OPERATIONAL DEFECT DATABASE
...
...
Installation/Upgrade of SailPoint and/or CEE Agent.CEE auditing events are not logged in the auditing server due to mis-configured registry setting.CEPP Server connection state is showing the following connection error:[nasadmin@VNX5400 ~]$ server_cepp server_2 -pool -infoserver_2 :pool_name = cepppoolserver_required = Noaccess_checks_ignored = 4070req_timeout = 500msretry_timeout = 50mspre_events =post_events = OpenFileRead,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,RenameFile,RenameDir,SetAclFile,SetAclDir,FileRead,FileWrite,SetSecFile,SetSecDirpost_err_events =CEPP Servers:IP = X.X.X.X, state = ERROR_CEPP_NOT_FOUND, rpc = HTTP, cava version = 8.7.0.0, nt status = SUCCESS, server name = xxxxx.example.com
ERROR_CEPP_NOT_FOUND indicate there is a connectivity issue between CAVA/CEE Agent and the CEE Endpoint.When setting the CAVA/CEE server, we need to specify the endpoint (Sailpoint SecurityIQ in this case).[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration]EndPoint = whitebox @
In case Endpoint is local on the CAVA/CEE Agent Host/Machine, the following setting should be implemented:[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = whitebox@127.0.0.1If Endpoint is located on a remote host:[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = whitebox@X.X.X.XAfter change is applied:1. Restart CAVA/CEE services on host2. Restart cepp service on VNX[nasadmin@VNX5400 ~]$ server_cepp server_2 -service -stopserver_2 : done[nasadmin@VNX5400 ~]$ server_cepp server_2 -service -startserver_2 : done[nasadmin@VNX5400 ~]$ server_cepp server_2 -pool -infoserver_2 :pool_name = cepppoolserver_required = Noaccess_checks_ignored = 0req_timeout = 500msretry_timeout = 50mspre_events =post_events = OpenFileRead,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,RenameFile,RenameDir,SetAclFile,SetAclDir,FileRead,FileWrite,SetSecFile,SetSecDirpost_err_events =CEPP Servers:IP = X.X.X.X, state = ONLINE, rpc = HTTP, cava version = 8.7.0.0, nt status = SUCCESS, server name = xxxxx.example.com
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
