Version

Argent Advanced Technology 5.1A-2001-A and below

Date

Wednesday, 15 April 2020

Summary

Argent for Compliance suddenly stops collecting compliance data after some servers are decommissioned from the network

Checking system logs, the following errors could be seen:

The issue has been addressed in Argent AT 5.1A-2004-A

Technical Background

After decommissioning servers from the network, the user forgot to remove them from the list of monitored servers in Argent for Compliance

When the Engine attempts to archive a decommissioned server’s security logs, it has to determine if the server is 64-bit or 32-bit so that the appropriate API can be used

To determine the OS type, the Engine must connect to the remote registry

For a decommissioned server, such a network connection can take several minutes to timeout

When there are a lot of such servers, the accumulated time can cause either a checkpoint error or a deadlock in the Engine

As a result, the Engine keeps recycling and no compliance data is collected

To address the issue, the system keeps an internal cache of the remote OS type, which becomes obsolete only after 3 hours

This allows for balancing potential system rebuilds which change the OS type and the Engine efficiency

Resolution

Upgrade to Argent Advanced Technology 5.1A-2004-A or above

For users who cannot upgrade immediately, the user should manually remove the decommissioned servers from the License Manager and CMDB-X

To prevent such an issue in the first place, the user should set the OS type in CMDB-X for each Windows machine so that the Engine does not need to query dynamically