2 Replies Latest reply on Mar 18, 2010 12:43 PM by kswags

    HIPS 7 causing TCP/IP Stack corruption with FIREHK

      A server we had upgraded to HIPS 7.X and VSE 8.7 recently has been a serious headache.  It locked up and was unable to get register the static IP we had assigned to it and we determined when HIPS attached itself to the TCP/IP stack it corrupted the stack somehow.  We uninstalled all McAfee products reinstalled and it appeared to be working for several months months.  Last night we did a reboot on our servers and this one in particular didnt seem to come up.  We checked locally, the power was on, and it appeared to start up, but once again. it wasn't grabbing the static IP assigned to it.  After a few hours we determined the TCP/IP stack was again corrupted.  We hadn't applied any patches to it, didn't add or remove anything recently to it, so we were dumbfounded.  We researched a cmd line executable to reset the TCP/IP stack and it appeared to work.  We then rebooted the machine amd the problem occured again.

       

      I've attached the resetlog.txt file and it is clearly evident that Firehk is the cause.

       

      Has anyone else had a problem with this?  If so, what were the steps you took to ensure it didn't happen again.  This is a critical server as it manages all of our VM Ware.

       

      I appreciate any feedback.

       

      Thanks!

        • 1. Re: HIPS 7 causing TCP/IP Stack corruption with FIREHK
          bgable

          Please ensure you are running the latest HIP 7 patch 7 which is version 7.0.0.1102.

          Also please ensure you are running the latestdriver version for your network adapter(s).

          I would enable full debug logging for HIP per KB51517.

          Reboot and monitor.

          If the issue occurs again, open task mgr and note if it appeared to be memory relelated.  Generally if the server is resolnsive otherwise, it would not be related to a memory leak (though you did not provide any other details).

          Note if any process seems to be hung or consuming excessive cpu while in that state.

          Run the HIP WebMER to collect all of the logs, then open a support case.

          • 2. Re: HIPS 7 causing TCP/IP Stack corruption with FIREHK

            I believe it may have been a combination of issues.  We were using the ESX ver 3.5 on the physical server to manage our VM environment and discussions among other VM architects reveal similar issues.  It was determined that when they upgraded to ESX ver 4.0 the issue resolved itself.  It also appeared this issue was originally addressed within the SP 6 of HIPS regarding the partial install glitch of the firehk.  After I recreate the scenario in a test lab I will report back if it was simply upgrading to ver of ver 4.0 or if it required a repatch of SP6 (or 7) to correct the issue.