cancel
Showing results for 
Search instead for 
Did you mean: 

Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I am running MVM 7.5 on VMWare Workstation - Guest is a Windows 2008 R2 with SQL 2008 R2 Express.  I have all the MVM 7.5 components installed on this server.

My issue is the scan engine cannot communicate with any scan controllers.  If I fire up Tcpview.exe and watch I can see the scanengine send syn packets to TCP port 3803, but the scan controller isn't listening on that port for some reason even though it is configured to, as observed in the server.config.xml file.

I've installed this on two different VMs and I get the same error.

Here's part of the logfile:

2012-10-04 14:57:00-05:00 |  | 0 | Discovery | 0x086C | The Discovery service has started.

2012-10-04 14:57:00-05:00 |  | 4 | ScanEngine | 0x0840 | Removing active jobs...

2012-10-04 14:57:01-05:00 |  | 0 | Assessment | 0x08B4 | Service Started

2012-10-04 14:57:01-05:00 |  | 0 | Assessment | 0x08C0 | The Assessment service has started.

2012-10-04 14:57:01-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulatorConfig: ScriptRegulator_MaxMemory% = 80, ScriptRegulator_Hysteresis% = 1, ScriptRegulator_SemaphoreMultiplier = 1, ScriptRegulator_ProcessorQueueLengthLimit = 100

2012-10-04 14:57:01-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulatorConfig: MaxMemoryKB = 3313398, HysteresisKB = 41941, SemaphoreCount = 2

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulator: ScriptResumeLevelKB = 3271457, OutOfResourcesMinuteCountMax = 4

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ScriptRegulator | PrivateUsageKB | PrivateUsage | PrivateUsageDeltaKB | RunningThreads | ParkedThreads | Parked/Total | LoadedScripts | ExecutedScripts | ExecutedScripts/m | Avg.ExecutedScript/m | [Modules] | LoadedGeneral | ExecutedGeneral | ExecutedGeneral/m | LoadedWeb | ExecutedWeb | ExecutedWeb/m | LoadedWham | ExecutedWham | ExecutedWham/m | LoadedWireless | ExecutedWireless | ExecutedWireless/m | LoadedShell | ExecutedShell | ExecutedShell/m | [System] | PagefileUsageKB | PeakPagefileUsageKB | WorkingSetSizeKB | PeakWorkingSetSizeKB | PageFaultCount | GlbTotalPageFile | GlbAvailPageFile | VirtualBytes | VirtualUsage

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManager | [P1] | ActiveThreads | ParkedThreads | ActiveTasks | ParkedTasks | [TM] | ActiveThreads | Avg.Scripts/m | EstimatedTimeInMinutes | ExecutedScripts | ExecutingThreads | WaitingThreads | [Modules] | TotalBatches | TotalTaskGroups | ActiveWorkUnits | InactiveWorkUnits | General-WorkUnits | WebFSL-WorkUnits | WHAM-WorkUnits | Wireless-WorkUnits | Shell-WorkUnits | WebScan-WorkUnits | [Process] | Threads | MemoryUsageKB | VirtualBytes | [System] | ProcessorTime | Threads | PQL | [D1] | ProcessedTasks | CreatedThreads | ReusedThreads | DestroyedThreads | CreateFailedCount |NewThreadRejectionCount/m | PopCount/m | PrecondFailedCount/m | SkippedOverCount/m | Avg.Distance

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManager::Init

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManagerConfig: ThreadManager_MaxMemory% = 70, ThreadManager_MaxVM% = 90, ThreadManager_CriticalMemory% = 60, ThreadManager_CriticalVM% = 89, ThreadManager_MaxAllowedThreads = 1000, ThreadManager_MaxBatchesPerGB = 25, ThreadManager_AllowedWorkloadInWorkUnits = 1000000

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08C0 | ThreadManagerConfig: MaxMemoryKB = 2893981, MaxVMKB = 3774758, CriticalMemoryKB = 2474563, CriticalVMKB = 3732816, MaxAllowedThreads = 1000, MaxAllowedBatches = 100, ThreadManager_WaitObjectTimeoutMS = 10000, ThreadPool_WaitObjectTimeoutMS = 1000

