Unable to edit or create IPS policies
Updated: 25 Sep 2010 | 22 comments
Each time I try to edit an existing Intrustion Prevention policy a window will pop-up with the message "Cannot load data correctly. See the console log for details."
Decided to delete the existing policies and create from scratch. But when I go to the Exceptions screen and click the Add button I got a pop-up window "Cannot load metadata file. See the console log for details".
This started a few days after upgrading to RU5 (although that may not be related). Can't find any documents related to this type of error message.
discussion Filed Under:
Comments
hii
start-run
%temp%
delete all the temp files
restart sepm service
try to create the policy again.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
I deleted all the temp files,
I deleted all the temp files, restarted the service, but still have the same error message.
Run Management server
Run Management server configuration wizard once.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Do a repair for SEPM from
Do a repair for SEPM from add/remove programs..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Hi, Go to
Hi,
Go to start->run-> %temp%
You will find a logfile by the name: scm-ui.log
Please open that file when you get this error and let us know if you find any errors there.
Aniket
Here are the last few entries
Here are the last few entries from scm-ui.log. The part of the log I included begins with me clicking on the Policies button and it shows one IPS policy called "test1" and one custom IPS policy.
MainPanel::Button clicked end: [Policies]: 1268158094399, duration: 6.124s (6124.0)
>>> getPoliciesAppliedCount: [5] 1268158094914, duration: 0.515s (515.0)
>>> GetObjectInfo: [2] 1268158100149, duration: 0.451s (451.0)
[0]: test1
[1]: Sample Custom IPS signature - Block access to Google.com
>>> GetObject(getObjectByGUID): FwIdsLibrary 754970B2AC19505F01BC152774FB9584 1268158101256, duration: 0.81s (810.0)
>>> getPoliciesAppliedCount: [2] 1268158101770, duration: 0.483s (483.0)
Tue Mar 09 13:08:24 EST 2010: Refreshing Timer1
Tue Mar 09 13:08:24 EST 2010: Refreshing Timer2
>>> GetObject(getObjectByGUID): IdsPolicy 25837DD2AC19FB0C011B8540E95B6480 1268158106286, duration: 0.187s (187.0)
>>> getPoliciesAppliedCount: [2] 1268158106535, duration: 0.234s (234.0)
Id :25837DD2AC19FB0C011B8540E95B6480
>>> GetObject(getObjectByGUID): SemClientGroupTree 31A43263AC19FB0C013EC1AEB9FB73A4 1268158107190, duration: 0.141s (141.0)
GroupHandler>> generateGroupTreeRefreshChecksum: checksum=3490071836, time=1268158107190, duration: 0.0s (0.0)
>>> GetObject(getObjectByGUID): LuSesmContentCatalog B20B6E870A980D7A00AF2A50862A396D 1268158121918, duration: 0.686s (686.0)
>>> GetObject(getObjectByGUID): LuDownloadedContentArray 6028C6E625754ECE4312D41CB963A039 1268158122276, duration: 0.358s (358.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy E1CE467BAC19FB0C00146D8CE3ABDAB2 1268158122619, duration: 0.343s (343.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy AF47797CAC19FB0C0189A7C14F5C2AA1 1268158122931, duration: 0.312s (312.0)
>>> GetObject(getObjectByGUID): LuContentPolicy C3C88736AC19FB0C01EB534BE1BD07B3 1268158123180, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 078F2F5EAC19FB0C011FD5937C76622B 1268158123414, duration: 0.234s (234.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 0C4B0F74AC19FB0C01BC370B4AF0F9E9 1268158123663, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy A1D4D029AC19FB0C002231239D2F6C42 1268158123975, duration: 0.312s (312.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 7471C462AC19FB0C0106ED55D6002221 1268158124255, duration: 0.28s (280.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy 10D9D612AC19FB0C01697A3DBE9761C1 1268158124520, duration: 0.265s (265.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy C37467D2AC19FB0C007E748CE2C9669C 1268158124645, duration: 0.125s (125.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy E7594254AC19505F011CCE1E4E408574 1268158124863, duration: 0.218s (218.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 22ABC9DDAC19FB0C006163A6837E6D88 1268158125112, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy CC2AC363AC19FB0C01C8BBBDD9CE5957 1268158125315, duration: 0.203s (203.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 49E3E076AC19FB0C01EDA0FA0110BD51 1268158125596, duration: 0.281s (281.