Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Systems with CSA not boot

After update from 6.0.1 to 6.0.2 some systems with CSA cun`t boot.

If manualy delete agent (in safe mode) - everething ok.

Few systems butable, but agent process takes more then 90% processor resourses.

Logs on CSA MC are clean

Any ideas? Manual uninstall agent on few hungreds workstaitions is unreal...

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Systems with CSA not boot

There has been a recent bug discovered with interaction of CSA and Windows 7 hosts where a file access control rule which implements digital suignature checking can cause a system to "hang" after entering credentials.  The bug is CSCtg98849.  The following workaround is provided in the bug:

Edit the "Base - Digital Signing of Downloaded Executables" rule module and disable the file access control "Send downloaded executables for scanning if opened for read".

Save the change.

Generate rules and deploy to affected hosts.

There has also been an issue seen where agents that have not received the new 6.0.2 binaries, but have had 6.0.2 rules pushed encounter issues.  The workaround in this instance is to schedule an update for the agents.

It would be advatageous to open a service request with TAC to effectively diagnose the issue, and ensure this is the proper bug for the behavior.

Scott

4 REPLIES
Cisco Employee

Re: Systems with CSA not boot

There has been a recent bug discovered with interaction of CSA and Windows 7 hosts where a file access control rule which implements digital suignature checking can cause a system to "hang" after entering credentials.  The bug is CSCtg98849.  The following workaround is provided in the bug:

Edit the "Base - Digital Signing of Downloaded Executables" rule module and disable the file access control "Send downloaded executables for scanning if opened for read".

Save the change.

Generate rules and deploy to affected hosts.

There has also been an issue seen where agents that have not received the new 6.0.2 binaries, but have had 6.0.2 rules pushed encounter issues.  The workaround in this instance is to schedule an update for the agents.

It would be advatageous to open a service request with TAC to effectively diagnose the issue, and ensure this is the proper bug for the behavior.

Scott

New Member

Re: Systems with CSA not boot

Symptoms are same, but our problem on Windows XP.

Rules were edited as recommended, waiting...

New Member

Re: Systems with CSA not boot

Scott

I have same issue with CSA 6.0.2.126 on Windows Vista x86 Enterprise.

In kernel log, I can see

.......................

csafilt: InitFilters: FwpmEngineOpen0 failed with 0xc0020035

csafilt: InitFilters: FwpmEngineOpen0 failed with 0xc0020036

csafilt: StateChangeCallback: Couldn't initialize filters (start pending)

.......................

And, there are big delay(about 50 minutes) between the first and second message.

I'm using CSA 6.0.2.126 for development, so it is not managed client.

So, can't apply your work around.

Is there workaround to avoid this issue in client side?

And, any plan to fix this issue?

Thanks in advance.

Cisco Employee

Re: Systems with CSA not boot

This does not sound like the same issue.  It would be best to open a service request with TAC specific to the Cisco product for which the unmanaged CSAgent was provided (not for CSA itself).  This will ensure the team that was responsible for creating that unmanaged agent can troubleshoot directly.

Scott

628
Views
0
Helpful
4
Replies