Ensure that you uninstall the product only after the Security Manager Plus MySQL Server instance (mysqld-nt.exe process in Windows Task Manager) has been terminated completely after the server shutdown.

2. Server-startup fails.

Reason

During the previous run of the Security Manager Plus Server if you had terminated the server abruptly or there was an unclean shutdown then some of the server processes would not have been terminated and the MySQL server instance would continue to run in the system.

Solution

Forcefully terminate the wrapper.exe, mysqld-nt.exe and java.exe processes and then try starting the SMP Server again.

Reason

Is a Personal Firewall running in the system in which Security Manager Plus Server is installed ? Security Manager Plus Server will open available ports during Server Startup and if the firewall does not allow opening of ports, then Server startup will fail.

Solution

Disable the Personal Firewall.

Reason

Any other

Solution

In Windows, use the 'Show Startup Logs' option from the Security Manager Plus System Tray Icon, to view the startup logs and see if you can find the cause for the failure.

Also zip the logs directory from <Security Manager Plus_Home> and send it to securitymanagerplus-support (at) manageengine (dot) com so that we can analyze and get back to you.

3. (In Linux) When I start the server it shows "java.io.FileNotFoundException .. (Permission Denied)" ?

Reason

The Security Manager Plus Server might have been initially started in super user mode, then subsequently restarted in the normal user mode.

Solution

Run the server only in the normal user mode. Give ownership to all the files under <Security Manager Plus_Home> installation directory, as shown below : chown -R <username> <groupname>

4. When I start the Security Manager Plus Server, I am getting the following error "Error: write on output file failed err=28" ?

Reason

This error occurs if there is not enough Hard Disk space.

Solution

Security Manager Plus Server installation and start-up requires a minimum of 200 MB Hard Disk space.

5. When I start the Security Manager Plus service from system tray icon, I receive the message "Failed to start the Security Manager service. Reason: Access is denied"

Reason

SMP Service, by default, runs under local system account. If the logged in user does not have permissions to manage the services that runs under local system account, then access denied message will be displayed.

Solution

To manage SMP service from tray icon, follow these instructions :

Go to SMP installation system and exit the SMP system tray icon
Go to Start ---> Programs ---> ManageEngine Security Manager Plus ----> Right click on 'Show Tray Icon' and click "Run as"
Provide Administrator credentials in the dialog and then click OK
Now the SMP Service can be started/stopped from the SMP tray icon.

Web Client

1. I am unable to access Security Manager Plus Server through the Web Client. Why ?

Reason

Security Manager Plus Server not started

Solution

Start the Security Manager Plus server from the Task Tray Icon or Start Menu --> Programs --> ManageEngine Security Manager Plus --> Start Security Manager Plus Service (Windows) or by executing Security Manager Plus.sh start from 'bin' directory (Linux)

Reason

Wrong URL

Solution

Make sure that the correct URL is used to connect to the server, namely, http://<Security Manager PlusServerHost>:port_number/ (e.g. http://localhost:6262/ ).
The default web server port is 6262, provided this default port had not been changed during server startup.

Note : Security Manager Plus Server and Web Client also can communicate through https via port 6767 (default).

Reason

You did not accept the Security Certificate while connecting to the server

Solution

You must accept the security certificate that is presented to you while connecting to the Security Manager Plus Server. This is perfectly safe and necessary for the Web Client to access the Security Manager Plus Server.

Reason

The trial period of the Security Manager Plus Server would have expired.

Solution

Restart the Security Manager Plus Server to move to Free Edition or contact sales@adventnet.com for obtaining the Annual Subscription Professional License.

Reason

Security Manager Plus is running as a Linux service.

Solution

Edit the file wrapper.conf present in "conf" directory and change headless="true". Then Restart Security Manager Plus Service and access the web console.

2. Why does my Web Client user interface looks crippled ?

Reason

Incompatible Browser

Solution

Refer to the Security Manager Plus system requirement, and see whether your browser is supported.

