TroubleshootNetwork Security Scanner » Troubleshoot

Troubleshooting Tips

Please refer to http://securitymanagerplus.wiki.zoho.com/Troubleshooting-Tips.html for the latest Troubleshooting Tips. This wiki page will be constantly updated.

  1. When I uninstall the product in windows, some folder are not getting deleted.
  2. Server-startup fails.
  3. (In Linux) When I start the server it shows "java.io.FileNotFoundException.. (Permission Denied)" ?
  4. When I start the Security Manager Plus Server, I am getting the following error "Error: write on output file failed err=28" ?

Web Client

  1. I am unable to access Security Manager Plus Server through the Web Client. Why ?
  2. Why does my Web Client user interface looks crippled ?
  3. I am repeatedly seeing the login screen. Why ?

Asset Discovery

  1. Security Manager Plus is unable to discover my network assets. Why ?
  2. OS detection is not happening correctly. Why ?
  3. Asset discovery/scan of a Windows system fails with error message "Unable to establish connection". Why ?
  4. Asset discovery/scan of a Windows system fails with error message "Discovering system [hostname] failed. Remarks : Access is denied."
  5. Asset discovery/scan of a Windows system fails with error message "Unable to locate SAMBA service". Security Manager Plus server is installed in a Linux machine.

Scan

  1. Scan does not work, scan result shows 0 vulnerabilities
  2. Vulnerability results for scans performed for windows machines shows "No records found" for Missing Patches.
  3. Sometimes the scan is taking a lot of time to complete and at times it does not complete at all. Why ?
  4. Security Manager Plus agent is running on a Windows XP SP2 machine but scan of this machine fails with 'Connection timed out' error. Why ?
  5. When scanning a system, scan fails with error: "Unable to create service in the remote machine." Why ?
  6. What are the conditions to be met for a successful scan in remote mode?

Patch Deployment

  1. When deploying patches, patch deployment fails with the error : "Failed to execute the patch. The file may either be corrupted or may not be an exe file." or "Failed to push the patch to the remote m/c. Check if the file really exists in the server store."
  2. When deploying MS Office patches, patch deployment fails with error : "Failed to create/run service in remote system"
  3. When running the Linux package management scripts (kickstart.sh / scan.sh), an error occurs. Why?

Others

  1. Got the following error while updating the vulnerability database : " Error occurred while updating the Database - Error Message : Could not contact the Central Server "
  2. How to update vulnerability and patch databse manually?
 

Installation / Un-Installation and Server Startup / Shutdown

1. When I uninstall the product in windows, some folders are not getting deleted.

Reason
This usually happens when you try to uninstall the product immediately after you have shutdown the Security Manager Plus Server.
Solution
Ensure that you uninstall the product only after the Security Manager Plus MySQL Server instance (mysqld-nt.exe process in Windows Task Manager) has been terminated completely after the server shutdown.
» Top

2. Server-startup fails.

Reason
During the previous run of the Security Manager Plus Server if you had terminated the server abruptly or there was an unclean shutdown then some of the server processes would not have been terminated and the MySQL server instance would continue to run in the system.
Solution
Forcefully terminate the MySQL Server instance (mysqld-nt.exe in Windows, mysqld in Linux).
Reason
Is a Personal Firewall running in the system in which Security Manager Plus Server is installed ? Security Manager Plus Server will open available ports during Server Startup and if the firewall does not allow opening of ports, then Server startup will fail.
Solution
Disable the Personal Firewall.
Reason
Any other
Solution
In Windows, use the 'Show Startup Logs' option from the Security Manager Plus System Tray Icon, to view the startup logs and see if you can find the cause for the failure.

Also zip the logs directory from <Security Manager Plus_Home> and send it to so that we can analyze and get back to you.

» Top

3. (In Linux) When I start the server it shows "java.io.FileNotFoundException .. (Permission Denied)" ?

Reason
The Security Manager Plus Server might have been initially started in super user mode, then subsequently restarted in the normal user mode.
Solution
Run the server only in the normal user mode. Give ownership to all the files under <Security Manager Plus_Home> installation directory, as shown below :

chown -R <username> <groupname>
» Top

4. When I start the Security Manager Plus Server, I am getting the following error "Error: write on output file failed err=28" ?

