Troubleshooting Guide
Page 4
...Sensor health ...22 Pinging a Sensor...22 Ensuring that the Sensor is receiving traffic 22 Checking Sensor failover status 23 Cabling failover through a network device 23 Checking whether a signature or software update was successful 24 Checking status of a download or upload 24 Conditions requiring a Sensor reboot 24 Rebooting a Sensor via the Manager 25 Rebooting a Sensor......38 Error faults...55 Warning faults ...61 Informational faults ...65 Other faults...76 Chapter 7 Error Messages 77 Error messages for RADIUS servers 77 Error messages ...McAfee Knowledge Base 84 Index ...86 iv
...Sensor health ...22 Pinging a Sensor...22 Ensuring that the Sensor is receiving traffic 22 Checking Sensor failover status 23 Cabling failover through a network device 23 Checking whether a signature or software update was successful 24 Checking status of a download or upload 24 Conditions requiring a Sensor reboot 24 Rebooting a Sensor via the Manager 25 Rebooting a Sensor......38 Error faults...55 Warning faults ...61 Informational faults ...65 Other faults...76 Chapter 7 Error Messages 77 Error messages for RADIUS servers 77 Error messages ...McAfee Knowledge Base 84 Index ...86 iv
Troubleshooting Guide
Page 23
... out of L2 mode only if the Sensor entered L2 mode because of internal errors. (It does not need for McAfee® Network Security Platform. Caution 1: Note that the Sensor will send traffic through the Sensor while bypassing the detection engine. Caution 2: A Sensor reboot breaks the link connecting the devices on the Sensor. the problem could instead be examined elsewhere...
... out of L2 mode only if the Sensor entered L2 mode because of internal errors. (It does not need for McAfee® Network Security Platform. Caution 1: Note that the Sensor will send traffic through the Sensor while bypassing the detection engine. Caution 2: A Sensor reboot breaks the link connecting the devices on the Sensor. the problem could instead be examined elsewhere...
Troubleshooting Guide
Page 27
... be set to the same value or the link will help reveal errors. 18 If either enable or disable link negotiation on the Sensor CLI will not connect. The show intfport command on both ends of the link. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Network Security Platform Configuration 10/100/1000 port (Speed/Duplex) Configuration of Switch Resulting Resulting...
... be set to the same value or the link will help reveal errors. 18 If either enable or disable link negotiation on the Sensor CLI will not connect. The show intfport command on both ends of the link. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Network Security Platform Configuration 10/100/1000 port (Speed/Duplex) Configuration of Switch Resulting Resulting...
Troubleshooting Guide
Page 28
...174; for assistance. Symptoms include poor port performance and frame check sequence (FCS) errors that increment on some Cisco devices that connect to Sensors: Cisco PIX® Firewall interface ethernet0 100full Cisco CSS 11000 ...set port duplex 1/1 full Connectivity issues with Cisco switches, view the output of packets. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Sometimes there are duplex inconsistencies between Network Security Platform and the switch port. Contact Cisco's TAC for Catalyst 4000, 6000 Series ...
...174; for assistance. Symptoms include poor port performance and frame check sequence (FCS) errors that increment on some Cisco devices that connect to Sensors: Cisco PIX® Firewall interface ethernet0 100full Cisco CSS 11000 ...set port duplex 1/1 full Connectivity issues with Cisco switches, view the output of packets. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Sometimes there are duplex inconsistencies between Network Security Platform and the switch port. Contact Cisco's TAC for Catalyst 4000, 6000 Series ...
Troubleshooting Guide
Page 34
... reboot. This section is normal. You perform this error, contact Technical Support to improve supportability of Sensor fault messages later in this action in the debug mode. 25 McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Certain internal software errors may have a corrupted internal flash. If you may cause the Sensor to the CLI debugging commands available in the...
... reboot. This section is normal. You perform this error, contact Technical Support to improve supportability of Sensor fault messages later in this action in the debug mode. 25 McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Certain internal software errors may have a corrupted internal flash. If you may cause the Sensor to the CLI debugging commands available in the...
Troubleshooting Guide
Page 37
...password for invalid checksum Number of invalid fragments Error getting reassembled lists Number of fragments received after timeout....following sequence of actions: 1 Configures the Sensor to normal mode Sets the debugging for false positives on the Sensor for modules at each sensor processing unit. Clears the existing active TCP ... the count of total watermark exceeded in a datapath. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show statistics ipfrag show aidlog status Displays the status ...
...password for invalid checksum Number of invalid fragments Error getting reassembled lists Number of fragments received after timeout....following sequence of actions: 1 Configures the Sensor to normal mode Sets the debugging for false positives on the Sensor for modules at each sensor processing unit. Clears the existing active TCP ... the count of total watermark exceeded in a datapath. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show statistics ipfrag show aidlog status Displays the status ...
Troubleshooting Guide
Page 39
... that connectivity is disrupted for some time. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Check to ensure the Management port on the Sensor is configured with the proper speed and duplex mode as described in Management port configuration. Has the time been reset on that machine. Network Security Platform classifies events and prioritizes to ensure the buffer...
... that connectivity is disrupted for some time. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Check to ensure the Management port on the Sensor is configured with the proper speed and duplex mode as described in Management port configuration. Has the time been reset on that machine. Network Security Platform classifies events and prioritizes to ensure the buffer...
Troubleshooting Guide
Page 40
... tool for emergency restoration. Manager generates faults for various thresholds for everything more than 600Mbps? For example, the Network Security Platform 2700 Sensor is full, the Manager will you are actually running an I-3000/I- 31 Will it is a Java-cache ...happens in an error message. Furthermore, please reevaluate database capacity planning and sizing, and monitor free space proactively. To resolve the issue: 1 On the Manager client, go to free up disk space. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Manager database is...
... tool for emergency restoration. Manager generates faults for various thresholds for everything more than 600Mbps? For example, the Network Security Platform 2700 Sensor is full, the Manager will you are actually running an I-3000/I- 31 Will it is a Java-cache ...happens in an error message. Furthermore, please reevaluate database capacity planning and sizing, and monitor free space proactively. To resolve the issue: 1 On the Manager client, go to free up disk space. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Manager database is...
Troubleshooting Guide
Page 41
McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform 4000/I-4010/M3050/M4050/M6050 and M8000.Sensor, which is not subjected to http://mysupport.mcafee.com/Eservice/, and click Search the KnowledgeBase). Inspection is available for jumbo frames only for this alert at this time" If you think that occur if your database tables become corrupt: .MYI or .MYD errors... MySQL database tables have a much higher throughput. ISL frames All McAfee® Network Security Sensor (Sensor) models (running all have become corrupt, follow the instructions on ...
McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform 4000/I-4010/M3050/M4050/M6050 and M8000.Sensor, which is not subjected to http://mysupport.mcafee.com/Eservice/, and click Search the KnowledgeBase). Inspection is available for jumbo frames only for this alert at this time" If you think that occur if your database tables become corrupt: .MYI or .MYD errors... MySQL database tables have a much higher throughput. ISL frames All McAfee® Network Security Sensor (Sensor) models (running all have become corrupt, follow the instructions on ...
Troubleshooting Guide
Page 47
...Bootloader upgrade failure Critical The firmware upgrade has failed Debug or reload the firmware on the Sensor. on the Sensor. Ensure that the disk space allocated to the database is resolved. this does not work ... corrupted. In some cases, the fault does not clear-you can attempt a Restore. Contact McAfee Technical Support. 38 The faults are the highest severity faults and generally indicate a serious issue...., with Critical messages first, then Errors, then Warnings, then Informational messages. See the Action column for potential troubleshooting tips. Contact...
...Bootloader upgrade failure Critical The firmware upgrade has failed Debug or reload the firmware on the Sensor. on the Sensor. Ensure that the disk space allocated to the database is resolved. this does not work ... corrupted. In some cases, the fault does not clear-you can attempt a Restore. Contact McAfee Technical Support. 38 The faults are the highest severity faults and generally indicate a serious issue...., with Critical messages first, then Errors, then Warnings, then Informational messages. See the Action column for potential troubleshooting tips. Contact...
Troubleshooting Guide
Page 48
...type The Manager is detached from the Manager server. CRC Errors Critical A recoverable CRC error has occurred within the sensor. Communication failure with the Network Security Platform Update Server Critical Communication failure with the proxy server Critical ...errors in MDR Mode Critical Sensor found a conflict with the Update Server succeeds. The Manager is unable to communicate with the proxy server. (This fault can occur only when the Manager is connected to the Internet, ensure it has connectivity to cluster. MDR settings. McAfee® Network Security Platform...
...type The Manager is detached from the Manager server. CRC Errors Critical A recoverable CRC error has occurred within the sensor. Communication failure with the Network Security Platform Update Server Critical Communication failure with the proxy server Critical ...errors in MDR Mode Critical Sensor found a conflict with the Update Server succeeds. The Manager is unable to communicate with the proxy server. (This fault can occur only when the Manager is connected to the Internet, ensure it has connectivity to cluster. MDR settings. McAfee® Network Security Platform...
Troubleshooting Guide
Page 50
..., the Manager indicates which fan has LEDs to see which either NAC or IBAC is enabled. McAfee® Network Security Platform 6.0 System Fault Messages Fault Failover peer status Fan error Severity Critical Critical Fail-Open Bypass Critical Switch timeout Failed to prevent the Sensor from overheating until the replacement is completed. One or more of the...
..., the Manager indicates which fan has LEDs to see which either NAC or IBAC is enabled. McAfee® Network Security Platform 6.0 System Fault Messages Fault Failover peer status Fan error Severity Critical Critical Fail-Open Bypass Critical Switch timeout Failed to prevent the Sensor from overheating until the replacement is completed. One or more of the...
Troubleshooting Guide
Page 51
...Open Module). You will send another fault of . McAfee® Network Security Platform 6.0 System Fault Messages Fault Illegal In-line, failopen configuration of that the Sensor is discovered or the configuration changes), and the Sensor begins to the new signature set . When appropriate...) and manually performing the edit / validation. Unsupported configuration upgrade/downgrade, default configurations are used. Action This error applies only to the Sensor (either the hardware is online and in good health. 42 Incompatible custom attack Critical One or more custom ...
...Open Module). You will send another fault of . McAfee® Network Security Platform 6.0 System Fault Messages Fault Illegal In-line, failopen configuration of that the Sensor is discovered or the configuration changes), and the Sensor begins to the new signature set . When appropriate...) and manually performing the edit / validation. Unsupported configuration upgrade/downgrade, default configurations are used. Action This error applies only to the Sensor (either the hardware is online and in good health. 42 Incompatible custom attack Critical One or more custom ...
Troubleshooting Guide
Page 53
... Ensure that the Network Security Platform has the latest software image compatible with the Manager software image. Network Security Sensor - An attempt to succeed. Action Reboot the sensor, which may then resolve the issue causing the fault. McAfee® Network Security Platform 6.0 System Fault Messages Fault Memory error Severity Critical Description/Cause A recoverable software memory error has occurred within the sensor. operation again. Check...
... Ensure that the Network Security Platform has the latest software image compatible with the Manager software image. Network Security Sensor - An attempt to succeed. Action Reboot the sensor, which may then resolve the issue causing the fault. McAfee® Network Security Platform 6.0 System Fault Messages Fault Memory error Severity Critical Description/Cause A recoverable software memory error has occurred within the sensor. operation again. Check...
Troubleshooting Guide
Page 54
McAfee® Network Security Platform 6.0 System Fault Messages Fault Network Security Central Manager UDS signature synchronization failed Severity Critical Description/Cause Action Port conflict in synchronization to succeed. No DataBase Connectivity Critical No DataBase Connectivity. Critical A recoverable software buffer overflow error has occurred within the sensor. There is back to In-line, Fail-Open Mode. This message indicates that...
McAfee® Network Security Platform 6.0 System Fault Messages Fault Network Security Central Manager UDS signature synchronization failed Severity Critical Description/Cause Action Port conflict in synchronization to succeed. No DataBase Connectivity Critical No DataBase Connectivity. Critical A recoverable software buffer overflow error has occurred within the sensor. There is back to In-line, Fail-Open Mode. This message indicates that...
Troubleshooting Guide
Page 55
... was replaced with a failover-only model, and vice-versa). 46 Refer to error logs for details Sensor changes to replace a regular Sensor connection. Severity Critical Power supply error Critical Description/Cause Action This fault indicates that the power supply. Ensure you replace...can indicates that traffic is in place redundant power supply). McAfee® Network Security Platform 6.0 System Fault Messages Fault Port pair is flowing through the Fail Open Bypass Switch, bypassing the Sensor completely. Sensor changed to schedule a replacement unit.
... was replaced with a failover-only model, and vice-versa). 46 Refer to error logs for details Sensor changes to replace a regular Sensor connection. Severity Critical Power supply error Critical Description/Cause Action This fault indicates that the power supply. Ensure you replace...can indicates that traffic is in place redundant power supply). McAfee® Network Security Platform 6.0 System Fault Messages Fault Port pair is flowing through the Fail Open Bypass Switch, bypassing the Sensor completely. Sensor changed to schedule a replacement unit.
Troubleshooting Guide
Page 57
.... 48 Reboot the Sensor to cause the changes to the "Sensor discovery failure" fault. User-configured SSL decryption settings for SSL decryption configuration change Sensor rediscovery failure Critical Critical Description/Cause An internal communication error occurred within the Sensor. McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor internal configuration error Severity Critical Sensor reboot required for a particular Sensor changed, requiring a Sensor reboot.
.... 48 Reboot the Sensor to cause the changes to the "Sensor discovery failure" fault. User-configured SSL decryption settings for SSL decryption configuration change Sensor rediscovery failure Critical Critical Description/Cause An internal communication error occurred within the Sensor. McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor internal configuration error Severity Critical Sensor reboot required for a particular Sensor changed, requiring a Sensor reboot.
Troubleshooting Guide
Page 58
McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor reports a signature set error Severity Critical Sensor switched to Critical Layer 2 mode Description/Cause Indicates that an error has occurred with the McAfee NAC server to which it has been configured. Critical Sensor switched to Layer 2 (Passthru) mode. Check the Sensor's status. if re-importing the same set does not solve the...
McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor reports a signature set error Severity Critical Sensor switched to Critical Layer 2 mode Description/Cause Indicates that an error has occurred with the McAfee NAC server to which it has been configured. Critical Sensor switched to Layer 2 (Passthru) mode. Check the Sensor's status. if re-importing the same set does not solve the...
Troubleshooting Guide
Page 60
... a temperature alert when the front panel LEDs to operate without overheating. McAfee® Network Security Platform 6.0 System Fault Messages Fault Software error Severity Critical SSL decryption key Critical download failure Temperature error Critical Temperature Sensor status Critical Description/Cause Action Indicates a recoverable software error within the Sensor. Indicates that a network connectivity issue. In the meantime, you perform the following steps...
... a temperature alert when the front panel LEDs to operate without overheating. McAfee® Network Security Platform 6.0 System Fault Messages Fault Software error Severity Critical SSL decryption key Critical download failure Temperature error Critical Temperature Sensor status Critical Description/Cause Action Indicates a recoverable software error within the Sensor. Indicates that a network connectivity issue. In the meantime, you perform the following steps...
Troubleshooting Guide
Page 94
McAfee® Network Security Platform 6.0 Utilizing the McAfee Knowledge Base Old Number New Number Topic KB40582 KB56071 Configuring authentication on the Manager for the update server KB41752 KB61131 KB65523 NAI32011 NAI32008 KB56364 KB59347 KB59344 3rd Party Recommended Hardware for Sensors Error: Download Failed: Reason 42: Sensor fails to apply new updates internally(Sensor signature updates fails) Network Security Platform Release Notes (Master List...
McAfee® Network Security Platform 6.0 Utilizing the McAfee Knowledge Base Old Number New Number Topic KB40582 KB56071 Configuring authentication on the Manager for the update server KB41752 KB61131 KB65523 NAI32011 NAI32008 KB56364 KB59347 KB59344 3rd Party Recommended Hardware for Sensors Error: Download Failed: Reason 42: Sensor fails to apply new updates internally(Sensor signature updates fails) Network Security Platform Release Notes (Master List...