Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
928 Views 2 Replies Latest reply: Jan 9, 2013 5:28 PM by Ken_Howard RSS
jxbianc Newcomer 3 posts since
Aug 13, 2009
Currently Being Moderated

Oct 31, 2011 3:02 PM

Host IPS 8.0 Property Translator failed with exception

Hi I'm trying to get the HIPS firewall up and running and I have recently run into this problem. I added a new group of machines to my test group, and all of a sudden I stopped getting any info from HIPS in EPO at all. No client rules, no client info or version, nothing. I've got a call in to support but after 2 weeks the best they can tell me is that patch 1 will fix it. I think I've narrowed down the problem at this point to a bad signer record being read, as I get this message in my orion.log every time the Property translator tries to run:

 

Host IPS 8.0 Property Translator] failed with exception

java.util.concurrent.ExecutionException: com.mcafee.orion.core.cmd.CommandException: signerName cannot be parsed as a Distinguised Name

Caused by: java.lang.IllegalArgumentException: improperly specified input name: CN=Stardock Corporation, O=Stardock Corporation, STREET=15090 N Beck Road Ste 300, L=Plymouth, S=MI, PostalCode=48170, C=US

at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:150)

at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:102)

at com.mcafee.hips.catalog.model.ValidationUtil.normalizeDistinguishedName(Validat ionUtil.java:84)

Caused by: java.io.IOException: Invalid keyword "POSTALCODE"

at sun.security.x509.AVAKeyword.getOID(AVA.java:1251)

at sun.security.x509.AVA.<init>(AVA.java:175)

at sun.security.x509.AVA.<init>(AVA.java:128)

at sun.security.x509.RDN.<init>(RDN.java:134)

at sun.security.x509.X500Name.parseDN(X500Name.java:901)

at sun.security.x509.X500Name.<init>(X500Name.java:148)

at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:148)

 

I've tried the advice in KB71520, which said to remove the bad client rule, which I did by both turning off adaptive mode on the only 2 machines that have the offending software signature and by turning off "retain cleint rules" for the whole group, but I still get the same error.

Does anyone know a fix for this other than "wait for the patch"?

  • ecoreas Newcomer 1 posts since
    Jan 7, 2013

    Please take a look at:

     

    Host Intrusion Prevention 8.0 property translator error failing on POSTALCODE

    https://kc.mcafee.com/corporate/index?page=content&id=KB71520

  • Ken_Howard McAfee Employee 28 posts since
    Jul 8, 2010

    I previously spoke with Stardock about this issue, POSTALCODE is a non-standard keyword within the certificate signer (based on http://www.ietf.org/rfc/rfc1779.txt)

                   Figure 1:  BNF Grammar for Distinguished Name

     

                          Key     Attribute (X.520 keys)

                          ------------------------------

                          CN      CommonName

                          L       LocalityName

                          ST      StateOrProvinceName

                          O       OrganizationName

                          OU      OrganizationalUnitName

                          C       CountryName

                          STREET  StreetAddress

     

                         Table 1:  Standardised Keywords

    At that time, thier certificates were issued by Comodo and I was under the impression they were going to talk to them about the issue. If they have, then it might be possible to simply install the latest version of which ever Stardock application you are using.

     

    Ken Howard

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points