Slow performance on the Server Task and Policy Catalog pages in ePolicy Orchestrator

Technical Articles ID: KB83357
Last Modified: 1/13/2020

Environment

McAfee Application and Change Control (MACC) 6.1.2

Problem

You observe the following issues:

ePO console performance is slow navigating between pages.
Some pages, such as Server Task and Policy Catalog pages, hang for a while.

The server log contains the following errors for some of these sessions:

20141021130127 E #07604 DALPOLICY DALPolicyAssignments.cpp(168): COM Error 0x80040E31, source=Microsoft OLE DB Provider for SQL Server, desc=Query timeout expired, msg=IDispatch error #3121
20141021130127 E #07604 DALPOLICY DALPolicyDBManager.cpp(391): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 DALPOLICY DALPolicyDBManager.cpp(402): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 NAIMSERV policy.cpp(1123): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 NAIMSERV policy.cpp(1585): COM Error 0x80040E31, source=(null), desc=(null), msg=IDispatch error #3121
20141021130127 E #07604 NAIMSERV policy.cpp(1961): Failed to generate agent policy -- not building server.xml
20141021130127 E #07604 NAIMSERV props.cpp(385): Failed to process props response for agent INEVA5ODTRH183E
20141021130127 E #07604 NAIMSERV AgentServerCommHandler.cpp(660): Failed to process agent request

Cause

There are several possible causes:

Windows updates are applied to systems. The result from these updates being applied is many new binaries being created.
There is a large volume of policy discovery traffic from binaries.
MACC 6.1.2 is deployed. MACC 6.1.2 has a defect in the following scenario:
1. Globally allow a binary checksum for an enterprise by adding it to global rules.
2. Multiple endpoints generate the same information.
3. All subsequent requests are approved automatically for this binary checksum (Auto Approval).
  
  There is a bug in this "Auto Approval" logic. The rule is created and tries to be added to the global rules. The problem occurs when there is an existing rule and duplicates are generated. Incoming policy requests that the administrator has approved are automatically approved and added to the rule group. When there is a high volume of this type of traffic, a large number of database table writes occur in quick succession. The result is that the database becomes unavailable for write/read operations.

Solution

This issue is resolved in MACC 6.1.3.

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Workaround

Execute the following query. If results are returned, examine the BLOCKING_SESSION_ID column to see whether any of the returned queries contain a NULL or 0 for this column. If so, refresh the query several times. Look at both the Session_ID and Blocking_Session_ID columns and see whether the same blocking query remains for several minutes. If the Session_ID does not change on the query that shows a NULL or 0 under the Blocking_Session_ID column, it is an indication of a blocking query.

SELECT ER.SESSION_ID, HOST_NAME, PROGRAM_NAME, ORIGINAL_LOGIN_NAME, ER.READS, ER.WRITES, ER.CPU_TIME, WAIT_TYPE, WAIT_TIME, WAIT_RESOURCE, BLOCKING_SESSION_ID
FROM SYS.DM_EXEC_SESSIONS ES
LEFT JOIN SYS.DM_EXEC_REQUESTS ER ON ER.SESSION_ID = ES.SESSION_ID
OUTER APPLY SYS.DM_EXEC_SQL_TEXT(ER.SQL_HANDLE) ST
WHERE BLOCKING_SESSION_ID > 0
UNION
SELECT ES.SESSION_ID, HOST_NAME, PROGRAM_NAME, ORIGINAL_LOGIN_NAME, ES.READS, ER.WRITES, ER.CPU_TIME, WAIT_TYPE, WAIT_TIME, WAIT_RESOURCE, BLOCKING_SESSION_ID
FROM SYS.DM_EXEC_SESSIONS ES
LEFT JOIN SYS.DM_EXEC_REQUESTS ER ON ER.SESSION_ID = ES.SESSION_ID
OUTER APPLY SYS.DM_EXEC_SQL_TEXT(ER.SQL_HANDLE) ST
WHERE ES.SESSION_ID IN (SELECT BLOCKING_SESSION_ID
FROM SYS.DM_EXEC_REQUESTS
WHERE BLOCKING_SESSION_ID > 0) ORDER BY BLOCKING_SESSION_ID

Work around for blocking sessions:

Stop all Agent Handler services.
Stop the ePO services.
Open SQL Server Management Studio.
Connect to the ePO database.
Execute the following SQL statement and determine the total rows:

SELECT COUNT(1) FROM SCOR_SA_REQUEST WHERE APPROVAL_STATUS = 1
Change the APPROVAL_STATUS value from 1–5 to work around the Auto Approval logic bug:

UPDATE SCOR_SA_REQUEST SET APPROVAL_STATUS = 5 WHERRE APPROVAL_STATUS = 1
Start all Agent Handler services.
Start the ePO services.
Use the Create Custom Policy option and select Global Rules to apply Policy Discovery rules instead of Approve Globally.

Affected Products

Application and Change Control 6.1
Known Issue/Product Defect

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Slow performance on the Server Task and Policy Catalog pages in ePolicy Orchestrator

Environment

Problem

Cause

Solution

Workaround

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Slow performance on the Server Task and Policy Catalog pages in ePolicy Orchestrator

Environment

Problem

Cause

Solution

Workaround

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title