cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I am running MVM 7.5 on VMWare Workstation - Guest is a Windows 2008 R2 with SQL 2008 R2 Express.  I have all the MVM 7.5 components installed on this server.

My issue is the scan engine cannot communicate with any scan controllers.  If I fire up Tcpview.exe and watch I can see the scanengine send syn packets to TCP port 3803, but the scan controller isn't listening on that port for some reason even though it is configured to, as observed in the server.config.xml file.

I've installed this on two different VMs and I get the same error.

Here's part of the logfile:

2012-10-04 14:57:00-05:00 |  | 0 | Discovery | 0x086C | The Discovery service has started.

2012-10-04 14:57:00-05:00 |  | 4 | ScanEngine | 0x0840 | Removing active jobs...

2012-10-04 14:57:01-05:00 |  | 0 | Assessment | 0x08B4 | Service Started

2012-10-04 14:57:01-05:00 |  | 0 | Assessment | 0x08C0 | The Assessment service has started.

2012-10-04 14:57:01-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulatorConfig: ScriptRegulator_MaxMemory% = 80, ScriptRegulator_Hysteresis% = 1, ScriptRegulator_SemaphoreMultiplier = 1, ScriptRegulator_ProcessorQueueLengthLimit = 100

2012-10-04 14:57:01-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulatorConfig: MaxMemoryKB = 3313398, HysteresisKB = 41941, SemaphoreCount = 2

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulator: ScriptResumeLevelKB = 3271457, OutOfResourcesMinuteCountMax = 4

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulator | PrivateUsageKB | PrivateUsage | PrivateUsageDeltaKB | RunningThreads | ParkedThreads | Parked/Total | LoadedScripts | ExecutedScripts | ExecutedScripts/m | Avg.ExecutedScript/m | [Modules] | LoadedGeneral | ExecutedGeneral | ExecutedGeneral/m | LoadedWeb | ExecutedWeb | ExecutedWeb/m | LoadedWham | ExecutedWham | ExecutedWham/m | LoadedWireless | ExecutedWireless | ExecutedWireless/m | LoadedShell | ExecutedShell | ExecutedShell/m | [System] | PagefileUsageKB | PeakPagefileUsageKB | WorkingSetSizeKB | PeakWorkingSetSizeKB | PageFaultCount | GlbTotalPageFile | GlbAvailPageFile | VirtualBytes | VirtualUsage

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManager | [P1] | ActiveThreads | ParkedThreads | ActiveTasks | ParkedTasks | [TM] | ActiveThreads | Avg.Scripts/m | EstimatedTimeInMinutes | ExecutedScripts | ExecutingThreads | WaitingThreads | [Modules] | TotalBatches | TotalTaskGroups | ActiveWorkUnits | InactiveWorkUnits | General-WorkUnits | WebFSL-WorkUnits | WHAM-WorkUnits | Wireless-WorkUnits | Shell-WorkUnits | WebScan-WorkUnits | [Process] | Threads | MemoryUsageKB | VirtualBytes | [System] | ProcessorTime | Threads | PQL | [D1] | ProcessedTasks | CreatedThreads | ReusedThreads | DestroyedThreads | CreateFailedCount |NewThreadRejectionCount/m | PopCount/m | PrecondFailedCount/m | SkippedOverCount/m | Avg.Distance

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManager::Init

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManagerConfig: ThreadManager_MaxMemory% = 70, ThreadManager_MaxVM% = 90, ThreadManager_CriticalMemory% = 60, ThreadManager_CriticalVM% = 89, ThreadManager_MaxAllowedThreads = 1000, ThreadManager_MaxBatchesPerGB = 25, ThreadManager_AllowedWorkloadInWorkUnits = 1000000

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManagerConfig: MaxMemoryKB = 2893981, MaxVMKB = 3774758, CriticalMemoryKB = 2474563, CriticalVMKB = 3732816, MaxAllowedThreads = 1000, MaxAllowedBatches = 100, ThreadManager_WaitObjectTimeoutMS = 10000, ThreadPool_WaitObjectTimeoutMS = 1000

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 8 | 5108 | 56572 | [System] | 0 | 512 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x073C | Connecting to Foundstone Database (server='MVM75\SQLEXPRESS', DBName='faultline', user='faultline', NTAuth=0)

2012-10-04 14:57:10-05:00 |  | 1 | FSAPI | 0x073C | Foundstone Database connected

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x073C | FSAPI Server: Address='MVM75', Port=3800, Certs Path='C:\Program Files (x86)\Foundstone\Configuration', Secure= 1, SendTimeout=6, RecvTimeout=6, uLog=0

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x073C | FSComm Server: Certificate - server (C:\Program Files (x86)\Foundstone\Configuration\CustomEngine.pem), ca (C:\Program Files (x86)\Foundstone\Configuration\CustomTrustedCA.pem), dh (C:\Program Files (x86)\Foundstone\Configuration\dh.pem). (0)

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x08E4 | FSComm Server: Server Up - https://MVM75:3800 - Send Timeout(6), Receive Timeout(6). (0)

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x08E8 | Benchmark Update Monitor active (0)

2012-10-04 14:58:03-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 8 | 8572 | 62552 | [System] | 2 | 476 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:58:30-05:00 |  | 4 | ScanEngine | 0x0840 | BatchCal | ThreadKB | HostKB | HostCount | WhamThreadKB | WhamHostKB | WhamHostCount | TotalHostCount | WorkerThreads | MemAvailKB | ThreadCount | BatchCostKB | EstimatedTotalKB | ActualTotalKB

2012-10-04 14:58:30-05:00 |  | 4 | ScanEngine | 0x0840 | AsstStat | TotalHosts | ScanResp | Duration | TotalPhys | AvailPhys | TotalPF | AvailPF | TotalVM | AvailVM | AvailExt | CommitTotal | CommitLimit | CommitPeak | WhamHosts | OtherHosts | RecoveryCount | AsstIndex | BatchCount

2012-10-04 14:58:30-05:00 |  | 2 | ScanEngine | 0x0840 | WARNING: IPv6 network stack is unavailable; all IPv6 addresses will be ignored.

2012-10-04 14:58:30-05:00 |  | 4 | ScanEngine | 0x0B7C | CNCDThread::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0838 | ENGINESTATE_RECOVERING

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B90 | ScanEngine::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | SaaSController::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0BC0 | SaaSUploader::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0BC0 | ThreadPool usage: High=1, Low=1, Shared=8

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | FSScanEngine: Log=0, LogXML=0, ThreadPool_Debug=0

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Posting EngineStatus - Immediately (with 3 minute timeout)

2012-10-04 14:58:32-05:00 |  | 1 | ScanEngineSvc | 0x0B94 | CommHTTP::Connect: Unable to connect to (HTTPS)MVM75:3803. COpenSSLSocket::Connect - tcp connect failed

2012-10-04 14:58:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostResource returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

2012-10-04 14:58:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostEngineStatus returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Starting up the engine...

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Begin system operation...

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | End system operation.

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | ENGINESTATE_RUNNING

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | The engine is running.

2012-10-04 14:58:33-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager - Invoke OnStatus(normal)

2012-10-04 14:58:33-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager! | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 10 | 17648 | 73580 | [System] | 42 | 572 | 2 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:58:33-05:00 | <?xml version="1.0" encoding="utf-16" ?>

<AssessmentStatus>

<Process status="normal" />

</AssessmentStatus> | -2 | Assessment | 0x08D4 | No listeners registered for "Assessment::OnProcessStatus" event.

2012-10-04 14:59:03-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 10 | 17648 | 73580 | [System] | 50 | 553 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:59:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | FSScanEngine: Log=0, LogXML=0, ThreadPool_Debug=0

2012-10-04 14:59:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Re-posting EngineStatus...

2012-10-04 14:59:32-05:00 |  | 1 | ScanEngineSvc | 0x0B94 | CommHTTP::Connect: Unable to connect to (HTTPS)MVM75:3803. COpenSSLSocket::Connect - tcp connect failed

2012-10-04 14:59:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostResource returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

2012-10-04 14:59:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostEngineStatus returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

1 Solution

Accepted Solutions
Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Hi Jeff,

Working with McAfee Platinum support this morning we managed to get to the bottom of this problem - once and for all!

I've also been able to confirm that this was sorted on a second from-scratch installation that was also exhibiting the same problem - to clarify, VMWare Workstation and Client Hyper-V, each with a Win2K8R2 Standard Guest.

If you are using a Named Instance of SQL - which in most "all on one" (Trial) installations will be the case as you will no doubt install SQL Express (which by default will install a Named Instance called "SQLExpress") you will *not* have the SQL Browser Agent started as this service is disabled by default.

Go into services.msc and set the SQL Browser service to start "Automatic" and then start it, then restart all the Foundstone services afterwards.

That will sort it out!

Just make sure you also have a hosts files entry for the hostname of the local machine so that it can resolve itself by hostname and then do a netstat -a and you'll see that port 3803 for the IP address of your machine will now be bound - which means the Scan Controller is started properly, and the Scan Engine will be able to connect!

One final point - SQL Express 2008 R2 *does* work, even though it's not (officially!) supported in the McAfee Installation guide.

I hope this helps, cheers.

Kind regards,

James

View solution in original post

11 Replies
Highlighted
Level 13
Report Inappropriate Content
Message 2 of 12

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Hi infosecjeff,

Make sure you've configured the Scan Engine to point to the Scan Controller (in the FCM).

Then make sure you can telnet to the Scan Controller from the Engine on Port 3803...

If you're still having issues, open a Service Request.

-Cathy

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Yes those basic checks were done. There is simply a conflict with the standard install of all components on one Windows 2008 sever that is fully patched. There are 2 scan controller processes running on high TCP ports. Is there a third scan controller process that should kick in and listen on TCP port 3803, or is one of the 2 already running supposed to be listening on TCP port 3803?

What does it look like on a working MVM7.5 host?

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I have this exact issue with one Scan Engine, i have an appliance and both the scan controller and the scan engine are in the same win 08 host, i already configure the correct scan controler on FCM for the scan engine and select the ip address for the scan controller instead of "'any" I reinstalled everything also but the issue persist.

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I have done the same thing and even set up a new VM and got the same results.

Highlighted
Level 12
Report Inappropriate Content
Message 6 of 12

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

i have seen this before when the service account used to start the scan engine doesn't have enough rights.

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

my problem was a network issue, mjmurra has a point did you try to change the user runing the scan engine service?

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

The services are running, ie Scan Controller and Scan Engine, however the scan controller does not spawn a process to listen on TCP port 3803 for some reason.

I've tried changing the Scan Controller address from the hostname (default) to the IP address, and to Any, and not change after reboots.

Has anyone seen this problem on a VMWare 7.x workstation?

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I don't believe this is a permission issue, especially if the services are running.  If you run Sysinternals process explorer you can see the scan engine try to connect to the scan controller on TCP port 3803, but the scan controller isn't listening on that port.

Highlighted

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Has anyone found a solution yet?
I have the same problem on a newly upgraded system. On one of the satelites all is ok, scan controller starts and listens on 3803. All other systems do not have a listening port.

Upgraded system Windows Server 2008, satelites Windows Server 2003

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community