2012-10-04 14:57:03-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 8 | 5108 | 56572 | [System] | 0 | 512 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x073C | Connecting to Foundstone Database (server='MVM75\SQLEXPRESS', DBName='faultline', user='faultline', NTAuth=0)

2012-10-04 14:57:10-05:00 |  | 1 | FSAPI | 0x073C | Foundstone Database connected

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x073C | FSAPI Server: Address='MVM75', Port=3800, Certs Path='C:\Program Files (x86)\Foundstone\Configuration', Secure= 1, SendTimeout=6, RecvTimeout=6, uLog=0

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x073C | FSComm Server: Certificate - server (C:\Program Files (x86)\Foundstone\Configuration\CustomEngine.pem), ca (C:\Program Files (x86)\Foundstone\Configuration\CustomTrustedCA.pem), dh (C:\Program Files (x86)\Foundstone\Configuration\dh.pem). (0)

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x08E4 | FSComm Server: Server Up - https://MVM75:3800 - Send Timeout(6), Receive Timeout(6). (0)

2012-10-04 14:57:10-05:00 |  | 4 | FSAPI | 0x08E8 | Benchmark Update Monitor active (0)

2012-10-04 14:58:03-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 8 | 8572 | 62552 | [System] | 2 | 476 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:58:30-05:00 |  | 4 | ScanEngine | 0x0840 | BatchCal | ThreadKB | HostKB | HostCount | WhamThreadKB | WhamHostKB | WhamHostCount | TotalHostCount | WorkerThreads | MemAvailKB | ThreadCount | BatchCostKB | EstimatedTotalKB | ActualTotalKB

2012-10-04 14:58:30-05:00 |  | 4 | ScanEngine | 0x0840 | AsstStat | TotalHosts | ScanResp | Duration | TotalPhys | AvailPhys | TotalPF | AvailPF | TotalVM | AvailVM | AvailExt | CommitTotal | CommitLimit | CommitPeak | WhamHosts | OtherHosts | RecoveryCount | AsstIndex | BatchCount

2012-10-04 14:58:30-05:00 |  | 2 | ScanEngine | 0x0840 | WARNING: IPv6 network stack is unavailable; all IPv6 addresses will be ignored.

2012-10-04 14:58:30-05:00 |  | 4 | ScanEngine | 0x0B7C | CNCDThread::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0838 | ENGINESTATE_RECOVERING

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B90 | ScanEngine::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | SaaSController::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0BC0 | SaaSUploader::ThreadFunc: Running...

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0BC0 | ThreadPool usage: High=1, Low=1, Shared=8

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | FSScanEngine: Log=0, LogXML=0, ThreadPool_Debug=0

2012-10-04 14:58:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Posting EngineStatus - Immediately (with 3 minute timeout)

2012-10-04 14:58:32-05:00 |  | 1 | ScanEngineSvc | 0x0B94 | CommHTTP::Connect: Unable to connect to (HTTPS)MVM75:3803. COpenSSLSocket::Connect - tcp connect failed

2012-10-04 14:58:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostResource returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

2012-10-04 14:58:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostEngineStatus returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Starting up the engine...

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Begin system operation...

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | End system operation.

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | ENGINESTATE_RUNNING

2012-10-04 14:58:33-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | The engine is running.

2012-10-04 14:58:33-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager - Invoke OnStatus(normal)

2012-10-04 14:58:33-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager! | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 10 | 17648 | 73580 | [System] | 42 | 572 | 2 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:58:33-05:00 | <?xml version="1.0" encoding="utf-16" ?>

<AssessmentStatus>

<Process status="normal" />

</AssessmentStatus> | -2 | Assessment | 0x08D4 | No listeners registered for "Assessment::OnProcessStatus" event.

2012-10-04 14:59:03-05:00 |  | 4 | Assessment | 0x08D4 | ThreadManager | [P1] | 0 | 0 | 0 | 0 | [TM] | 0 | 10000 | 0 | 0 | 0 | 0 | [Modules] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | [Process] | 10 | 17648 | 73580 | [System] | 50 | 553 | 0 | [D1] | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

2012-10-04 14:59:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | FSScanEngine: Log=0, LogXML=0, ThreadPool_Debug=0

2012-10-04 14:59:31-05:00 |  | 4 | ScanEngineSvc | 0x0B94 | Re-posting EngineStatus...

