I am running MVM 7.5 on VMWare Workstation - Guest is a Windows 2008 R2 with SQL 2008 R2 Express. I have all the MVM 7.5 components installed on this server.
My issue is the scan engine cannot communicate with any scan controllers. If I fire up Tcpview.exe and watch I can see the scanengine send syn packets to TCP port 3803, but the scan controller isn't listening on that port for some reason even though it is configured to, as observed in the server.config.xml file.
I've installed this on two different VMs and I get the same error.
Here's part of the logfile:
2012-10-04 14:57:00-05:00 | | 0 | Discovery | 0x086C | The Discovery service has started.
2012-10-04 14:57:00-05:00 | | 4 | ScanEngine | 0x0840 | Removing active jobs...
2012-10-04 14:57:01-05:00 | | 0 | Assessment | 0x08B4 | Service Started
2012-10-04 14:57:01-05:00 | | 0 | Assessment | 0x08C0 | The Assessment service has started.
2012-10-04 14:57:01-05:00 | | 4 | Assessment | 0x08C0 | ScriptRegulatorConfig: ScriptRegulator_MaxMemory% = 80, ScriptRegulator_Hysteresis% = 1, ScriptRegulator_SemaphoreMultiplier = 1, ScriptRegulator_ProcessorQueueLengthLimit = 100
2012-10-04 14:57:01-05:00 | | 4 | Assessment | 0x08C0 | ScriptRegulatorConfig: MaxMemoryKB = 3313398, HysteresisKB = 41941, SemaphoreCount = 2
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08C0 | ScriptRegulator: ScriptResumeLevelKB = 3271457, OutOfResourcesMinuteCountMax = 4
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08C0 | ScriptRegulator | PrivateUsageKB | PrivateUsage | PrivateUsageDeltaKB | RunningThreads | ParkedThreads | Parked/Total | LoadedScripts | ExecutedScripts | ExecutedScripts/m | Avg.ExecutedScript/m | [Modules] | LoadedGeneral | ExecutedGeneral | ExecutedGeneral/m | LoadedWeb | ExecutedWeb | ExecutedWeb/m | LoadedWham | ExecutedWham | ExecutedWham/m | LoadedWireless | ExecutedWireless | ExecutedWireless/m | LoadedShell | ExecutedShell | ExecutedShell/m | [System] | PagefileUsageKB | PeakPagefileUsageKB | WorkingSetSizeKB | PeakWorkingSetSizeKB | PageFaultCount | GlbTotalPageFile | GlbAvailPageFile | VirtualBytes | VirtualUsage
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08C0 | ThreadManager | [P1] | ActiveThreads | ParkedThreads | ActiveTasks | ParkedTasks | [TM] | ActiveThreads | Avg.Scripts/m | EstimatedTimeInMinutes | ExecutedScripts | ExecutingThreads | WaitingThreads | [Modules] | TotalBatches | TotalTaskGroups | ActiveWorkUnits | InactiveWorkUnits | General-WorkUnits | WebFSL-WorkUnits | WHAM-WorkUnits | Wireless-WorkUnits | Shell-WorkUnits | WebScan-WorkUnits | [Process] | Threads | MemoryUsageKB | VirtualBytes | [System] | ProcessorTime | Threads | PQL | [D1] | ProcessedTasks | CreatedThreads | ReusedThreads | DestroyedThreads | CreateFailedCount |NewThreadRejectionCount/m | PopCount/m | PrecondFailedCount/m | SkippedOverCount/m | Avg.Distance
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08C0 | ThreadManager::Init
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08C0 | ThreadManagerConfig: ThreadManager_MaxMemory% = 70, ThreadManager_MaxVM% = 90, ThreadManager_CriticalMemory% = 60, ThreadManager_CriticalVM% = 89, ThreadManager_MaxAllowedThreads = 1000, ThreadManager_MaxBatchesPerGB = 25, ThreadManager_AllowedWorkloadInWorkUnits = 1000000
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08C0 | ThreadManagerConfig: MaxMemoryKB = 2893981, MaxVMKB = 3774758, CriticalMemoryKB = 2474563, CriticalVMKB = 3732816, MaxAllowedThreads = 1000, MaxAllowedBatches = 100, ThreadManager_WaitObjectTimeoutMS = 10000, ThreadPool_WaitObjectTimeoutMS = 1000
