Just throwing a question out here, has anyone observed the following after the 6.8.2 upgrade:
Symptoms: When multiple scans are launched (2 to 3), targeting 80-120 live hosts for a full vulnerability scan, the scans end into an "Error" state, after staying at the 'Finalizing Results' status.
Logs: Entries seen in the Foundscan Logs have a consistent presence of:
U16_C218_J2859_JN95 | 4 | FSScanCtrl | 0x04D8 | Updating threat index
CFSDatabase::Job_UpdateThreatIndex | 1 | | 0x04D8 | Data Service Exception ERROR (0x80040e31; IDispatch error #3121) : Timeout expired
U16_C218_J2859_JN95 | 1 | FSScanCtrl | 0x04D8 | Data Service Exception ERROR (0x80040e31; IDispatch error #3121) : Timeout expired
U16_C218_J2859_JN95 | 1 | FSScanCtrl | 0x04D8 | Retrying DB operation in 2296 ms with increased timeout value of 1800 seconds (30 minutes).
U16_C218_J2859_JN95 | 1 | FSScanCtrl | 0x04D8 | Retrying pending DB operation.
Observing the stored procedures in the database listing the dependencies to the UpdateThreatIndex process, we can see that the script was modified or received an update.
These symptoms were not observed pre 6.8.2.
Running one scan alone will give you success in completing the scan, however the logs still show this error.
Has anyone observed this?
I had service request recently with what looks like the same issue. The odd part is that that UpdateThreatIndex was not modified in the last patch. What version of the product did you upgrade from? I suggest opening up a service request if you haven't yet.
For contact details:
- Go to: http://www.mcafee.com/us/about/contact/index.html
- Non-US customers - select your country from the list of Worldwide Offices.
Log in to the ServicePortal at: https://mysupport.mcafee.com:
- If you are a registered user, type your User Id and Password and click OK.
- If you are not a registered user, click New User and complete the required fields. Your password and login instructions will be emailed to you.
If you have already opened a service request let me know what the number is and I'll look into this.
Thanks for the reply. I will look into this and open a service request.
Would you happen to know what is causing this?
No we do not have a root cause yet but we do have a workaround if you are willing to use it. I'm interested in taking a look at the script that you identified as having changed as that might be the missing piece to the puzzle.