Reason

JavaScript not enabled

Solution

JavaScript has to be enabled in your browser for you to work with Security Manager Plus Web Client.

3. I am repeatedly seeing the login screen. Why ?

Reason

Your browser does not accepts cookies.

Solution

Cookies should be accepted by your browser in order to communicate with the Security Manager Plus Server seamlessly.

Asset Discovery

1. Security Manager Plus is unable to discover my network assets. Why ?

Reason

Assets not reachable

Solution

Ensure that the IP address or host names are correct and are reachable through either TCP or ICMP ping. You can configure the ports to be used for TCP ping in the Admin page (Admin » Discovery and Scan).

Reason
WinPCap library conflict. Security Manager Plus uses NMap / WinPCap for Asset discovery, OS Detection & Port scanning and if some other application with a different version of WinPCap is installed in the same system, Asset discovery might fail.

Solution
Download NMap from here (http://nmap.org/dist/nmap-4.76-setup.exe) and install it in SMP Server system. WinPCap will be installed along with NMap during the installation process. Then try Asset Discovery from SMP

2. OS detection is not happening correctly in Linux systems. Why ?

Reason

Super User privileges is needed for NMap based OS detection.

Solution

Run "nmapOSdetect.sh" from scripts director and then try Asset discovery again.

3. Asset discovery/scan of a Windows system fails with error message "Unable to establish connection". Why ?

Reason

The target system is a Windows XP SP2 machine with 'File and Printer Sharing' disabled in the firewall and/or 'simple file sharing' enabled.

Solution

1. Enable or turn-on the "File and Printer Sharing" option in your Windows Firewall (of the target system). This can be done from Control Panel --> Windows Firewall --> Exceptions tab --> Programs and Services --> Check "File and Printer Sharing"

2. Disable simple file sharing (Uncheck the option from Windows Explorer --> Tools --> Folder Options --> View tab --> Use simple file sharing)

Reason

The system is not reachable from the Security Manager Plus server machine

Solution

Make sure that the system is alive and you are able to access it from the Security Manager Plus server machine by using :

(1) Security Manager Plus Server in Windows - run 'net use' command or UNC location (\\machine-name\ADMIN$).
Example : net use \\<machine-name>\ADMIN$ /USER:<administrator\username>

If you are unable to reach the system in these ways, contact your system administrator

(2) Security Manager Plus Server in Linux -
<SAMBA_HOME>/bin/net -S <target machine name> [-W <domain>] -U <username>%<password> and see if the command succeeds.

Reason

The 'NetBIOS over TCP/IP' options are not configured in the system you are trying to add.

Solution

To verify and confirm, go to Control Panel --> Network and Dial-up Connections --> Right-click on Local Area Connection --> Select Properties --> Internet Protocol (TCP/IP) --> Properties button --> Advanced button --> WINS tab.

From here, see if the radio-button is selected for the 'Disable NetBIOS over TCP/IP' option. If yes, please deselect this option and select the 'Enable NetBIOS over TCP/IP' option. Once this is done and the configuration is saved, retry asset discovery/scan from Security Manager Plus's web interface.

4. Asset discovery/scan of a Windows system fails with error message "Access is denied."

Reason

The credential provided (username/password) while adding the system, does not have administrator privileges.

Solution

Enter the username with administrator privileges or create a new user account with administrator privileges and use the same.

5. Asset discovery/scan of a Windows system fails with error message "Unable to locate SAMBA service". Security Manager Plus server is installed in a Linux machine.

Reason

Samba package is not installed in the Security Manager Plus server machine.

Solution

Download Samba package (samba-tng) from http://download.samba-tng.org/tng/ and install it. (configure, make, make install)
If Samba TNG is installed in the default location (/usr/local/samba), no other configuration change is necessary.
If Samba TNG is installed elsewhere, then edit run.sh and set SAMBA_HOME to the Samba installation directory at line 2.
e.g., export SAMBA_HOME=/usr/local/samba

Scan

1. Scan does not work, scan result shows 0 vulnerabilities

Reason

Vulnerability Database is not up to date

Solution

Update your Security Manager Plus Server vulnerability database with the latest vulnerability signatures from the Central Repository Server hosted in AdventNet site, by clicking the "Update Vulnerability Database Now" button (Admin » Vulnerability Updates).

Reason

Scan times out

Solution

Set proper timeout values for Security Manager Plus to discover and scan your assets, based on your network configuration and load. You can Set Timeouts in the Discovery and Scan view of the Admin page (Admin » Discovery and Scan).

2. Vulnerability results for scans performed for windows machines shows "No records found" for Missing Patches.

Reason

Windows administrator credentials not supplied before performing the scan.

Solution

Credentials are needed for detecting windows registry misconfiguration and for detecting missing patches. Provide the credential details in the Manage Credentials view of the Admin page (Admin » Manage Credentials).

Reason

Samba-TNG software is not installed

Solution

If you intend to run the Security Manager Plus Server in Linux OS, ensure that Samba-TNG software (version 0.4 and above) is installed. This software facilitates communication between the Linux server and target Windows machines. Samba TNG is needed for scanning Windows systems in 'Remote' mode from Linux systems. For scanning in 'Agent' mode samba TNG is not needed. You can download the software from : http://download.samba-tng.org/tng . Also, refer point 5 under 'Asset Discovery'

3. Sometimes the scan is taking a lot of time to complete and at times it does not complete at all. Why ?

Reason

Scan Timeout

Solution

This happens if the Scan Timeout has been set with high values. For default values refer Discovery and Scan - Timeouts (Admin » Discovery and Scan).

Reason

All Ports option is selected for TCP Ports to Scan (Admin » Discovery and Scan).

Reason

Scanning a large number of IPs / hosts in a single scan

Solution

Limit the number of IPs / hosts that is scanned per scan.

Reason

Performing Exhaustive brute-force level (Admin » Discovery and Scan) checks while scanning

4.Security Manager Plus agent is running on a Windows XP SP2 machine but scan of this machine fails with 'Connection timed out' error. Why ?

Reason

The Windows firewall is turned on is this machine and it blocks the agent port (default 9005) to be accessed by the server

Solution

Go to Control Panel --> Windows Firewall --> Exceptions tab and add a TCP port exception (Add Port) for the agent's default port 9005. Retry scanning.

5.When scanning a system, scan fails with error: "Unable to create service in the remote machine." Why ?

Reason

Remote Registry Service may not be running in the target system

Solution

Go to Control Panel --> Administrative Tools --> Services on the target system, locate the Remote Registry Service and ensure that it is running.

6. What are the conditions to be met for a successful scan in remote mode?

Ensure that User name in the credentials form is given in the format <Domain Name>\<User Name> or <System Name>\<User Name>
Ports 135, 139 and 445 must be open in the target system and must be accessible from SMP server (i.e., File & Printer Sharing must be enabled and NetBios over TCP/IP must be enabled)
Admin$ share must be enabled in the target system and must be accessible from SMP server
Remote Registry service must be running in the target system. When you run 'regedit' in the SMP server system and connect to the remote registry of the target sytem, it must go through. (Please see if 'Remote Registry Service' is started in the target system)
When you go to Windows Services applet from Control Panel in the SMP server's system and connect to the Remote computer to see its services, it must go through.
In the local security policy of the target system, go to 'Security Options' and check the value of 'Network security: Sharing and security model for local accounts'. The value must be 'Classic'

If the target system is a Vista, here are the list of Exceptions that should be in Windows Vista Firewall (if the firewall is running) :

Core Networking
File and Print Sharing
Remote Service Management
Remote Volume Management
Windows Management Instrumentation

Patch Deployment

1. When deploying patches, patch deployment fails with the error : "Failed to execute the patch. The file may either be corrupted or may not be an exe file." or "Failed to push the patch to the remote m/c. Check if the file really exists in the server store

Reason

You are using a NAT router/firewall and the external IP address of this device is being set as IP address of the Security Manager Plus Server machine and sent to the target machine. Because of this, the patch is unable to be downloaded into the target system for installation. Ideally, the internal IP address of the server should be received by the target machine.

