Services fail to start after Disaster Recovery attempt in Hardened environment.
Article ID: 287789
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Restored configuration backup, but services fail to start
- "No such file or directory" error seen in startup logs
- Errors will be seen during cbinit:
chown failed to set permissions for /var/cb/, /var/log/cb/ /etc/cb/
Environment
- EDR Server: All Versions
Cause
- Re-installation of EDR failed due to permissions on the Server
- EDR software was not restored correctly due to Server policy restrictions
- Files and directories are missing from the EDR Server after the restore
Resolution
- Confirm the Admin installing EDR has root level access when installing EDR Server software.
- Confirm permissions are set correctly for the CB user account.
- Follow the steps outlined in the server installation and initialization section in the EDR Cluster/Server Management Guide
- If files are not installed successfully, the missing files and directories can be manually replaced from another EDR Server/Minion running the same version of EDR server.
Additional Information
- Root-level permissions are required throughout the entire installation/configuration process. You will use su or sudo to enter the installation/initialize commands.
- Copying and pasting of files/directories from one Server to another is not supported by CB, and should only be attempted as a last resort.
- If any folders or directories being used by EDR are non-standard then the backup and restore process may need to be modified to cover these folders.
Feedback
Yes
No
Powered by
