cancel
Showing results for 
Search instead for 
Did you mean: 
jxbianc
Level 7

Host IPS 8.0 Property Translator failed with exception

Hi I'm trying to get the HIPS firewall up and running and I have recently run into this problem. I added a new group of machines to my test group, and all of a sudden I stopped getting any info from HIPS in EPO at all. No client rules, no client info or version, nothing. I've got a call in to support but after 2 weeks the best they can tell me is that patch 1 will fix it. I think I've narrowed down the problem at this point to a bad signer record being read, as I get this message in my orion.log every time the Property translator tries to run:

Host IPS 8.0 Property Translator] failed with exception

java.util.concurrent.ExecutionException: com.mcafee.orion.core.cmd.CommandException: signerName cannot be parsed as a Distinguised Name

Caused by: java.lang.IllegalArgumentException: improperly specified input name: CN=Stardock Corporation, O=Stardock Corporation, STREET=15090 N Beck Road Ste 300, L=Plymouth, S=MI, PostalCode=48170, C=US

at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:150)

at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:102)

at com.mcafee.hips.catalog.model.ValidationUtil.normalizeDistinguishedName(ValidationUtil.java:84)

Caused by: java.io.IOException: Invalid keyword "POSTALCODE"

at sun.security.x509.AVAKeyword.getOID(AVA.java:1251)

at sun.security.x509.AVA.<init>(AVA.java:175)

at sun.security.x509.AVA.<init>(AVA.java:128)

at sun.security.x509.RDN.<init>(RDN.java:134)

at sun.security.x509.X500Name.parseDN(X500Name.java:901)

at sun.security.x509.X500Name.<init>(X500Name.java:148)

at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:148)

I've tried the advice in KB71520, which said to remove the bad client rule, which I did by both turning off adaptive mode on the only 2 machines that have the offending software signature and by turning off "retain cleint rules" for the whole group, but I still get the same error.

Does anyone know a fix for this other than "wait for the patch"?

0 Kudos
2 Replies
ecoreas
Level 7

Re: Host IPS 8.0 Property Translator failed with exception

Please take a look at:

Host Intrusion Prevention 8.0 property translator error failing on POSTALCODE

https://kc.mcafee.com/corporate/index?page=content&id=KB71520

0 Kudos
Ken_Howard
Level 7

Re: Host IPS 8.0 Property Translator failed with exception

I previously spoke with Stardock about this issue, POSTALCODE is a non-standard keyword within the certificate signer (based on http://www.ietf.org/rfc/rfc1779.txt)

               Figure 1:  BNF Grammar for Distinguished Name

                      Key     Attribute (X.520 keys)

                      ------------------------------

                      CN      CommonName

                      L       LocalityName

                      ST      StateOrProvinceName

                      O       OrganizationName

                      OU      OrganizationalUnitName

                      C       CountryName

                      STREET  StreetAddress

                     Table 1:  Standardised Keywords

At that time, thier certificates were issued by Comodo and I was under the impression they were going to talk to them about the issue. If they have, then it might be possible to simply install the latest version of which ever Stardock application you are using.

Ken Howard

0 Kudos