Security Agent Update Issues and Resolutions

ovenforksqueeΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

92 εμφανίσεις

Security Agent Update Issues and Resolutions




Clients are not updating

(Response error from server)

The first thing to do in a situation like this is to look at the history log of the client that is not updating.

If
the client is not updating at all, you will likely see this:


2011
-
08
-
01 09:35:40 : Update User: Announcing presence to 10.1.11.30 ...


2011
-
08
-
01 09:35:40 : Update User: 10.1.11.30 responded with a response
error



From here, we immediately know that

we need to look at the server.

There are several factors th
at
could cause this, and several possible fixes.


1.
Restart IIS Admin S
ervice

and then test the update.


2.
If the client is still receiving the error,
r
un IpmUpgradeDb.exe
. If IpmUpgradeDb.exe
throws an error
and does not run,
restart IIS Admin Service and IP Magic Manager Service
, then

run IpmUpgradeDb.exe
and check if the client can update.


3.
If IpmUpgradeDb.exe throws this error:


Unable to execute SQL batch in section
“CreateReportsDatabaseStoredProcs
”… “
Invalid column
name ‘ID’


Run this utility:
ftp://ftp.lightspeedsystems.com/Austin/ID_Fix.exe

This
utility
drops the saSystemInfo table and rebuilds it w
ith the following query:

--

Create the table if it does not exist

if not exists (select table_name from information_schema.tables where


table_name = 'saSystemInfo')

begin


create table IpmStatistics..saSystemInfo


(


ID bigint identity (1, 1) not for replication primary key nonclustered,


ComputerID int not null,


sysType varchar(32) not null,


sysAttribute varchar(64) not null,


sysValue varchar(255) not null


)


--

Create

indexes


create index CksaSystemInfo on IpmStatistics..saSystemInfo (ComputerID)

end

go




4.
If clients are still receiving the error, we are forced to pursue a much more compli
cated solution to
the problem.


First look at the web site on the TTC by
going to the IIS Manager. Then drill down to the web site
-
>
Default Web Site
-
> Content. Inside Content on the right pane of the window is
SecurityAgentAnnouncement.apx.


Right click and choose browse, it should look like this.

You should clearly see O
K TYPE at the start of the string. If it’s not there or the string looks different,
then go to the SQL Management Studio and choose Connect. Drill down into Databases
-
> IpmStatistics
-
> Programmability
-
> Stored Procedures
-
> right click dbo.db_SecurityAg
entAnnouncementsAddOne and
choose Properties. In Properties choose Permissions.


In the Users or Roles you should see “NETWORK SERVICE” and “TTC Report Viewers”. If not, try looking
at a different dbo in the same section to see if they don’t either. Next
, check the users/groups in the
Computer Management snap in for windows (right click “My Computer” and choose Manage). Look in
System Tools
-
> Local Users and Groups
-
> Groups, for the group called “
TTC Report Viewers
” it should
have the description of “
Us
ers authorized read
-
only access to TTC Reports
”. If there isn’t one there,
create one by right clicking the blank area below the other groups and making one with the exact name
and description as in the quotes above.



This is the only group you have to v
erify here. Once done open the Registry and look in the following
key;

HKLM
\
SOFTWARE
\
Lightspeed Systems
\
IP Magic Service
\

Your going to look at the three following keys

“ASPNET Account”, “IIS Anonymous Account”, “TTC Report Veiwers Group”


The “ASPNET
Account” is always the same from TTC to TTC, where as the others will be the same with
the exception of the computer name. (IE replace the name “NOPANTS” with the TTC’s name you’re on.
DO NOT ADD THE DOMAIN SUFFIX ie “.local” or “.lscom.net” or “school.k12
.state.us”) Do it for the
beginning and end of “IIS Anonymous Account” and replace the beginning of the “TTC Report Viewers
Group”

Once replaced cycle the “IP Magic Manager”, “IIS Admin Service”, “TTC Data Host”, and for good
measure do the SQL Server serv
ice too. After all that is done run IPMUpgradeDB.exe in the Traffic folder.

Finally go back and check the dbo.db_SecurityAgentAnnouncementsAddOne permissions in SQL
Management Studio to make sure there both back. If not double check all your work and rerun

IPMUpgradDB.exe a couple of more times. It should work.







Error unzipping Security Agent compressed update: can’t find EOCD signature

If a client is experiencing slow update times, you may see this error in the history.log:


2011
-
07
-
12 10:14:56 : Updat
e SAImport: Error unzipping Security Agent
compressed update C:
\
Program Files
\
Lightspeed
Systems
\
SecurityAge
nt
\
Compressed Updates
\
SAExport
.htm: Scan error: extracting
C:
\
Program Files
\
Lightspeed Systems
\
SecurityAgent
\
Compressed

Updates
\
SAExport
.htm: format

error: can't find EOCD signature



This indicates that SAExport.htm is not a complete file. Once this error is encountered, the updater will
skip the rest of the compressed update files and hit the database. Note that this error may be seen on
any of th
e incremental export files as well, but it is most often seen on the main file.


The following steps assume TTC 8.02 with centralized export files:

1. Check the siz
e of SAExport.htm

as well as all incremental export files

on the server
. Given the above
lo
g entry, at least SAExport.htm will be off
.


2. Delete SAExport.htm

and any other undersized export files
,

and
restart IpmMonitor.exe

by simply
killing the process in the task manager. This will automatically download any missing expo
rt files. If the
f
ile(s) download

properly
, you’re done. Verify that the client will update.


3.
As of TTC 8.02.09, partially downloaded signature files will not be made available and a monitoring
alert will be generated. If the export file(s) are not downloaded and a mon
itoring alert is sent to the TTC
admin,
then the issue is with the firewall

(likely a firewall/AV combo). An exception will need to be
added to the firewall. Try the following exclusions one at a time, from top to bottom:

1.

opendb.lightspeedsystems.com

2.

67.84.207.138


(the IP which opendb resolves to.)

3.

67.84.207.138


67.84.207.142

4.

67.84.207.129


67.84.207.254 (this is the whole ip range “security.lightspeedsystems.com”
resolves to.)







500 Internal Server Error

1.

This is typically caused by the IIS
Admin Service.

T
he first thing to try would be to
restart the IIS
Admin Service
.

You may be able to find more information about what caused the error from looking at
the IIS logs. These logs will be in C:
\
Windows
\
System32
\
LogFiles, but the exact file
path can be viewed
in the IIS management console.

1.

Right
-
click on the Default Website

and choose Properties.

2.

On the Web site tab, you will see an option near the bottom that says "Active Log Format." Click
on the Properties button.

3.

At the bottom of the Gene
ral Properties tab, you will

see a box that contains the log file
directory and the log