Solution

Check if you are able to reach the Security Manager Plus Server machine using the same external IP address from the URL : http://<IP Address:port number>/store/patchname (URL will be present in the error message), from the target machine. If this fails (as the external IP address will not be accessible from the target machine), do appropriate network configurations for the internal IP address (of the server machine) to be returned, and retry the deployment.

Reason

The system on which the Security Manager Plus Server is installed has more than one NIC (Network Interface Card), each with a different IP Address - one for special use and the other for the local LAN. The Security Manager Plus Server has picked up the IP address other than the one that is used in the local LAN.

Solution

Ensure that the target system (Agent/Agentless) can connect to the Security Manager Plus Server using the local LAN IP of Server, after disabling the NIC used for special purpose. Also, check the size of the particular patch file in the /store directory.

2. When deploying MS Office patches, patch deployment fails with error: "Failed to create/run service in remote system"

Reason

Solution

Go to Control Panel -->Administrative Tools --> Services applet. Select 'ManageEngine Security Manager Plus' service. Right-click to view 'Properties'. From Properties window, visit the 'LogOn' tab. Check if 'This account' radio button is selected and the credentials of a 'domain user' have been provided (this is important!).

If not (i.e. if the 'Local System account' radio button is selected), swap the radio button to set 'This account' and provide a domain user credentials. After this restart the Security Manager Plus service.

Now rescan the target machines and perform patch deployment.

Reason

Credentials format incorrect for target system

Solution

Ensure that the credentials (username/password combination) supplied for the target system is in the format: <domain name>\<username> or <system name>\<user name>. The username should have administrator privileges.

3. When running the Linux package management scripts (kickstart.sh / scan.sh), an error occurs. Why?

Reason

Proxy setting not specified correctly in the Linux patch management scripts

Solution

Check whether proxy settings specified in kickstart.sh are correct and the target Linux distribution is handled in kickstart and scan scripts. You can verify this from Admin tab --> Linux Package Management Scripts screen and test the scripts.

Reason

Others

1. Got the following error while updating the vulnerability database : " Error occurred while updating the Database - Error Message : Could not contact the Central Server " .

Reason

Security Manager Plus Server machine has no access to the Internet

Solution

The Security Manager Plus Server machine must have access to the Internet for it to download the latest vulnerability signatures from the Central Repository Server hosted in the AdventNet site.

Reason

Proxy Settings not configured

Solution

If you access the Internet through a Proxy Server, then you need to configure the proxy server details in Proxy Settings view of the Security Manager Plus Admin page ( Admin » Proxy Settings) . Ensure that all the required proxy server parameters are provided correctly.

2. How to update vulnerability and patch databse manually?

Refer Vulnerability database and Patch database manual update page: http://sync.patchquest.com/scanficrs/manual_update/

3. Troubleshooting Proxy settings
If your Proxy Server is Microsoft ISA server with Integrated Authentication, please check the following :

Have you provided the user name in the format DomainName\UserName in the Proxy Settings page
In the SMP installation system, open a command prompt and type the following command :
1. net use \\ProxyServerName\c$ /user:DomainName\UserName
2. In the above command, give appropriate values for Domain Name, User Name and ProxyServerName. Provide the password when the command asks you to enter. Does this command goes through successfully without any error ?
Make sure the user account you have given in the Proxy Settings is not locked out.

Please re-enter all the values in Proxy Settings page and then save it. Now try an "Update Now" from Admin ---> Database Updates page or try a patch deployment.

Refer the Proxy Server's log files and see if it reports any error during a database update or patch download operation from SMP.
Please locate the following URLs during a Database Update in your proxy server's log files and see if there are any errors

http://sync.patchquest.com/crs/
http://sync.patchquest.com/scanficrs/

Comments (0)

RSS of this page