Symantec Control Compliance Suite for Vulnerability Manager (CCS VM) remote Scan Engines fail to receive the latest Rapid 7 updates.

book

Article ID: 158384

calendar_today

Updated On:

Products

Control Compliance Suite Vulnerability Manager

Issue/Introduction

You received a patch from Rapid 7 update servers but were unable to get the CCS VM Console to send the latest Rapid 7 updates to any CCS VM remote Scan Engine. The local CCS VM Console and local Scan Engine updated successfully.

A CCS VM Console pop-up error message when clicking on the update button for a target Scan Engine:

Could not update scan engine (scan-engine name).
com.rapid7.updater.UpdateException:  Please try updating this Scan Engine later.  An update is in progress for another Scan Engine.

Cause

All of the remote Scan Engines were cloned VMware virtual machines from the same image and same Scan Engine installation. Each Scan Engine installation is to have its own unique serial number. Once the first remote Scan Engine had been updated for that serial number, all other cloned Scan Engines would not be updated. The CCS VM Console stores each serial number so that it can check to see if a target Scan Engine has been updated. These serial numbers are part of the internal security software used by CCS VM to thwart man-in-the-middle attacks. Hence, no further updates are pushed out to all other remote Scan Engines as they have an identical serial number. As the local Scan Engine is installed before remote Scan Engine installations can begin, the local Scan Engine already has its own unique serial number so it always updated without error.

Resolution

All remote Scan Engines that contain the same serial number due to VMware cloning of the same image must have the Scan Engine uninstalled, reinstalled, and paired to the CCS VM Console again. During the pairing process of these re-installed Scan Engines each of the Scan Engines will receive their own unique serial number which can then be properly recognized by the CCS VM Console.


Applies To

Microsoft Windows Server 2008 R2
CCS Vulnerability Manager 10.0.6