cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
FA1
Level 10
Report Inappropriate Content
Message 1 of 9

Database move - Event parser not starting (starting then stopping)

Jump to solution

Today we moved the ePO DB to a new server following the procedure described in KB68427. Now the Event Parser service is stopping immediately when started.

We have verified the connection to the DB is working via https://localhost:8443/core/config-auth and via the ODBC client. The DB user (SQL) and password are the same as on the old DB server. Privileges of that user are also identical. 

Any suggestions would be welcome

Thank you!

1 Solution

Accepted Solutions
FA1
Level 10
Report Inappropriate Content
Message 8 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution

In this case, we needed to update the SQL native client on the ePO as it was too old to properly handle TLS 1.2.

McAfee KBhttps://kc.mcafee.com/corporate/index?page=content&id=KB92364&locale=en_US

Microsoft Downloadhttps://www.microsoft.com/en-us/download/details.aspx?id=50402

Thanks!

 

View solution in original post

8 Replies
aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution

have you removed the dependency on the old instance? ( if the ePO database was previously hosted on the ePO server itself.) 

Is the event parser log giving guidance as of to why it cant start properly?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

FA1
Level 10
Report Inappropriate Content
Message 3 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution
The DB had not been hosted on the eP before it was moved. So, there should not be any dependencies that woudl need removing.

I am trying to locate the eventparser log in \<epoinstallationdirectory>\server\logs\ but cannot find anything named "eventparser.... .log"
FA1
Level 10
Report Inappropriate Content
Message 4 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution
Foudn it. This is what it shows

20210712053815 E #03164 EPODAL , msg=Unspecified error
20210712053815 E #03164 EPODAL ePOData_Connection.cpp(373): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712053815 E #03164 EPODAL , msg=Unspecified error
20210712053816 E #03164 EPODAL ePOData_Connection.cpp(673): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712053816 E #03164 EPODAL , msg=Unspecified error
20210712053816 E #03164 EPODAL ePOData_Connection.cpp(719): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712053816 E #03164 EPODAL , msg=Unspecified error
20210712053816 E #03164 EPODAL ePOData_Connection.cpp(373): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712053816 E #03164 EPODAL , msg=Unspecified error
20210712053816 E #03164 EPODAL ePOData_Connection.cpp(398): Error 0x80004005 returned from credentials callback. Database NOT available
20210712053816 E #03164 EVNTPRSR D:\BUILD_1111228\BUILD\ePO\dev\src\server\include\ePOData.inl(463): Database initialization: Failed (hr=0x80004005).
20210712053816 E #03164 EVNTPRSR source\servinit.cpp(167): Failed to initialize database layer. Cannot continue.
20210712053816 I #03164 EVNTPRSR EventParser Stopped.
20210712053816 I #03164 EVNTPRSR Cleaning up Server...
20210712053816 I #03164 EVNTPRSR Shutting down syslog forward subsystem
20210712054306 I #02744 EVNTPRSR Initializing Server...
20210712054306 I #02744 EVNTPRSR Database initialization: Starting.
20210712054306 I #02744 NAISIGN Found master install key, decoding
20210712054306 I #02744 MFEFIPS Loading: "C:\PROGRA~2\McAfee\EPOLIC~1", Role = Officer, Mode = Normal
20210712054306 I #02744 MFEFIPS Using Random Generator: HMAC Random
20210712054306 I #02744 MFEFIPS RSA BSAFE Crypto-C Micro Edition FIPS140 Module 4.1.2.0
20210712054306 I #02744 MFEFIPS Module Initialized.
20210712054306 I #02744 MFEFIPS MFEFIPS_Status() returned 1
20210712054306 I #02744 MFEFIPS Loading: "C:\PROGRA~2\McAfee\EPOLIC~1", Role = Officer, Mode = Normal
20210712054306 I #02744 MFEFIPS Module Initialized.
20210712054306 I #02744 MFEFIPS MFEFIPS_Status() returned 1
20210712054306 I #02744 EPODAL Using SQL Authentication for <..REMOVED..>
20210712054307 E #02744 EPODAL ePOData_Connection.cpp(673): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712054307 E #02744 EPODAL , msg=Unspecified error
20210712054307 E #02744 EPODAL ePOData_Connection.cpp(719): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712054307 E #02744 EPODAL , msg=Unspecified error
20210712054307 E #02744 EPODAL ePOData_Connection.cpp(373): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712054307 E #02744 EPODAL , msg=Unspecified error
20210712054408 E #02744 EPODAL , msg=Unspecified error
20210712054408 E #02744 EPODAL ePOData_Connection.cpp(719): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712054408 E #02744 EPODAL , msg=Unspecified error
20210712054408 E #02744 EPODAL ePOData_Connection.cpp(373): COM Error 0x80004005, source=Microsoft SQL Server Native Client 11.0, desc=TCP Provider: An existing connection was forcibly closed by the remote host.
20210712054408 E #02744 EPODAL , msg=Unspecified error
20210712054408 E #02744 EPODAL ePOData_Connection.cpp(398): Error 0x80004005 returned from credentials callback. Database NOT available
20210712054408 E #02744 EVNTPRSR D:\BUILD_1111228\BUILD\ePO\dev\src\server\include\ePOData.inl(463): Database initialization: Failed (hr=0x80004005).
20210712054408 E #02744 EVNTPRSR source\servinit.cpp(167): Failed to initialize database layer. Cannot continue.
20210712054408 I #02744 EVNTPRSR EventParser Stopped.
20210712054408 I #02744 EVNTPRSR Cleaning up Server...
20210712054408 I #02744 EVNTPRSR Shutting down syslog forward subsystem
FA1
Level 10
Report Inappropriate Content
Message 5 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution

This line caught my eye:

D:\BUILD_1111228\BUILD\ePO\dev\src\server\include\ePOData.inl(463): Database initialization: Failed (hr=0x80004005).

There is no D-drive on the ePO.

FA1
Level 10
Report Inappropriate Content
Message 6 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution
BTW, we are on version 5.10 build 12256
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution

You can ignore the path for the d drive, that is a normal error irrelevant of your drive environment with db connection failures.  Does the new sql server support tls 1.2 and have the correct ciphers enabled?  Is the correct port/instance specified?  core/config only validates connectivity, but does not validate proper tls handshake success.  The eventparser failing to start is a clear indication of issue with the handshake failing.  I would suggest the following:

Download IISCrypto, run it on the new sql server and choose best practices, then reboot.  If that is not possible, run nmap on the sql server to validate tls and cipher requirements are met.  See the following kb's - KB91304 for db cipher/tls requirements and KB91115 for how to use nmap.  That can be run from any system, as long as you point it to sql server with the correct sql port in use.  

Other than that, you can get a wireshark capture when trying to start up the application server service to see what the client/server hello looks like.  Do not post those here, as they would contain sensitive info that should not be posted on a public forum.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

FA1
Level 10
Report Inappropriate Content
Message 8 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution

In this case, we needed to update the SQL native client on the ePO as it was too old to properly handle TLS 1.2.

McAfee KBhttps://kc.mcafee.com/corporate/index?page=content&id=KB92364&locale=en_US

Microsoft Downloadhttps://www.microsoft.com/en-us/download/details.aspx?id=50402

Thanks!

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Database move - Event parser not starting (starting then stopping)

Jump to solution

Nice catch!

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community