2012-10-04 14:57:03-05:00 | | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 8 | 5108 | 56572 | [System] | 0 | 512 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2012-10-04 14:57:10-05:00 | | 4 | FSAPI | 0x073C | Connecting to Foundstone Database (server='MVM75\SQLEXPRESS', DBName='faultline', user='faultline', NTAuth=0)
2012-10-04 14:57:10-05:00 | | 1 | FSAPI | 0x073C | Foundstone Database connected
2012-10-04 14:57:10-05:00 | | 4 | FSAPI | 0x073C | FSAPI Server: Address='MVM75', Port=3800, Certs Path='C:\Program Files (x86)\Foundstone\Configuration', Secure= 1, SendTimeout=6, RecvTimeout=6, uLog=0
2012-10-04 14:57:10-05:00 | | 4 | FSAPI | 0x073C | FSComm Server: Certificate - server (C:\Program Files (x86)\Foundstone\Configuration\CustomEngine.pem), ca (C:\Program Files (x86)\Foundstone\Configuration\CustomTrustedCA.pem), dh (C:\Program Files (x86)\Foundstone\Configuration\dh.pem). (0)
2012-10-04 14:57:10-05:00 | | 4 | FSAPI | 0x08E4 | FSComm Server: Server Up - https://MVM75:3800 - Send Timeout(6), Receive Timeout(6). (0)
2012-10-04 14:57:10-05:00 | | 4 | FSAPI | 0x08E8 | Benchmark Update Monitor active (0)
2012-10-04 14:58:03-05:00 | | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 8 | 8572 | 62552 | [System] | 2 | 476 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2012-10-04 14:58:30-05:00 | | 4 | ScanEngine | 0x0840 | BatchCal | ThreadKB | HostKB | HostCount | WhamThreadKB | WhamHostKB | WhamHostCount | TotalHostCount | WorkerThreads | MemAvailKB | ThreadCount | BatchCostKB | EstimatedTotalKB | ActualTotalKB
2012-10-04 14:58:30-05:00 | | 4 | ScanEngine | 0x0840 | AsstStat | TotalHosts | ScanResp | Duration | TotalPhys | AvailPhys | TotalPF | AvailPF | TotalVM | AvailVM | AvailExt | CommitTotal | CommitLimit | CommitPeak | WhamHosts | OtherHosts | RecoveryCount | AsstIndex | BatchCount
2012-10-04 14:58:30-05:00 | | 2 | ScanEngine | 0x0840 | WARNING: IPv6 network stack is unavailable; all IPv6 addresses will be ignored.
2012-10-04 14:58:30-05:00 | | 4 | ScanEngine | 0x0B7C | CNCDThread::ThreadFunc: Running...
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0838 | ENGINESTATE_RECOVERING
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0B90 | ScanEngine::ThreadFunc: Running...
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0B94 | SaaSController::ThreadFunc: Running...
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0BC0 | SaaSUploader::ThreadFunc: Running...
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0BC0 | ThreadPool usage: High=1, Low=1, Shared=8
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0B94 | FSScanEngine: Log=0, LogXML=0, ThreadPool_Debug=0
2012-10-04 14:58:31-05:00 | | 4 | ScanEngineSvc | 0x0B94 | Posting EngineStatus - Immediately (with 3 minute timeout)
2012-10-04 14:58:32-05:00 | | 1 | ScanEngineSvc | 0x0B94 | CommHTTP::Connect: Unable to connect to (HTTPS)MVM75:3803. COpenSSLSocket::Connect - tcp connect failed
2012-10-04 14:58:32-05:00 | | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostResource returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]
2012-10-04 14:58:32-05:00 | | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostEngineStatus returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]
2012-10-04 14:58:33-05:00 | | 4 | ScanEngineSvc | 0x0B94 | Starting up the engine...
2012-10-04 14:58:33-05:00 | | 4 | ScanEngineSvc | 0x0B94 | Begin system operation...
2012-10-04 14:58:33-05:00 | | 4 | ScanEngineSvc | 0x0B94 | End system operation.
2012-10-04 14:58:33-05:00 | | 4 | ScanEngineSvc | 0x0B94 | ENGINESTATE_RUNNING
2012-10-04 14:58:33-05:00 | | 4 | ScanEngineSvc | 0x0B94 | The engine is running.