Reason
This error occurs if there is not enough Hard Disk space.
Solution
Security Manager Plus Server installation and start-up requires a minimum of 200 MB Hard Disk space.
» Top

Web Client

1. I am unable to access Security Manager Plus Server through the Web Client. Why ?

Reason
Security Manager Plus Server not started
Solution
Start the Security Manager Plus server from the Task Tray Icon or Start Menu --> Programs --> Manageengine SecureCentral Security Manager Plus --> Start Security Manager Plus Service (Windows) or by executing Security Manager Plus.sh start from 'bin' directory (Linux)
Reason
Wrong URL
Solution
Make sure that the correct URL is used to connect to the server, namely, http://<Security Manager PlusServerHost>:port_number/ (e.g. http://localhost:6262/ ).
The default web server port is 6262, provided this default port had not been changed during server startup. 

Note : Security Manager Plus Server and Web Client also can communicate through https via port 6767 (default).
Reason
You did not accept the Security Certificate while connecting to the server
Solution
You must accept the security certificate that is presented to you while connecting to the Security Manager Plus Server. This is perfectly safe and necessary for the Web Client to access the Security Manager Plus Server.
Reason
The trial period of the Security Manager Plus Server would have expired.
Solution
Restart the Security Manager Plus Server to move to Free Edition or contact for obtaining the Annual Subscription Professional License.
Reason
Security Manager Plus is running as a Linux service.
Solution
Edit the file wrapper.conf present in scripts directory and change headless="true". Then Restart Security Manager Plus Service and access the web console.
» Top

2. Why does my Web Client user interface looks crippled ?

Reason
Incompatible Browser
Solution
Refer to the Security Manager Plus system requirement, and see whether your browser is supported.
Reason
JavaScript not enabled
Solution
JavaScript has to be enabled in your browser for you to work with Security Manager Plus Web Client.
» Top

3. I am repeatedly seeing the login screen. Why ?

Reason
Your browser does not accepts cookies.
Solution
Cookies should be accepted by your browser in order to communicate with the Security Manager Plus Server seamlessly.
» Top

Asset Discovery

1. Security Manager Plus is unable to discover my network assets. Why ?

Reason
Assets not reachable
Solution
Ensure that the IP address or host names are correct and are reachable through either TCP or ICMP ping. You can configure the ports to be used for TCP ping in the Admin page (Admin » Discovery and Scan).
» Top

2. OS detection is not happening correctly in Linux systems. Why ?

Reason
Super User privileges is needed for NMap based OS detection.
Solution
Run nmapOSdetect.sh from scripts directory.
» Top

3. Asset discovery/scan of a Windows system fails with error message "Unable to establish connection". Why ?

Reason
The target system is a Windows XP SP2 machine with 'File and Printer Sharing' disabled in the firewall and/or 'simple file sharing' enabled.
Solution

1. Enable or turn-on the "File and Printer Sharing" option in your Windows Firewall (of the target system). This can be done from Control Panel --> Windows Firewall --> Exceptions tab --> Programs and Services --> Check "File and Printer Sharing"

2. Disable simple file sharing (Uncheck the option from Windows Explorer --> Tools --> Folder Options --> View tab --> Use simple file sharing)

Reason
The system is not reachable from the Security Manager Plus server machine
Solution

Make sure that the system is alive and you are able to access it from the Security Manager Plus server machine by using : 

(1) Security Manager Plus Server in Windows - the 'net use' command or UNC location (\\machine-name\ADMIN$). Example : net use \\<machine-name>\ADMIN$ /USER:<administrator\username>

If you are unable to reach the system in these ways, contact your system administrator

(2) Security Manager Plus Server in Linux - <SAMBA_HOME>/bin/net -S <target machine name> [-W <domain>] -U <username>%<password> and see if the command succeeds.

Reason
The 'NetBIOS over TCP/IP' options are not configured in the system you are trying to add.
Solution

To verify and confirm, go to Control Panel --> Network and Dial-up Connections --> Right-click on Local Area Connection --> Select Properties --> Internet Protocol (TCP/IP) --> Properties button --> Advanced button --> WINS tab.

From here, see if the radio-button is selected for the 'Disable NetBIOS over TCP/IP' option. If yes, please deselect this option and select the 'Enable NetBIOS over TCP/IP' option. Once this is done and the configuration is saved, retry asset discovery/scan from Security Manager Plus's web interface.

