Following a DCS policy modification, all policies fail to apply to agents and the manager logs show errors
search cancel

Following a DCS policy modification, all policies fail to apply to agents and the manager logs show errors

book

Article ID: 261827

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

You have made changes to a protection policy in Data Center Security and now no policies will apply and agent status shows "update pending" in the UMC
 
You encounter errors similar to the following in the agent.log in the tomcat\logs directory on the manager:
 
124635 2023-03-09 11:58:08.721 [ERROR] [Thread-8:133] The entity "ci" was referenced, but not declared.
org.xml.sax.SAXParseException; lineNumber: 222799; columnNumber: 38; The entity "ci" was referenced, but not declared.
    at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
    at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
    at org.apache.xerces.impl.XMLScanner.scanAttributeValue(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanAttribute(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
    at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
    at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
    at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:195)
    at com.symantec.sis.server.util.XmlProcessor.process(XmlProcessor.java:85)
    at com.symantec.sis.server.util.XmlProcessor.process(XmlProcessor.java:59)
    at com.symantec.sis.server.util.XmlProcessor.process(XmlProcessor.java:47)
    at com.symantec.sis.server.agent.PolicyCache.run(PolicyCache.java:416)
    at java.lang.Thread.run(Thread.java:748)

Environment

DCS 6.9.x

IPS policies

Cause

In some versions of Data Center Security, it is possible to cause policy corruption through the use of special characters in a policy, such as the ampersand, that aren't properly escaped. 

The errors this causes can prevent subsequent policies from applying and are not remediated by simply reversing the change in the policy

Resolution

Delete the policy in the java console to remove the entire revision chain for that policy (including the corrupted entry and any copies made) and import a backup of an earlier revision of this policy

Sometimes a manager service restart is required before the status shows "online" in the UMC