |
1. Enable or turn-on the "File and Printer Sharing" option in your Windows Firewall (of the target system). This can be done from Control Panel --> Windows Firewall --> Exceptions tab --> Programs and Services --> Check "File and Printer Sharing"
2. Disable simple file sharing (Uncheck the option from Windows Explorer --> Tools --> Folder Options --> View tab --> Use simple file sharing) |
|
| Reason |
| The system is not reachable from the Security Manager Plus server machine |
| Solution |
Make sure that the system is alive and you are able to access it from the Security Manager Plus server machine by using :
(1) Security Manager Plus Server in Windows - the 'net use' command or UNC location (\\machine-name\ADMIN$). Example : net use \\<machine-name>\ADMIN$ /USER:<administrator username>
If you are unable to reach the system in these ways, contact your system administrator
(2) Security Manager Plus Server in Linux - <SAMBA_HOME>/bin/net -S <target machine name> [-W <domain>] -U <username>%<password> and see if the command succeeds. |
|
| Reason |
| The 'NetBIOS over TCP/IP' options are not configured in the system you are trying to add. |
| Solution |
To verify and confirm, go to Control Panel --> Network and Dial-up Connections --> Right-click on Local Area Connection --> Select Properties --> Internet Protocol (TCP/IP) --> Properties button --> Advanced button --> WINS tab.
From here, see if the radio-button is selected for the 'Disable NetBIOS over TCP/IP' option. If yes, please deselect this option and select the 'Enable NetBIOS over TCP/IP' option. Once this is done and the configuration is saved, retry asset discovery/scan from Security Manager Plus's web interface. |
|
| » Top |
| Reason |
| The credential provided (username/password) while adding the system, does not have administrator privileges. |
| Solution |
| Enter the username with administrator privileges or create a new user account with administrator privileges and use the same. |
|
| » Top |
| Reason |
| Samba package is not installed in the Security Manager Plus server machine. |
| Solution |
| Download Samba package (samba-tng) from http://download.samba-tng.org/tng/ and install it. Point SAMBA_HOME to the Samba installation directory. |
|
| » Top |
Scan
| Reason |
| Vulnerability Database is not up to date |
| Solution |
| Update your Security Manager Plus Server vulnerability database with the latest vulnerability signatures from the Central Repository Server hosted in AdventNet site, by clicking the "Update Vulnerability Database Now" button (Admin » Vulnerability Updates). |
|
| Reason |
| Scan times out |
| Solution |
| Set proper timeout values for Security Manager Plus to discover and scan your assets, based on your network configuration and load. You can Set Timeouts in the Discovery and Scan view of the Admin page (Admin » Discovery and Scan). |
|
| » Top |
| Reason |
| Windows administrator credentials not supplied before performing the scan. |
| Solution |
| Credentials are needed for detecting windows registry misconfiguration and for detecting missing patches. Provide the credential details in the Manage Credentials view of the Admin page (Admin » Manage Credentials). |
|
| Reason |
| Samba-TNG software is not installed |
| Solution |
| If you intend to run the Security Manager Plus Server in Linux OS, ensure that Samba-TNG software (version 0.4 and above) is installed. This software facilitates communication between the Linux server and target Windows machines. Useful while identifying missing patches in target Windows machine. You can download the software from : http://download.samba-tng.org/tng . |
|
| » Top |
| Reason |
| Scan Timeout |
| Solution |
| This happens if the Scan Timeout has been set with high values. For default values refer Discovery and Scan - Timeouts (Admin » Discovery and Scan). |
|
| Reason |
| All Ports option is selected
for TCP Ports to Scan (Admin » Discovery
and Scan). |
|
| Reason |
| Scanning a large number of IPs / hosts in
a single scan |
| Solution |
| Limit the number of IPs / hosts that is scanned per scan. |
|
| Reason |
| Performing Exhaustive brute-force level
(Admin » Discovery and Scan)
checks while scanning |
|
| » Top |
| Reason |
| The Windows firewall is turned on is this machine and it blocks the agent port (default 9005) to be accessed by the server |
| Solution |
| Go to Control Panel --> Windows Firewall --> Exceptions tab and add a TCP port exception (Add Port) for the agent's default port 9005. Retry scanning. |
|
| » Top |
| Reason |
| Remote Registry Service may not be running in the target system |
| Solution |
| Go to Control Panel --> Administrative Tools --> Services on the target system, locate the Remote Registry Service and ensure that it is running. |
|
| » Top |
Patch Deployment
| Reason |
| You are using a NAT router/firewall and the external IP address of this device is being set as IP address of the Security Manager Plus Server machine and sent to the target machine. Because of this, the patch is unable to be downloaded into the target system for installation. Ideally, the internal IP address of the server should be received by the target machine. |
| Solution |
| Check if you are able to reach the Security Manager Plus Server machine using the same external IP address from the URL : http://<IP Address:port number>/store/patchname (URL will be present in the error message), from the target machine. If this fails (as the external IP address will not be accessible from the target machine), do appropriate network configurations for the internal IP address (of the server machine) to be returned, and retry the deployment. |
|
| Reason |
| The system on which the Security Manager Plus Server is installed has more than one NIC (Network Interface Card), each with a different IP Address - one for special use and the other for the local LAN. The Security Manager Plus Server has picked up the IP address other than the one that is used in the local LAN. |
| Solution |
| Ensure that the target system (Agent/Agentless) can connect to the Security Manager Plus Server using the local LAN IP of Server, after disabling the NIC used for special purpose. Also, check the size of the particular patch file in the /store directory. |
|
| » Top |
| Reason |
| Login Account Information is required in Security Manager Plus's windows service. |
| Solution |
Go to Control Panel -->Administrative Tools --> Services applet. Select 'ManageEngine Security Manager Plus' service. Right-click to view 'Properties'. From Properties window, visit the 'LogOn' tab. Check if 'This account' radio button is selected and the credentials of a 'domain user' have been provided (this is important!).
If not (i.e. if the 'Local System account' radio button is selected), swap the radio button to set 'This account' and provide a domain user credentials. After this restart the Security Manager Plus service.
Now rescan the target machines and perform patch deployment. |
| Reason |
| Credentials format incorrect for target system |
| Solution |
Ensure that the credentials (username/password combination) supplied for the target system is in the format: <domain name>\<username> or .\<user name>. The username should have administrator privileges.
|
|
| » Top |
| Reason |
| Proxy setting not specified correctly in the Linux patch management scripts |
| Solution |
|
|
| Reason |
| Credentials format incorrect for target system |
| Solution |
Ensure that the credentials (username/password combination) supplied for the target system is in the format: <domain name>\<username> or .\<user name>. The username should have administrator privileges. |
|
| » Top |
Others
| Reason |
| Security Manager Plus Server machine has no access to the Internet |
| Solution |
| The Security Manager Plus Server machine must have access to the Internet for it to download the latest vulnerability signatures from the Central Repository Server hosted in the AdventNet site. |
|
| Reason |
| Proxy Settings not configured |
| Solution |
| If you access the Internet through a Proxy Server, then you need to configure the proxy server details in Proxy Settings view of the Security Manager Plus Admin page ( Admin » Proxy Settings) . Ensure that all the required proxy server parameters are provided correctly. |
|
| » Top |
|
|
|
