API_ValidateUserSession Communication Errors After Upgrading
search cancel

API_ValidateUserSession Communication Errors After Upgrading

book

Article ID: 291687

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • After upgrading the App Control server, seeing a red dot status on Administration > System Configuration > Advanced Options > API Access Enabled
  • Blank User Roles when trying to Edit or Create a new user.
  • Unable to globally approve files.
  • Unable to view software rules page.
  • Getting the following errors in the API logs file:
"System.Web.Http.Filters::GlobalAuthorizationAttribute","OnAuthorizationAsync"
"Authorization:AuthorizeRequest:",""
"Authorization:Cookies: apiSessionId=:",""
"UnauthorizedAccess:reason:Invalid or missing API Token, Get:serverConfig:",""
"System.Web.Http.Filters::GlobalAuthorizationAttribute","OnAuthorizationAsync"
  • C:\Program Files (x86)\Bit9\Parity Server\Support\PHPErrors-TIMESTAMP.log shows the following entry:
API Error from page /login.php: GET <Console FQDN>/api/bit9platform/internal/auth with params {"logout":"false","IP_Address":"x.x.x.x"} with options {"81":0,"10022":"[removed from logging]","107":1,"10023":"[removed from logging]","19913":1,"42":0,"156":61000,"64":0,"10015":"[removed from logging]"} returned http code 500 and result {
"Message": "An error has occurred.",
"ExceptionMessage": "The EXECUTE permission was denied on the object 'API_ValidateUserSession', database 'das', schema 'dbo'.",
"ExceptionType": "System.Data.SqlClient.SqlException"

 

Environment

  • App Control Server: All versions

Cause

  • Missing grants on the App Control database service account

Resolution

  • Provide the following grants to the App Control's database user:  
    • Give the  DB_OWNER permission for the DAS database.
    • VIEW SERVER STATE - Allows collection of Parity performance statistics.
    • VIEW ANY DEFINITION - Allows collection of Parity performance statistics.
    • ALTER TRACE - Allows collection of on-demand SQL trace for performance diagnostics.
    • ALTER SERVER STATE - Allows server to reset performance counters on daily basis, and better performance diagnostics.
Powered by Wolken Software