2 Replies Latest reply: Jan 9, 2013 5:28 PM by Ken_Howard RSS

    Host IPS 8.0 Property Translator failed with exception

    jxbianc

      Hi I'm trying to get the HIPS firewall up and running and I have recently run into this problem. I added a new group of machines to my test group, and all of a sudden I stopped getting any info from HIPS in EPO at all. No client rules, no client info or version, nothing. I've got a call in to support but after 2 weeks the best they can tell me is that patch 1 will fix it. I think I've narrowed down the problem at this point to a bad signer record being read, as I get this message in my orion.log every time the Property translator tries to run:

       

      Host IPS 8.0 Property Translator] failed with exception

      java.util.concurrent.ExecutionException: com.mcafee.orion.core.cmd.CommandException: signerName cannot be parsed as a Distinguised Name

      Caused by: java.lang.IllegalArgumentException: improperly specified input name: CN=Stardock Corporation, O=Stardock Corporation, STREET=15090 N Beck Road Ste 300, L=Plymouth, S=MI, PostalCode=48170, C=US

      at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:150)

      at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:102)

      at com.mcafee.hips.catalog.model.ValidationUtil.normalizeDistinguishedName(Validat ionUtil.java:84)

      Caused by: java.io.IOException: Invalid keyword "POSTALCODE"

      at sun.security.x509.AVAKeyword.getOID(AVA.java:1251)

      at sun.security.x509.AVA.<init>(AVA.java:175)

      at sun.security.x509.AVA.<init>(AVA.java:128)

      at sun.security.x509.RDN.<init>(RDN.java:134)

      at sun.security.x509.X500Name.parseDN(X500Name.java:901)

      at sun.security.x509.X500Name.<init>(X500Name.java:148)

      at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:148)

       

      I've tried the advice in KB71520, which said to remove the bad client rule, which I did by both turning off adaptive mode on the only 2 machines that have the offending software signature and by turning off "retain cleint rules" for the whole group, but I still get the same error.

      Does anyone know a fix for this other than "wait for the patch"?

        • 1. Re: Host IPS 8.0 Property Translator failed with exception
          ecoreas

          Please take a look at:

           

          Host Intrusion Prevention 8.0 property translator error failing on POSTALCODE

          https://kc.mcafee.com/corporate/index?page=content&id=KB71520

          • 2. Re: Host IPS 8.0 Property Translator failed with exception
            Ken_Howard

            I previously spoke with Stardock about this issue, POSTALCODE is a non-standard keyword within the certificate signer (based on http://www.ietf.org/rfc/rfc1779.txt)

                           Figure 1:  BNF Grammar for Distinguished Name

             

                                  Key     Attribute (X.520 keys)

                                  ------------------------------

                                  CN      CommonName

                                  L       LocalityName

                                  ST      StateOrProvinceName

                                  O       OrganizationName

                                  OU      OrganizationalUnitName

                                  C       CountryName

                                  STREET  StreetAddress

             

                                 Table 1:  Standardised Keywords

            At that time, thier certificates were issued by Comodo and I was under the impression they were going to talk to them about the issue. If they have, then it might be possible to simply install the latest version of which ever Stardock application you are using.

             

            Ken Howard