4 Replies Latest reply on Sep 9, 2009 7:57 AM by R3k1awyk5

    Group Scan Issues

    R3k1awyk5
      Ran into an odd situation today.

      Was attempting to move about 100 machines into another machine group, and only about 25 of them were transferred. The rest gave an error "Could Not Update Attribute". Upon refreshing the machine list, all of the machines in the initial group (where I was moving machines from) were gone.
      Didn't figure it was a big deal, and that a group scan would fix everything. Ran the group scan, and it found 144 orphaned objects. Hit refresh, and checked the "Orphans" group, and only about 20 machines showed up there. Another group scan found 141 machines, and added 12 to the group. Third attempt find 129 machines, Orphans group is now sitting at 54 machines.

      Not real sure what is going on. Any advice appreciated.
        • 1. RE: Group Scan Issues
          R3k1awyk5
          Little more info.

          Upon looking through the group scan log, I'm seeing a few entries that say "error fixing orphan : [db020001] Unable to update attribute"

          It looks like the machines that actually show up in the Orphans group are the machines that are fixed after the error occurs. None of the machines that were "fixed" before the last error are showing up.
          • 2. RE: Group Scan Issues
            Looking for more info about this too.
            In our company we started using this software, but some devices are not showing in the manager. We trying to update via Group Scan, all devices that were already there are gone. They are not totally gone, because when we try to add a machine by the same name, it states that it already exists. What to do?
            • 3. RE: Group Scan Issues
              delete the name cache, restart the server, and make sure you are not using sbfiledb.dll v5.1.9 anywhere.

              Most orphans, and failed orphan recoveries come from a DB where the server is too slow to keep up with the workload, which is either because it's basically underpowered, or because it's not been through performance tuning. SAN connections are especially bad because, as security guys, you probably have very little say in how fast the connection is (most people struggle to get the infrastructure team to give them a TierI connection).
              • 4. RE: Group Scan Issues
                R3k1awyk5
                First off, call support. Anything I can tell you is at face-value, and should not be considered as coming from McAfee. As always, test any and all changes to your environement before implementing them in Production.

                -- Check your AV exclusions. We had to exclude the SBData folder from On-Acess scanning.
                -- Assign low-risk processes. We had to declare several EEPC processes as low-risk processes so they weren't scanned when run. The important one I believe was SBDBServer.exe.
                -- Check your versions. We found we had multiple versions across some files as a result of incorrect upgrade procedures. The way we found out was by checking the about page, and then checking System tab-->Endpoint Encryption Server Groups --> SafeBoot Server--> Get Status. We found that the about page and the get status showed different versions, which then led us to look at the actual modules installed.