Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1038
Views
0
Helpful
4
Replies

Systems with CSA not boot

Go to solution
akorotunov
Level 1
Level 1

‎05-26-2010 10:36 PM - edited ‎03-09-2019 10:59 PM

After update from 6.0.1 to 6.0.2 some systems with CSA cun`t boot.

If manualy delete agent (in safe mode) - everething ok.

Few systems butable, but agent process takes more then 90% processor resourses.

Logs on CSA MC are clean

Any ideas? Manual uninstall agent on few hungreds workstaitions is unreal...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee

‎05-27-2010 05:33 AM

There has been a recent bug discovered with interaction of CSA and Windows 7 hosts where a file access control rule which implements digital suignature checking can cause a system to "hang" after entering credentials.  The bug is CSCtg98849.  The following workaround is provided in the bug:

Edit the "Base - Digital Signing of Downloaded Executables" rule module and disable the file access control "Send downloaded executables for scanning if opened for read".

Save the change.

Generate rules and deploy to affected hosts.

There has also been an issue seen where agents that have not received the new 6.0.2 binaries, but have had 6.0.2 rules pushed encounter issues.  The workaround in this instance is to schedule an update for the agents.

It would be advatageous to open a service request with TAC to effectively diagnose the issue, and ensure this is the proper bug for the behavior.

Scott

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee

‎05-27-2010 05:33 AM

There has been a recent bug discovered with interaction of CSA and Windows 7 hosts where a file access control rule which implements digital suignature checking can cause a system to "hang" after entering credentials.  The bug is CSCtg98849.  The following workaround is provided in the bug:

Edit the "Base - Digital Signing of Downloaded Executables" rule module and disable the file access control "Send downloaded executables for scanning if opened for read".

Save the change.

Generate rules and deploy to affected hosts.

There has also been an issue seen where agents that have not received the new 6.0.2 binaries, but have had 6.0.2 rules pushed encounter issues.  The workaround in this instance is to schedule an update for the agents.

It would be advatageous to open a service request with TAC to effectively diagnose the issue, and ensure this is the proper bug for the behavior.

Scott

0 Helpful

Go to solution
akorotunov
Level 1
Level 1
In response to Scott Fringer

‎05-27-2010 06:11 AM

Symptoms are same, but our problem on Windows XP.

Rules were edited as recommended, waiting...

0 Helpful

Go to solution
babak.salimi
Level 1
Level 1
In response to Scott Fringer

‎11-18-2010 06:15 PM

Scott

I have same issue with CSA 6.0.2.126 on Windows Vista x86 Enterprise.

In kernel log, I can see

.......................

csafilt: InitFilters: FwpmEngineOpen0 failed with 0xc0020035

csafilt: InitFilters: FwpmEngineOpen0 failed with 0xc0020036

csafilt: StateChangeCallback: Couldn't initialize filters (start pending)

.......................

And, there are big delay(about 50 minutes) between the first and second message.

I'm using CSA 6.0.2.126 for development, so it is not managed client.

So, can't apply your work around.

Is there workaround to avoid this issue in client side?

And, any plan to fix this issue?

Thanks in advance.

0 Helpful

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee
In response to babak.salimi

‎11-19-2010 03:36 AM

This does not sound like the same issue.  It would be best to open a service request with TAC specific to the Cisco product for which the unmanaged CSAgent was provided (not for CSA itself).  This will ensure the team that was responsible for creating that unmanaged agent can troubleshoot directly.

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents