Loading...

Knowledge Center


Slow performance with the ePO console on the Server Task and Policy Catalog pages
Technical Articles ID:   KB83357
Last Modified:  7/5/2018

Environment

McAfee Application Control (MAC) 6.1.2
McAfee ePolicy Orchestrator (ePO) 5.1.x, 5.0.x, 4.6.x

Problem

You observe the following issues:
  • ePO console performance is slow navigating between pages.
  • Some pages, such as Server Task and Policy Catalog pages, hang for a period of time.

The server log contains the following errors for some of these sessions:

20141021130127 E #07604 DALPOLICY DALPolicyAssignments.cpp(168): COM Error 0x80040E31, source=Microsoft OLE DB Provider for SQL Server, desc=Query timeout expired, msg=IDispatch error #3121
20141021130127 E #07604 DALPOLICY DALPolicyDBManager.cpp(391): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 DALPOLICY DALPolicyDBManager.cpp(402): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 NAIMSERV policy.cpp(1123): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 NAIMSERV policy.cpp(1585): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 NAIMSERV policy.cpp(1961): Failed to generate agent policy -- not building server.xml
20141021130127 E #07604 NAIMSERV props.cpp(385): Failed to process props response for agent INEVA5ODTRH183E
20141021130127 E #07604 NAIMSERV AgentServerCommHandler.cpp(660): Failed to process agent request

Cause

There are several possible causes:
  • Many Windows updates are applied to many systems, which causes a large number of new binaries on those systems.
  • There is a large volume of policy discovery traffic from binaries.
  • McAfee Application Control (MAC) 6.1.2 is deployed. MAC 6.1.2 has a defect in the following scenario:
    1. Globally allow a binary checksum for an enterprise by adding it to global rules.
    2. Multiple endpoints generate the same information.
    3. All subsequent requests are approved automatically for this binary checksum (Auto Approval).

      There is a bug in this "Auto Approval" logic. The rule is created and attempts to be added to the global rules. The problem occurs when there is an existing rule and duplicates are generated. Additional incoming policy requests (that the admin has approved) are automatically approved and added to the rule group. When there is a high volume of this type of traffic, a large number of database table writes occur in quick succession. This causes the database to be unavailable for write/read operations.

Solution

This issue is resolved in Application Control 6.1.3.

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Workaround

Execute the following query. If results are returned, check the BLOCKING_SESSION_ID column to see whether any of the returned queries contain a NULL or 0 for this column. If so, refresh the query several times. Check both the Session_ID and Blocking_Session_ID columns to see whether this same blocking query remains for several minutes. If the Session_ID does not change on the query that shows a NULL or 0 under the Blocking_Session_ID column, this is an indication of a blocking query.

SELECT ER.SESSION_ID, HOST_NAME, PROGRAM_NAME, ORIGINAL_LOGIN_NAME, ER.READS, ER.WRITES, ER.CPU_TIME, WAIT_TYPE, WAIT_TIME, WAIT_RESOURCE, BLOCKING_SESSION_ID
FROM SYS.DM_EXEC_SESSIONS ES
LEFT JOIN SYS.DM_EXEC_REQUESTS ER ON ER.SESSION_ID = ES.SESSION_ID
OUTER APPLY SYS.DM_EXEC_SQL_TEXT(ER.SQL_HANDLE) ST
WHERE BLOCKING_SESSION_ID > 0
UNION
SELECT ES.SESSION_ID, HOST_NAME, PROGRAM_NAME, ORIGINAL_LOGIN_NAME, ES.READS, ER.WRITES, ER.CPU_TIME, WAIT_TYPE, WAIT_TIME, WAIT_RESOURCE, BLOCKING_SESSION_ID
FROM SYS.DM_EXEC_SESSIONS ES
LEFT JOIN SYS.DM_EXEC_REQUESTS ER ON ER.SESSION_ID = ES.SESSION_ID
OUTER APPLY SYS.DM_EXEC_SQL_TEXT(ER.SQL_HANDLE) ST
WHERE ES.SESSION_ID IN (SELECT BLOCKING_SESSION_ID
FROM SYS.DM_EXEC_REQUESTS
WHERE BLOCKING_SESSION_ID > 0) ORDER BY BLOCKING_SESSION_ID

Workaround for blocking sessions:
  1. Stop all Agent Handler services.
  2. Stop the ePO services.
  3. Open SQL Server Management Studio.
  4. Connect to the ePO database.
  5. Execute the following SQL statement to determine the total rows:

    SELECT COUNT(1) FROM SCOR_SA_REQUEST WHERE APPROVAL_STATUS = 1
     
  6. Change the APPROVAL_STATUS value from 1 to 5 to work around the Auto Approval logic bug:

    UPDATE SCOR_SA_REQUEST SET APPROVAL_STATUS = 5 WHERRE APPROVAL_STATUS = 1 
     
  7. Start all Agent Handler services.
  8. Start the ePO services.
  9. Use the Create Custom Policy option and select Global Rules to apply Policy Discovery rules instead of Approve Globally.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.