» Top

4. Asset discovery/scan of a Windows system fails with error message "Discovering system [hostname] failed. Remarks : Access is denied."

Reason
The credential provided (username/password) while adding the system, does not have administrator privileges.
Solution
Enter the username with administrator privileges or create a new user account with administrator privileges and use the same.
» Top

5. Asset discovery/scan of a Windows system fails with error message "Unable to locate SAMBA service". Security Manager Plus server is installed in a Linux machine.

Reason
Samba package is not installed in the Security Manager Plus server machine.
Solution
Download Samba package (samba-tng) from http://download.samba-tng.org/tng/ and install it. Point SAMBA_HOME to the Samba installation directory. (Edit the file run.sh present in scripts directory and set the following in the script at line 2 : export SAMBA_HOME=/usr/local/samba or whatever is the installation directory.)
» Top

Scan

1. Scan does not work, scan result shows 0 vulnerabilities

Reason
Vulnerability Database is not up to date
Solution
Update your Security Manager Plus Server vulnerability database with the latest vulnerability signatures from the Central Repository Server hosted in Manageengine site, by clicking the "Update Vulnerability Database Now" button (Admin » Vulnerability Updates).
Reason
Scan times out
Solution
Set proper timeout values for Security Manager Plus to discover and scan your assets, based on your network configuration and load. You can Set Timeouts in the Discovery and Scan view of the Admin page (Admin » Discovery and Scan).
» Top

2. Vulnerability results for scans performed for windows machines shows "No records found" for Missing Patches.

Reason
Windows administrator credentials not supplied before performing the scan.
Solution
Credentials are needed for detecting windows registry misconfiguration and for detecting missing patches. Provide the credential details in the Manage Credentials view of the Admin page (Admin » Manage Credentials).
Reason
Samba-TNG software is not installed
Solution
If you intend to run the Security Manager Plus Server in Linux OS, ensure that Samba-TNG software (version 0.4 and above) is installed. This software facilitates communication between the Linux server and target Windows machines. Useful while identifying missing patches in target Windows machine. You can download the software from : http://download.samba-tng.org/tng .
» Top

3. Sometimes the scan is taking a lot of time to complete and at times it does not complete at all. Why ?

Reason
Scan Timeout
Solution
This happens if the Scan Timeout has been set with high values. For default values refer Discovery and Scan - Timeouts (Admin » Discovery and Scan).
Reason
All Ports option is selected for TCP Ports to Scan (Admin » Discovery and Scan).
Reason
Scanning a large number of IPs / hosts in a single scan
Solution
Limit the number of IPs / hosts that is scanned per scan.
Reason
Performing Exhaustive brute-force level (Admin » Discovery and Scan) checks while scanning
» Top

4.Security Manager Plus agent is running on a Windows XP SP2 machine but scan of this machine fails with 'Connection timed out' error. Why ?

Reason
The Windows firewall is turned on is this machine and it blocks the agent port (default 9005) to be accessed by the server
Solution
Go to Control Panel --> Windows Firewall --> Exceptions tab and add a TCP port exception (Add Port) for the agent's default port 9005. Retry scanning.
» Top

5.When scanning a system, scan fails with error: "Unable to create service in the remote machine." Why ?

Reason
Remote Registry Service may not be running in the target system
Solution
Go to Control Panel --> Administrative Tools --> Services on the target system, locate the Remote Registry Service and ensure that it is running.
» Top

6. What are the conditions to be met for a successful scan in remote mode?

  1. Ensure that User name in the credentials form is given in the format <Domain Name>\<User Name> or <System Name>\<User Name>
  2. Ports 135, 139 and 445 must be open in the target system and must be accessible from SMP server (i.e., File & Printer Sharing must be enabled and NetBios over TCP/IP must be enabled)
  3. Admin$ share must be enabled in the target system and must be accessible from SMP server
  4. Remote Registry service must be running in the target system. When you run 'regedit' in the SMP server system and connect to the remote registry of the target sytem, it must go through.
  5. When you go to Windows Services applet from Control Panel in the SMP server's system and connect to the Remote computer to see its services, it must go through.
  6. In the local security policy of the target system, go to 'Security Options' and check the value of 'Network security: Sharing and security model for local accounts'.  The value must be 'Classic'
  7. Remote DCOM must be enabled for inventory scanning. In the target system, click Start --> Run, type 'dcomcnfg' and click OK. Go to Component Services ---> Computers ---> My Computer, Right Click on My Computer and click Properties, click "Default Properties" tab, see if "Enable Distributed COM in this computer" is "Selected". "Default Authentication Level" must have the value "Default" and "Default Impersonation Level" must have the value "Impersonate". Click "COM Security" tab and see if the "User Name" you have configured for that Asset in Security Manager Plus is present in the "Edit Limits" for both "Access Permissions" and "Launch and Activation Permissions" and that all permissions are "Allowed" for the user.
» Top

