MVISION Cloud Connector Known Issues
For MVISION Cloud Known Issue, see MVISION Cloud Known Issues and Bug Fixes.
Known Issues
Date | Description and Workaround (if any) | Found in Release | Fixed in Release |
---|---|---|---|
April 6, 2021 | The SMTP Advanced Properties are not getting removed from YAML after being deleted from the dashboard. | 5.3.2 | - |
April 6, 2021 |
The date format doesn't automatically pick the selected Timestamp column from the Map Log Fields in the Log parser when there are multiple date header columns such as Date or Timestamp in the parsed logs. As a workaround, make sure to manually update the correct date format. NOTE: The Log Parser automatically picks the available date format when there are no multiple date header columns. |
5.3.2 | - |
Feb 20, 2021 |
Cloud Connector throws ldapusers cache error after upgrading from 3.9.2 to 5.3.0 and above versions. As a workaround:
Switching to leveldb { "logProcessor":{ "unmatchedtracker.keyValueStoreType":"LEVELDB", "ldapusers.cache.type":"LEVELDB","dualmode.storeType":"LEVELDB", "tldcache.cache.type":"LEVELDB","ipDomainCache.cache.type":"LEVELDB", "blockedURLCache.cache.type":"LEVELDB", "ipUserMapperStore.cache.type":"LEVELDB" }, "integration": { "smtp": {}, "siem": {}, "panorama": {}, "custom_attributes": {}, "ip_user_mapping": {}, "syslog": {} } } Switching to rocksdb { "logProcessor": { "unmatchedtracker.keyValueStoreType":"ROCKSDB", "ldapusers.cache.type":"ROCKSDB","dualmode.storeType":"ROCKSDB", "tldcache.cache.type":"ROCKSDB","ipDomainCache.cache.type":"ROCKSDB", "blockedURLCache.cache.type":"ROCKSDB", "ipUserMapperStore.cache.type":"ROCKSDB" }, "integration": { "smtp": {}, "siem": {}, "panorama": {}, "custom_attributes": {}, "ip_user_mapping": {}, "syslog": {} } } NOTE: Before you switch between DBs, delete only the respective caches throwing exceptions after the Cloud Connector is started. |
5.3.1 |
- |
Feb 20, 2021 | ipUserMapping.config.adDataSource.domainHost property cannot be added in HSQL with CES as datasource. | 5.3.0 | 5.3.1 |
Feb 20, 2021 | Exclude File Types field cannot be configured from the Cloud Connector dashboard. As a workaround, make an API post call to Maestro with the expected value to be updated (if needed) and push them to YML. | 5.3.0 | 5.3.1 |
Jan 20, 2021 | MVISION Cloud Connector cannot be upgraded in running status. You should stop the MVISION Cloud Connector before upgrading. | 5.3.0 | - |
Jan 20, 2021 | Log parser sometimes may not fetch information accurately from the Timestamp field of the logs. | 5.3.0 | - |
Jan 20, 2021 | Log parser cannot process Websense log lines that do not start with string literals ('quotes', "double quotes"). As a workaround, you should manually add string literals('quotes', "double quotes") in the Websense log lines. | 5.3.0 | - |
Jan 20, 2021 |
RocksDB is not the default cache memory when MVISION Cloud Connector is upgraded from 5.0.1 to 5.3.0 version. As a workaround, you need to explicitly configure levelDB to RocksDB. |
5.3.0 | - |
Jan 20, 2021 | Multiple log lines starting with comment line (#), cannot be skipped from processing into log parser. | 5.3.0 | - |
Jan 20, 2021 | The Log Processing configuration wizard cannot process the Timestamp field input with space in between. | 5.3.0 | - |
Jan 20, 2021 | Rules generated by the Log parser wizard for Timestamp field in a custom log may not work as expected sometimes. As a workaround, you need to generate rules manually. | 5.3.0 | - |
Dec 20, 2020 |
AD(Additional Domain Controller) multi-forest feature is NOT supported in MVISION Cloud Connector. However, as a workaround:
|
5.2.1 | 5.2.2 |
Dec 20, 2020 | MVISION Cloud Connector cannot be installed for users created after the IAM migration. | 5.2.1 | 5.2.2 |
Oct 20, 2020 |
Sanctioned Custom Attributes would fail to map Policy Incidents on dashboard if UserAttribute in DB has caps or mixed characters. As a workaround, you need to SAVE the config again from the dashboard. |