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy 55AF4FFCAC19FB0C019328343F626ABE 1268158125829, duration: 0.233s (233.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy A351DFCEAC19FB0C0186D9FA09327FCF 1268158125985, duration: 0.156s (156.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy 55F7D4A1AC19505F011F0F24D20BA78C 1268158126266, duration: 0.281s (281.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 3E817856AC19505F001BA1F11964EBEC 1268158126515, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy 34B1F8CEAC19505F013FBF92FCA3F680 1268158126842, duration: 0.327s (327.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 7106921DAC19505F01EB41D216A3472A 1268158127107, duration: 0.265s (265.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy C13F374EAC19505F01F07377E7B792AD 1268158127201, duration: 0.094s (94.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy AC1FF6AAAC19505F009F7916ED5465B1 1268158127434, duration: 0.233s (233.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy E98C1BA1AC19505F014E639CC050500A 1268158127590, duration: 0.156s (156.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 2AE65ED7AC19505F01BD06B0C42F78E3 1268158127824, duration: 0.234s (234.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy 003F9C0EAC19505F000BFC865C58F47E 1268158127995, duration: 0.171s (171.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy 67853D35AC19505F01D26318190F45D6 1268158128104, duration: 0.109s (109.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy EFCD4BEDAC19505F010E518E8BE53912 1268158128229, duration: 0.125s (125.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy DB7D3CE0AC19505F00E485042564507E 1268158128354, duration: 0.125s (125.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy 4B177A76AC19505F015AD89976ACEDC1 1268158128556, duration: 0.202s (202.0)
I can't be certain but I think these errors showed up in scm-ui.err about the same time I tried to add exceptions to the policy.
ERROR:GUIManager::getObject(): PhysicalFile F3FFAD206E1A5EF09547DDB348E0E9E6
ERROR:GUIManager::getObject(): PhysicalFile F3FFAD206E1A5EF09547DDB348E0E9E6
com.sygate.scm.console.util.ConsoleException: The object cannot be found. [0x16010000]
at com.sygate.scm.console.util.GUIManager.getObject(GUIManager.java:438)
at com.sygate.scm.console.util.DataobjectManager.getObjectByGUID(DataobjectManager.java:365)
at com.sygate.scm.console.util.DataobjectManager.getObjectByGUID(DataobjectManager.java:350)
at com.sygate.scm.console.util.DataobjectManager.getPhysicalFile(DataobjectManager.java:638)
at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.initializeData(IdsMetadataObject.java:75)
at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.<init>(IdsMetadataObject.java:53)
at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.getCurrentObject(IdsMetadataObject.java:227)
at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.getIdsMetadataEventList(IdsMetadataObject.java:221)
at com.sygate.scm.console.ui.policy.ids.dialog.IdsExceptionPanel.addException(IdsExceptionPanel.java:266)
at com.sygate.scm.console.ui.policy.ids.dialog.IdsExceptionPanel$3.actionPerformed(IdsExceptionPanel.java:250)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
at java.awt.Component.processMouseEvent(Component.java:6263)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
at java.awt.Component.processEvent(Component.java:6028)
at java.awt.Container.processEvent(Container.java:2041)
at java.awt.Component.dispatchEventImpl(Component.java:4630)
at java.awt.Container.dispatchEventImpl(Container.java:2099)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4238)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
at java.awt.Container.dispatchEventImpl(Container.java:2085)
at java.awt.Window.dispatchEventImpl(Window.java:2475)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
at com.sygate.scm.console.util.KeepAlive$1.dispatchEvent(KeepAlive.java:42)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:178)
at java.awt.Dialog$1.run(Dialog.java:1045)
at java.awt.Dialog$3.run(Dialog.java:1097)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Dialog.show(Dialog.java:1095)
at java.awt.Component.show(Component.java:1563)
at java.awt.Component.setVisible(Component.java:1515)
at java.awt.Window.setVisible(Window.java:841)
at java.awt.Dialog.setVisible(Dialog.java:985)
at com.sygate.scm.console.ui.policy.explorer.ids.IDSLibraryHandler.getEditPolicy(IDSLibraryHandler.java:397)
at com.sygate.scm.console.ui.policy.explorer.common.BasePolicyHandler.editPolicy(BasePolicyHandler.java:128)
at com.sygate.scm.console.ui.policy.explorer.common.PolicyPoolPane.executeTask(PolicyPoolPane.java:127)
at com.sygate.scm.console.ui.policy.explorer.ids.IDSLibsPoolPane.executeTask(IDSLibsPoolPane.java:94)
at com.sygate.scm.console.ui.policy.explorer.common.PolicyPoolPane$PolicyTableCellListener.mouseClicked(PolicyPoolPane.java:464)
at java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:253)
at java.awt.Component.processMouseEvent(Component.java:6266)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
at java.awt.Component.processEvent(Component.java:6028)
at java.awt.Container.processEvent(Container.java:2041)
at java.awt.Component.dispatchEventImpl(Component.java:4630)
at java.awt.Container.dispatchEventImpl(Container.java:2099)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4247)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
at java.awt.Container.dispatchEventImpl(Container.java:2085)
at java.awt.Window.dispatchEventImpl(Window.java:2475)
at java.awt.Component.dispatchEvent(Component.java:4460)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
at com.sygate.scm.console.util.KeepAlive$1.dispatchEvent(KeepAlive.java:42)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
hi
open IE
type: http://localhost:9090
will download a console install it
try loggin in , try creating a policy, are you able to create ?
if so try increasing the java heap size as per this doc.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101309471148
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
I had already modified Java
I had already modified Java heap sizes back when I first installed SEPM. Minimum is 512mb and maximum is 1024mb. This is on a server with 2GB physical memory.
How many clients are managed
How many clients are managed using this SEPM?
What is OS and what is the database?
Do you tried by repairing?
Just for testing increase the physical RAM to 4 GB..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
>>How many clients are
>>How many clients are managed using this SEPM?
140 clients
2 SEPM servers (primary and backup doing once-daily replication)
>> What is OS and what is the database?
Windows 2003 Server R2 Standard Edition w/SP2 (32bit)
Embedded database
Do you tried by repairing?
If you are referring to a repair from Add/Remove Programs as suggested by Aravind the answer is no, I have not tried that yet.
>> Just for testing increase the physical RAM to 4 GB..
Increasing RAM is not an option right now. I don't understand how increasing the RAM is going to fix a problem like this. The operating system runs fine. The rest of SEPM runs fine. I have another ten to twelve policies (AV, firewall, etc) that all work fine.
hi
are you able to add new IPS policy?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
>> are you able to add new
>> are you able to add new IPS policy?
Not exactly. I can click on Add An Intrusion Prevention Policy, but when I go to the Exceptions screen and click on the Add button I get a pop-up window with the error "Cannot load metadata file. See the console log file for details".
In Add/Remove Programs I ran a repair today. There appear to be two 'parts' to this repair. The first part doesn't require any user input, and it finished without any problems. The second part is similar to what I see when I run Management Server Configuration Wizard. I tried to run through that part but I think I have lost my password for the embedded database. I have a password that works for the embedded database on the secondary SEPM - I even ran the Management Server Configuration Wizard successfully on the secondary SEPM - but that password is not working for the primary SEPM embedded database.
I should point out that on the secondary SEPM I am able to add/edit IPS policies without any problems, including adding exceptions. This problem only happens on the primary SEPM. But even if I create the policy on the second SEPM, then replicate, the problem continues to happen on the primary SEPM.
What is the version of SEPM
What is the version of SEPM ..there was similar issue fixed in MR4.
