6 Replies Latest reply on Sep 27, 2017 1:43 PM by bola.2911

    Mcafee Web gateway

    bola.2911

      We are getting the following errors on the dashboard of MWG

       

      Avira update failed (ID 855).

      McAfee gateway Anti-malware update failed (851)

      GTI web database update failed (ID: 1051)

       

      After checking the update log by going to troubleshooting/logs i could see that the old and new version is same.

       

      Does anyone why we are having this alerts, if the update is already taken place.

       

      Thanks

      K

        • 1. Re: Mcafee Web gateway
          Jon Scholten

          Do you have a cluster or is this just a single appliance? If it's a cluster, then a single appliance could have problems downloading the updates (itself), but then later get the updates from another appliance.

          • 2. Re: Mcafee Web gateway
            bola.2911

            It is a cluster, the alert comes only on the standy MWG and later on the update was successful.

            By checking the update logs it was showing as update failed because of the new and older version matches.

            • 3. Re: Mcafee Web gateway
              Jon Scholten

              I couldnt say without seeing the log myself, but I'm guessing that the standby node is getting the updates from the cluster rather than from the internet itself. Usually the logs will say where the update is coming from (internet or another node), however they can be a bit cryptic.

               

              The situation could also be the opposite -- the standby node attempts to get updates from another node, but fails, when it gets the updates from the internet it works. This could happen if there is a small pipe between nodes. In which case you might want to consider changing the update groups. https://community.mcafee.com/docs/DOC-4823#jive_content_id_Update

              • 4. Re: Mcafee Web gateway
                bola.2911

                There are different nodes for the master and the standby.

                 

                Master MWG node xxxxxxxxx

                Standby MWG node yyyyyyyy

                 

                Also a= a means same version

                a=b means different version

                 

                On the same day the alert on the master MWG from the dashboard is

                Following domain can't be contacted. ID: 903

                 

                and on the standby MWG the alert showed on dashboard.

                Following domain can't be contacted. ID: 903

                McAfee gateway Anti-Malware update failed, broken version identifier. ID 851

                GTI web database update failed. ID 1051

                Avira update failed. ID 855

                 

                 

                Now as per the update logs.

                 

                For Master

                 

                Update Status from local Node: xxxxxxxxx

                Product: GTI web database

                Status: update_succeed

                Old Version: TS-Engine=a|TS-Database=a

                New Version: TS-Engine=a|TS-Database=b

                Update Status from local Node: xxxxxxxxxx

                Product: McAfee Gateway Anti-Malware

                Status: update_succeed

                Old Version: AM-DAT=aAM-Engine=a|MFE-DAT=aMFE-Engine=a|PLATFORM=x64

                New Version: AM-DAT=b|AM-Engine=a|MFE-DAT=a|MFE-Engine=a|PLATFORM=x64

                Update Status from non local Node yyyyyyyyyyy

                Product: McAfee Gateway Anti-Malware

                Status: update_failed

                Old Version: AM-DAT=a|AM-Engine=a|MFE-DAT=a|MFE-Engine=a|PLATFORM=x64

                New Version: AM-DAT=a|AM-Engine=a|MFE-DAT=a|MFE-Engine=a|PLATFORM=x64

                Product: Avira

                Status: update_failed

                Old Version: Avira-Engine=a|Avira-VDF=a|Avira-Savapi=a|PLATFORM=x64

                New vsersion:Avira-Engine=a|Avira-VDF=a|Avira-Savapi=a|PLATFORM=x64

                Product: GTI web database

                Type: xl

                Status: update_failed

                Old Version: TS-Engine=a|TS-Database=a

                New Version: TS-Engine=a|TS-Database=a

                Update from node yyyyyyyyyy

                Product: Known CAs (16839)

                Version: List=254

                Status: update_is_up_to_date

                Update from node yyyyyyyyyyyyy

                 

                it seems the update from local nose is working but not from non-local node.

                 

                for Standby

                 

                Update Status from local Node: yyyyyyyyy

                Product: McAfee Gateway Anti-Malware

                Status: update_failed

                Old Version: AM-DAT=a|AM-Engine=a|MFE-DAT=a|MFE-Engine=a|PLATFORM=x64

                New Version: AM-DAT=a|AM-Engine=a|MFE-DAT=a|MFE-Engine=a|PLATFORM=x64

                Update from node xxxxxxxxxx

                Product: Avira

                Version: Avira-Engine=a|Avira-VDF=|Avira-Savapi=|PLATFORM=x64

                File ave2_linux_incr_b.tar.gz stored successfully

                File vdf.tar.gz stored successfully

                File extensionlist.txt stored successfully

                File bpdata.txt stored successfully

                File vinfo.txt stored successfully

                Update Status from local Node: yyyyyyyyyyyyyyy

                Product: Avira

                Status: update_failed

                Old Version: Avira-Engine=a|Avira-VDF=a|Avira-Savapi=a|PLATFORM=x64

                New Version: Avira-Engine=a|Avira-VDF=a|Avira-Savapi=a|PLATFORM=x64

                Update from node xxxxxxxxxxx

                Product: GTI web database

                Status: update_failed

                Old Version: TS-Engine=a|TS-Database=a

                New Version: TS-Engine=a|TS-Database=a

                Performing update because 'update interval exceeded

                 

                k

                • 5. Re: Mcafee Web gateway
                  Jon Scholten

                  Hi K,

                   

                  I'd just set separate update groups (see link above) for each node (so they download their own updates). You'll be able to tell pretty quickly if that fixes it.

                   

                  Best Regards,

                  Jon

                  • 6. Re: Mcafee Web gateway
                    bola.2911

                    as they belong to different nodes, is that the reason that the master have less alerts as compared to the standby?

                     

                    K