Endpoint Protection

When I try to run Network Threat report on SEPM 12, I get the error:

This query could not be processed for one of the following reasons:

 

1. The database query timed out. Try reducing the number of filters, or increasing the SQL Server query timeout value.

2. An unexpected error occurred. Try running the query again by using default filter values.

3. String encoding was possibly not UTF-8, and may result from copying and pasting data instead of typing data. Try typing data in the input fields.

I followed everything in this artical, http://www.symantec.com/docs/TECH101746 , but it doesn't work.

How clients are you running it for?

What happens if you try it for a specific group instead as a test?

can you increase the timeout values further say 900 seconds and check if the report is generated?

Have a look here as well and specifically regarding the further changes timeout values in httpd.conf file:

Changing timeout parameters for reviewing reports and logs

I have tried everything so far. Sybastian, I will read your artical

I tried everything it is still not working

I opened a case, will keep you posted.

Hi RSASKA!

I faced with same problem. How are your case?

I opened case with Symantec.

So far, they asked me to create a new Admin account, and then try to run the report. It works well in the new Admin, but not my original account.

Then Symantec asked me to run following query in Database

Update compliance_report set sortorder = 'EVENT_TIME', sortdir = 'desc' where user_id = 'your-account's-unique-ID' and deleted = 0 and filtername = 'Default' and compliance_type = 5;

Now in my original user Account I can run Network Threat Report > Attacks, but not Network Threat Report > Traffic

Well, report works with new account. But is it possible to remove built-in original account then?

Now, in my original user Account I can run Network Threat Report > Traffic because I ran the following query in the database:

Update firewall_report set sortorder = 'EVENT_TIME' where user_id = 'your-account's-unique-ID' and deleted = 0 and filtername = 'Default' and firewalltype = 1;

Thanks RSASKA! I appreciate your help!

I have an error with this query: "Error at line 1 Missing closing quote" but i don't know what quote it means.

What query do you have error with? Is this an SQL query? Please copy and paste.

With query that you wrote earlier:

Update firewall_report set sortorder = 'EVENT_TIME' where user_id = 'your-account's-unique-ID' and deleted = 0 and filtername = 'Default' and firewalltype = 1;

I should have been more clear:

You need to run a query to find your unique User ID

Select * from firewall_report
where user_id = (select user_id from adminuser where user_name = 'roman.levkin's login ID')
and deleted = 0;

The result will give you a table. Copy the value for USER_ID, which is your account's unique ALPHANUMERIC ID

Now, you run the query

Update FIREWALL_REPORT
set sortorder = 'EVENT_TIME'
where user_id = 'your-account's-unique-ALPHANUMERIC-ID'
and deleted = 0 and
filtername = 'Default'
and firewalltype = 1;
 

Make sure there are no spaces when you use single quotes around the user ID.

Also, it is best practice to append the schema name to the name of table. In our environment, our schema is called dbo, so it is better to run

Select * from dbo.FIREWALL_REPORT ...

Update dbo.FIREWALL_REPORT ....

Let me know if this works

Hi! I have such result of suggested query

Roman,

First time when I ran the query, it said 1 row updated and I was able to open Network Threat > Traffic logs.

Now, when I run query it also tells me 0 rows updated (I'm running MS SQL Server Management Studion 2008), because the information has already been updated.

It may be the same case for you. Can you open Network Threat > traffic logs now?

If you are unable to open these logs,try this with another user_id, and run the query again, and post the result.