2012-10-04 14:58:33-05:00 | | 4 | Assessment | 0x08D4 | ThreadManager - Invoke OnStatus(normal)
2012-10-04 14:58:33-05:00 | | 4 | Assessment | 0x08D4 | ThreadManager! | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 10 | 17648 | 73580 | [System] | 42 | 572 | 2 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2012-10-04 14:58:33-05:00 | <?xml version="1.0" encoding="utf-16" ?>
<AssessmentStatus>
<Process status="normal" />
</AssessmentStatus> | -2 | Assessment | 0x08D4 | No listeners registered for "Assessment::OnProcessStatus" event.
2012-10-04 14:59:03-05:00 | | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 10 | 17648 | 73580 | [System] | 50 | 553 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2012-10-04 14:59:31-05:00 | | 4 | ScanEngineSvc | 0x0B94 | FSScanEngine: Log=0, LogXML=0, ThreadPool_Debug=0
2012-10-04 14:59:31-05:00 | | 4 | ScanEngineSvc | 0x0B94 | Re-posting EngineStatus...
2012-10-04 14:59:32-05:00 | | 1 | ScanEngineSvc | 0x0B94 | CommHTTP::Connect: Unable to connect to (HTTPS)MVM75:3803. COpenSSLSocket::Connect - tcp connect failed
2012-10-04 14:59:32-05:00 | | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostResource returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]
2012-10-04 14:59:32-05:00 | | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostEngineStatus returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]
Solved! Go to Solution.
Hi Jeff,
Working with McAfee Platinum support this morning we managed to get to the bottom of this problem - once and for all!
I've also been able to confirm that this was sorted on a second from-scratch installation that was also exhibiting the same problem - to clarify, VMWare Workstation and Client Hyper-V, each with a Win2K8R2 Standard Guest.
If you are using a Named Instance of SQL - which in most "all on one" (Trial) installations will be the case as you will no doubt install SQL Express (which by default will install a Named Instance called "SQLExpress") you will *not* have the SQL Browser Agent started as this service is disabled by default.
Go into services.msc and set the SQL Browser service to start "Automatic" and then start it, then restart all the Foundstone services afterwards.
That will sort it out!
Just make sure you also have a hosts files entry for the hostname of the local machine so that it can resolve itself by hostname and then do a netstat -a and you'll see that port 3803 for the IP address of your machine will now be bound - which means the Scan Controller is started properly, and the Scan Engine will be able to connect!
One final point - SQL Express 2008 R2 *does* work, even though it's not (officially!) supported in the McAfee Installation guide.
I hope this helps, cheers.
Kind regards,
James
Hi infosecjeff,
Make sure you've configured the Scan Engine to point to the Scan Controller (in the FCM).
Then make sure you can telnet to the Scan Controller from the Engine on Port 3803...
If you're still having issues, open a Service Request.
-Cathy
Yes those basic checks were done. There is simply a conflict with the standard install of all components on one Windows 2008 sever that is fully patched. There are 2 scan controller processes running on high TCP ports. Is there a third scan controller process that should kick in and listen on TCP port 3803, or is one of the 2 already running supposed to be listening on TCP port 3803?
What does it look like on a working MVM7.5 host?
I have this exact issue with one Scan Engine, i have an appliance and both the scan controller and the scan engine are in the same win 08 host, i already configure the correct scan controler on FCM for the scan engine and select the ip address for the scan controller instead of "'any" I reinstalled everything also but the issue persist.
I have done the same thing and even set up a new VM and got the same results.
i have seen this before when the service account used to start the scan engine doesn't have enough rights.
my problem was a network issue, mjmurra has a point did you try to change the user runing the scan engine service?
The services are running, ie Scan Controller and Scan Engine, however the scan controller does not spawn a process to listen on TCP port 3803 for some reason.
I've tried changing the Scan Controller address from the hostname (default) to the IP address, and to Any, and not change after reboots.
Has anyone seen this problem on a VMWare 7.x workstation?
I don't believe this is a permission issue, especially if the services are running. If you run Sysinternals process explorer you can see the scan engine try to connect to the scan controller on TCP port 3803, but the scan controller isn't listening on that port.
Has anyone found a solution yet?
I have the same problem on a newly upgraded system. On one of the satelites all is ok, scan controller starts and listens on 3803. All other systems do not have a listening port.
Upgraded system Windows Server 2008, satelites Windows Server 2003
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA