Loading...
Loading...
Installation and Upgrade of SailPoint and/or CEE Agent CEE auditing events are not logged in the auditing server due to misconfigured registry setting. CEPP Server connection state is showing the following connection error: [nasadmin@VNX5400 ~]$ server_cepp server_2 -pool -info server_2 : pool_name = cepppool server_required = No access_checks_ignored = 4070 req_timeout = 500ms retry_timeout = 50ms pre_events = post_events = OpenFileRead,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,RenameFile,RenameDir,SetAclFile,SetAclDir,FileRead,FileWrite,SetSecFile,SetSecDir post_err_events = CEPP Servers: IP = X.X.X.X, state = ERROR_CEPP_NOT_FOUND, rpc = HTTP, cava version = 8.7.0.0, nt status = SUCCESS, server name = xxxxx.example.com
ERROR_CEPP_NOT_FOUND indicate that there is a connectivity issue between the CAVA/CEE Agent and the CEE Endpoint. When setting the CAVA/CEE server, we must specify the endpoint (Sailpoint SecurityIQ in this case). [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = whitebox <<< This setting is incorrect, correct setting should be in the following format: <EndPoint_Name>@<IP_Address>
In case Endpoint is local on the CAVA/CEE Agent Host/Machine, the following setting should be implemented: [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = whitebox@127.0.0.1 If the Endpoint is located on a remote host: [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = whitebox@X.X.X.X After change is applied: Restart CAVA/CEE services on hostRestart cepp service on VNX [nasadmin@VNX5400 ~]$ server_cepp server_2 -service -stop server_2 : done [nasadmin@VNX5400 ~]$ server_cepp server_2 -service -start server_2 : done [nasadmin@VNX5400 ~]$ server_cepp server_2 -pool -info server_2 : pool_name = cepppool server_required = No access_checks_ignored = 0 req_timeout = 500ms retry_timeout = 50ms pre_events = post_events = OpenFileRead,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,RenameFile,RenameDir,SetAclFile,SetAclDir,FileRead,FileWrite,SetSecFile,SetSecDir post_err_events = CEPP Servers: IP = X.X.X.X, state = ONLINE, rpc = HTTP, cava version = 8.7.0.0, nt status = SUCCESS, server name = xxxxx.example.com
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.