search cancel

cafagent stopped running after installing an offline package.

book

Article ID: 255082

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

  • After following the instructions in Creating an offline installation package for the Endpoint Protection Linux Agent and installing the package, it is found the CafAgent will not start/is no longer running.
    Daemon status:
      cafagent             not running
      sisamdagent          running
      sisidsagent          running
      sisipsagent          running
  • /var/log/sdcss-caflog/cafagent.log will show "Bootstrap Failed" errors: 
    [|] 2022-10-26 18:12:52 | cafservice.CAFSAEPProductService | Notice | 31759 : 139901638756288 : TestBootStrap:2636 | Trying to bootstrap agent to confirm Network Connectivity
    [|] 2022-10-26 18:12:53 | cafservice.CAFSAEPProductService | Information | 31759 : 139901638756288 : TestBootStrap:2650 | While trying to test bootstrap,Server returned status code 404.
    [|] 2022-10-26 18:12:53 | cafservice.CAFSAEPProductService | Error | 31759 : 139901638756288 : VerifyNetworkConnectivity:2715 | Bootstrap failed 

 

Environment

SEP Linux Packager Tool (seplpkg) is used to create an offline installer package as per "Creating an offline installation package for the Endpoint Protection Linux Agent"

 

Cause

When seplpkg is creating the install package, it will hash some entries in the /etc/caf/CAFConfig.ini file that should not be hashed. 
In the case of the example, the x-epmp-customer-id and x-epmp-domain-id should be 22 character long url safe character strings, instead of sha256 hashes. 

Resolution

We are aware of this issue and working on a perminiant solution. 

Workaround: 

Review the /etc/caf/CAFConfig.ini file for any entry that may be hashed. 

Incorrect: 

customer_id=7w3VNN4PVl5ZkztB4pCsOTDnX7maLx+qMjDkfF5fZHsxP2rPLVM+GPiqLEPbXlYcUY15Fw6VJte5xa9i9pPD86/oWvi1Hriglzgx5LDk1aA=
domain_id=be2ObsijexJWTzKJDEVioav7q4Nl4oCAKmlkX0tyw7w8mOF1dvya5+C4JZ7OjA++ntD13VYPUGWvz2PSbpUwHb/PDSEOCchKtMSaQb9hl1vk=
enrollment_url=https://usea1.r3.securitycloud.symantec.com/r3_epmp_i/v2/bootstrap/configuration
proxy_host=10.253.104.86
proxy_port=3128
proxy_httpsport=3128
proxy_user=
proxy_password=+52dQr0p+v0zAJUaPCELwRZGeeGGsn0R6gyODLIH+PDu5ROqmwr51n8IYoxrY161
proxy_type=CUSTOM

Correct  

x-epmp-customer-id=%&22digitcustomerID%%*
x-epmp-domain-id=%%%22digitdomainID%%%*
baseUri=https://usea1.r3.securitycloud.symantec.com/r3_epmp_i
enrollmentUri=/v1/enrollment/agent
Content-Type=application/json
...
[proxy-config]
proxy-mode=Manual
proxy-uri=http://10.253.104.86:3128
proxy-username=%UserID%
proxy-password=%Password%
proxy-host=10.253.104.86
proxy-port=3128
proxy-https-port=3128

Find and manually correct any hashed data. 

If necessary, find your customer and domain ID in the SES console by selecting your name at the top right corner and selecting "About/Support":

The necessary information will show there: 

Once this information is located it can be corrected with the following script: 

/etc/init.d/cafagent stop
vim /etc/caf/CAFConfig.ini
[enrollment-config]
x-epmp-customer-id=%22digitcustomerID%
x-epmp-domain-id=%22digitdomainID% /etc/init.d/cafagent start

 

Attachments