2 Replies Latest reply on Jan 13, 2012 6:05 AM by barena

    NAC Scan failed script error benchmark

      Hi evreybody !

       

      I use McAfee NAC 3.2 (3.2.0.854) with EPO 4.5 (patch 3).

      The implementation of our ePO server consists of two separate clusters, one for the application server and the other for the database, for a total of four separate servers that are actually four virtual machines vmare.

      Earlier this month we began the deploy nac windows client about 2000 targets, which have the agent 4.5-4.6 and virusscan 8.8-8.7.

       

      Installation from consoles (EPO deployment tasks) is successful and the NAC client scans occur regularly, while in epo console with various queries we analyze the state of health restored by NAC. The initial helath policy, audit-only mode, provides through four distinct benchmarks, control of virus signatures, version v, the state of the access scanner and the presence of the ms KB958644.

      All is right.
      We then proceeded to install the client in other nac 3000 target and we realized that these machines even if the client has installed nac (pa 5.2 agent as early as 2000), does not really work, and scanning does not return any results (on target -->show nac status --> The requested systems do not have a Network Access Control status), or new clients are detected in any of the queries for the nac, nac summary for example.
      Instead, if the target filter system in the root directory of the tree epo, the client nac 3.2.0.854 is present in more than 5000 targets.

      In the log paagent.log the Program Files \ McAfee \ MNAC scanner \ Engine \ windows client of any nac not working with the error appears

      2011-Jan-14 12:25:24 XCCDFProcessor INFO: Call to db.open
      2011-Jan-14 12:25:24 INFO AuditEngine: ContentDatabase:: open ()
      2011-Jan-14 12:25:24 AuditEngine ERROR: 3 Error Preparing statements created: no such table: Benchmark
      2011-Jan-14 12:25:24 INFO XCCDFProcessor: Error getting benchmarks for-9E06-4A05-C5B8FD84 B35F-062A6FFCBC55

      The recognition of this error mcafee kb stating to do the Update Engine McAfee Content Audit to the most recent release for the Both Policy Auditor Server and Agents.
      We performed this update on the server (Audit Engine Content 1071 and Findings Content 1007 ) and some clients, but the situation does not change and the NAC will not correctly scanned.

      We tried, without success, to reinstall the client nac, epo agent, we tried to redo the benchmarks in various modes and the initial health policy too, but the 3000 NAC client does not function while the first 2000 work well.

      I noticed that the log of Scanner_out.log Program Files \ McAfee \ MNAC scanner any more windows client not working with NAC appears at the beginning this' error:

       

       

       

      12-28-11 14:30:02,110 [3748] DEBUG Scanner <> - Reloading configuration for Scanner Service.
      12-28-11 14:30:02,141 [3748] WARN Scanner.ServerCom <> - SSLKeysException while loading keys from keystore: Failure reading keystore:: Could not find object or property.
      12-28-11 14:30:02,563 [3748] DEBUG Scanner.ServerCom <> - Loading DLL agent utility
      12-28-11 14:30:02,906 [3748] Scanner.ServerCom ERROR <> - Unable to query key value for Agent: Can not find the file specified.
      12-28-11 14:30:02,906 [3748] WARN Scanner.ServerCom <> - Unable to generate cert request headers to authenticate. Cert request will be attemped later.

      and then

      12-28-11 14:30:17,843 [3188] INFO Scanner.ScanEngine <> - **** Completed PAStartScan ...
      12-28-11 14:30:17,843 [3188] Scanner.ScanEngine ERROR <> - PAStartScan returned error: 5: Scan Has Been Canceled calculated previously.
      12-28-11 14:30:17,843 [3188] DEBUG Scanner.ScannerComm.Enforcement <> - Complete remediation called: 0
      12-28-11 14:30:17,843 [3188] DEBUG Scanner.ScannerComm.Enforcement <> - Called NAPSHA_remediation, rpending: 0
      12-28-11 14:30:17,843 [3188] DEBUG Scanner.ScanEngine <> - results: Scan Results -
      Id: -1
      Health Level: 0
      Scan Status: SCAN_FAILED_SCRIPT_ERROR
      Next Scan: 2011-12-29T14: 30:17.000 +01:00

      What can you do?

       

      Happy new year to evreybody

       

      barena

        • 1. Re: NAC Scan failed script error benchmark

          Hi

          happy New Year to all

           

          I will add that in 3000 nac faulty clients, in the path C:\Program Files\McAfee\MNAC Scanner\Engine is only the folder "scheme", while in the NAC client that

           

          work well, there are other folders with a weird name like that 406DD054-B769-4978-A840-2515598D1A49299 (that correspond to the benchmark I think).

           

          I think for some reason the client nac since its installation has not received the benchmarks by which to operate, but I do not understand what the underlying

           

          mechanism

           

          Best regard

          • 2. Re: NAC Scan failed script error benchmark

            Hi

             

            well I think I understand why the client nac 3.2.0 does not work.

            I think this sw is not compatible with ePO agents 4.6 (but is compatible with previous versions 4.0 and 4.5).

            I did some tests on.
            I installed the client nac 3.2.0 on a machine that has the epo agent 4.6, but the NAC client does not work at all (even if the installation is successful). If you install the client nac 3.2.0 on a machine that has the epo agent 4.5, the NAC works correctly (and it seems to continue to work even if you upgrade in the same machine the epo agent to version 4.6).
            To confirm this, McAfee has released version 3.2.1 of the NAC, which I tested in a virtual environment, finding the proper functioning of the NAC client on a system with epo agent 4.6.

            Unfortunately any documents of his kb, nor any product manual, or release notes, mcafee declares the incompatibility between the

            epo agent 4.6 and nac client 3.2.0.

            Also in the readme file nec 3.2.1 says "The McAfee Network Access Control ® patch release 3.2.1 is compatible with ePolicy Orchestrator 4.6 on all platforms."

             

            Best regard