2012-10-04 14:59:32-05:00 |  | 1 | ScanEngineSvc | 0x0B94 | CommHTTP::Connect: Unable to connect to (HTTPS)MVM75:3803. COpenSSLSocket::Connect - tcp connect failed

2012-10-04 14:59:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostResource returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

2012-10-04 14:59:32-05:00 |  | 2 | ScanEngineSvc | 0x0B94 | CommHTTP::PostEngineStatus returns (0xa0fbf061)[E_ENGINE_HTTP_CONNECT_FAIL]

1 Solution

Accepted Solutions

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Hi Jeff,

Working with McAfee Platinum support this morning we managed to get to the bottom of this problem - once and for all!

I've also been able to confirm that this was sorted on a second from-scratch installation that was also exhibiting the same problem - to clarify, VMWare Workstation and Client Hyper-V, each with a Win2K8R2 Standard Guest.

If you are using a Named Instance of SQL - which in most "all on one" (Trial) installations will be the case as you will no doubt install SQL Express (which by default will install a Named Instance called "SQLExpress") you will *not* have the SQL Browser Agent started as this service is disabled by default.

Go into services.msc and set the SQL Browser service to start "Automatic" and then start it, then restart all the Foundstone services afterwards.

That will sort it out!

Just make sure you also have a hosts files entry for the hostname of the local machine so that it can resolve itself by hostname and then do a netstat -a and you'll see that port 3803 for the IP address of your machine will now be bound - which means the Scan Controller is started properly, and the Scan Engine will be able to connect!

One final point - SQL Express 2008 R2 *does* work, even though it's not (officially!) supported in the McAfee Installation guide.

I hope this helps, cheers.

Kind regards,

James

11 Replies
cgrim
Level 13
Report Inappropriate Content
Message 2 of 12

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Hi infosecjeff,

Make sure you've configured the Scan Engine to point to the Scan Controller (in the FCM).

Then make sure you can telnet to the Scan Controller from the Engine on Port 3803...

If you're still having issues, open a Service Request.

-Cathy

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Yes those basic checks were done. There is simply a conflict with the standard install of all components on one Windows 2008 sever that is fully patched. There are 2 scan controller processes running on high TCP ports. Is there a third scan controller process that should kick in and listen on TCP port 3803, or is one of the 2 already running supposed to be listening on TCP port 3803?

What does it look like on a working MVM7.5 host?

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I have this exact issue with one Scan Engine, i have an appliance and both the scan controller and the scan engine are in the same win 08 host, i already configure the correct scan controler on FCM for the scan engine and select the ip address for the scan controller instead of "'any" I reinstalled everything also but the issue persist.

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I have done the same thing and even set up a new VM and got the same results.

Highlighted
mjmurra
Level 12
Report Inappropriate Content
Message 6 of 12

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

i have seen this before when the service account used to start the scan engine doesn't have enough rights.

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

my problem was a network issue, mjmurra has a point did you try to change the user runing the scan engine service?

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

The services are running, ie Scan Controller and Scan Engine, however the scan controller does not spawn a process to listen on TCP port 3803 for some reason.

I've tried changing the Scan Controller address from the hostname (default) to the IP address, and to Any, and not change after reboots.

Has anyone seen this problem on a VMWare 7.x workstation?

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

I don't believe this is a permission issue, especially if the services are running.  If you run Sysinternals process explorer you can see the scan engine try to connect to the scan controller on TCP port 3803, but the scan controller isn't listening on that port.

Re: Running MVM 7.5 on VMWare Workstation - scan engine cannot communicate with an scan controller

Jump to solution

Has anyone found a solution yet?
I have the same problem on a newly upgraded system. On one of the satelites all is ok, scan controller starts and listens on 3803. All other systems do not have a listening port.

Upgraded system Windows Server 2008, satelites Windows Server 2003

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community