Patch Deployment

1. When deploying patches, patch deployment fails with the error : "Failed to execute the patch. The file may either be corrupted or may not be an exe file." or "Failed to push the patch to the remote m/c. Check if the file really exists in the server store

Reason
You are using a NAT router/firewall and the external IP address of this device is being set as IP address of the Security Manager Plus Server machine and sent to the target machine. Because of this, the patch is unable to be downloaded into the target system for installation. Ideally, the internal IP address of the server should be received by the target machine.
Solution
Check if you are able to reach the Security Manager Plus Server machine using the same external IP address from the URL : http://<IP Address:port number>/store/patchname (URL will be present in the error message), from the target machine. If this fails (as the external IP address will not be accessible from the target machine), do appropriate network configurations for the internal IP address (of the server machine) to be returned, and retry the deployment.
Reason
The system on which the Security Manager Plus Server is installed has more than one NIC (Network Interface Card), each with a different IP Address - one for special use and the other for the local LAN. The Security Manager Plus Server has picked up the IP address other than the one that is used in the local LAN.
Solution
Ensure that the target system (Agent/Agentless) can connect to the Security Manager Plus Server using the local LAN IP of Server, after disabling the NIC used for special purpose. Also, check the size of the particular patch file in the/store directory.
» Top

2. When deploying MS Office patches, patch deployment fails with error: "Failed to create/run service in remote system"

Reason
Login Account Information is required in Security Manager Plus's windows service.
Solution

Go to Control Panel -->Administrative Tools --> Services applet. Select 'ManageEngine Security Manager Plus' service. Right-click to view 'Properties'. From Properties window, visit the 'LogOn' tab. Check if 'This account' radio button is selected and the credentials of a 'domain user' have been provided (this is important!).

If not (i.e. if the 'Local System account' radio button is selected), swap the radio button to set 'This account' and provide a domain user credentials. After this restart the Security Manager Plus service.

Now rescan the target machines and perform patch deployment.

Reason
Credentials format incorrect for target system
Solution

Ensure that the credentials (username/password combination) supplied for the target system is in the format: <domain name>\<username> or <system name>\<user name>. The username should have administrator privileges.

» Top

3. When running the Linux package management scripts (kickstart.sh / scan.sh), an error occurs. Why?

Reason
Proxy setting not specified correctly in the Linux patch management scripts
Solution

Check whether proxy settings specified in kickstart.sh are correct and the target Linux distribution is handled in kickstart and scan scripts. You can verify this from Admin tab --> Linux Package Management Scripts screen and test the scripts.

Reason
Credentials format incorrect for target system
Solution

Ensure that the credentials (username/password combination) supplied for the target system is in the format: <domain name>\<username> or .\<user name>. The username should have administrator privileges.

» Top

 

Others

1. Got the following error while updating the vulnerability database : " Error occurred while updating the Database - Error Message : Could not contact the Central Server " .

Reason
Security Manager Plus Server machine has no access to the Internet
Solution
The Security Manager Plus Server machine must have access to the Internet for it to download the latest vulnerability signatures from the Central Repository Server hosted in the Manageengine site.
Reason
Proxy Settings not configured
Solution
If you access the Internet through a Proxy Server, then you need to configure the proxy server details in Proxy Settings view of the Security Manager Plus Admin page ( Admin » Proxy Settings) . Ensure that all the required proxy server parameters are provided correctly.
How to update vulnerability and patch databse manually?

Refer Vulnerability database and Patch database manual update page: http://sync.patchquest.com/scanficrs/manual_update/

» Top

Network Security Scanner & Patch Management Software trusted by

  •  
  •  
  •  
  •  
  •  
  •