Well you can try this
Copy sesm.xml file from the other working SEPM from %temp% of that SEPM server to %temp% of your SEPM Manager.
Try repairing SEPM again..then check if it works.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
How to find the Database
How to find the Database password for Embedded Database
Check the ODBC connection also
Click Start> Control Panel
Open Administrator Tools
Double-click Data Sources (ODBC)
Select the System DSN tab
Double-click the SymantecEndpointSecurityDSN and go through the wizard to ensure the following settings:
Name: SymantecEndpointSecurityDSN
Description: <Anything>
Server: Servername\InstanceName (Can be blank as it is localized, otherwise specify default "sem5")
Login ID: dba
Password: <password>
Leave the default settings for the remaining items and click Finish
Click Test Data Source, and verify that it states "Success"
Click OK
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
The version is RU5. Tried
The version is RU5.
Tried copying sesm.xml but that did not help.
I have been able to recover the embedded database password.
Ran Add/Remove Programs and did another Repair. Was able to complete the entire thing without any problems. But still having the exact same problem creating/editing IPS policies on the primary SEPM.
I ran the DB Validation Tool (described in KB2008050810375848)
These lines seem like they are indicating a problem:
2010-03-13 20:45:14.974 INFO: *********************************************
2010-03-13 20:45:14.974 INFO: Following ids are not present in the database.
2010-03-13 20:45:14.974 INFO: *********************************************
2010-03-13 20:45:14.974 INFO: Link is broken for [2] target ids :
2010-03-13 20:45:14.974 INFO: TargetId:[F3FFAD206E1A5EF09547DDB348E0E9E6]
That last line is the same string that appears in the scm-ui.err log:
ERROR:GUIManager::getObject(): PhysicalFile F3FFAD206E1A5EF09547DDB348E0E9E6
Does this indicate a problem?
Do you checked the ODBC
Do you checked the ODBC connection status?
If yes whether it was Success?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Yes, the ODBC connection was
Yes, the ODBC connection was succesful.
Have you tried
Have you tried Editing/Modifying the database. As it looks the entry of the file is missing from the database.
You can try disaster recovery procedure once. Or else you might have to do a Un-install -Re-install-SylinkReplacer..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Uninstall SEPM with database
Uninstall SEPM with database reinstall it .Then do a disaster recovery .Refer below doc
Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
I used the Best Practices for
I used the Best Practices for Disaster Recovery document listed by AravindKM, but no luck.
1) Followed all the steps in the above document regarding preparing for disaster recovery. Including taking a current database backup.
Just for a confirmation have
Just for a confirmation have a look in the doc and assure that you are having all sufficient permissions.
Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions
Whether you was able to edit the policy before the database restore?(Install SEPM,run management server configuration wizard)
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Solved. I was able to find a
Solved.
I was able to find a solution and thought I would record it here in case anyone else has the same problem in the future.
1. On the secondary SEPM (the one that did not have the problem editing IPS policies) I deleted its replication parter.
2. On the primary SEPM I uninstalled SEPM, the SEP client, and then ran CleanWipe. Rebooted.
3. Re-installed SEPM, during installation I selected the option for "Install an additional site for replication"
4. Replication took about thirty to forty-five minutes to complete.
5. After the installation was finished I was able to create a new IPS policy on the primary SEPM server.
6. On the primary SEPM I followed the instructions found in the disaster recovery document to restore the Keystore server certificate on the primary SEPM.
1) Re-install the SSL cert in IIS (for some reason each time I uninstalled SEPM it also removed the SSL cert from IIS)
2) Re-install the SEP client on the primary SEPM
3) At this point client to primary SEPM communication was not working reliably. After much research I realized that the server.xml and keystore.jks files on the primary SEPM did not match the backup copies I had made prior to uninstalling SEPM. I stopped the SEPM service, replaced those files with backup copies, then ran Management Server Configuration Wizard.
I was able to create new IPS policies and apply them to client groups so all is good again. Thanks everyone who contributed ideas towards solving this problem.
Would you like to reply?
Login or Register to post your comment.