5.2.1 | 5.2.2 |
Oct 20, 2020 | Installing multiple MVISION Cloud Connectors on the same directory is corrupting EC properties. | 5.2.1 | - |
Oct 20, 2020 | MVISION Cloud Connector fails to upgrade if you do not create configname through the Admin dashboard but using CLI commands. As a workaround, you must set the configname using the Admin dashboard before upgrading to the latest MVISION Cloud Connector. | 5.2.1 | 5.2.2 |
Oct 20, 2020 | MVISION Cloud Connector fails to start while upgrading from => 4.1.0 version to any higher version with SMTP advanced properties. As a workaround, you can remove/delete the SMTP advanced properties before upgrading to the latest MVISION Cloud Connector version. | 5.2.1 | - |
Oct 20, 2020 | With the Tokenization enabled by default, the case sensitive properties of the users are normalized and tokenized. | 5.2.0 |
5.2.1 |
Sep 14, 2020 | File Rotation of the MapDBEncrypted.txt files cannot happen with the data export option enabled for mapdbtxt.enableMapDBTxtScheduler. | 5.2.0 | - |
Sep 14, 2020 | The data from RocksDB cache and MapDBEntries/MapDBEncrypted.txt file are deleted only after Restart/Context Refresh in EC. | 5.2.0 | - |
Sep 14, 2020 | Syslog migrates the old properties if publishPeriodInMinutes property is not found in YAML. | 5.2.0 | - |
Aug 12, 2020 | After the MVISION Cloud login migrates to IAM, users created in the new MVISION Cloud URL cannot be logged into MVISION Cloud Connector. To fix this issue, you must upgrade to Cloud Connector 5.0.2. | 5.0.1 | 5.0.2 |
Aug 12, 2020 |
The publisher config field under Syslog server configuration settings cannot be saved with empty values. |
5.1.1 | 5.1.2 |
Aug 12, 2020 |
AD shadow and sanctioned attributes are being removed from YML when upgraded to the latest EC version with one or more mapped values set to null. This issue is fixed. |
5.1.1 | 5.1.2 |
Aug 12, 2020 | Failure in upgradation if any mappedTo or DisplayName properties are appended with '\' causing parser error. As a workaround, you can delete the local custom_attribute.properties file and run the cc command when the above issue is encountered. | 5.1.1 | 5.1.2 |
July 10, 2020 | Frequent logout issues in MVISION Cloud Connector. | 5.1.0 | 5.1.1 |
May 28, 2020 | MVISION Cloud Connector is not uploading unmatched events data to Log collector. | 5.0.1 | 5.1.0 |
May 22, 2020 | If you install a new MVISION Cloud Connector with an old CC symbolic name, then try to uninstall the old CC, the Certificate will be removed. To get a new copy of the Certificate, use the CC CLI command:
certificatePull(cp) |
5.1.0 | - |
May 22, 2020 | In the EC Configuration > Custom Attributes tab, when you try to create more than one virtual custom attribute at a time, only the first attribute is saved. To create more virtual custom attributes, you must save the configuration, then go back to the Custom Attributes tab to add another. This issue will be fixed in a future release. | 5.0.2 | - |
May 22, 2020 | MVISION Cloud Connector was seeing disk space issues due to Leveldb dualmode_urlcache file sizer building up and using most of the disk. Because disk space was unavailable, Cloud Connector stopped. The issue was fixed by updating the hard refresh context once in 24 hours. | 4.x | 5.0.1 |
May 5, 2020 | Due to a bug found after the release, MVISION Cloud Connector versions 5.0.1 and 5.0.2 have been removed from the Download page. They will be fixed and replaced as soon as possible. THIS ISSUE IS FIXED. | 5.0.1 and 5.0.2 | 5.0.1 and 5.0.2 |
April 28, 2020 | In EC Configuration, when you configure the Custom Attributes Active Directory integration with an AD Server and more than 8 Lakh users, the Evaluate Attributes page takes more than 20 minutes to display the sample set of user attributes. You will only see this issue the first time you configure the AD integration with a fresh MVISION Cloud Connector installation. Once all user details are pulled after this, the page will display much faster. | 5.0.1 or 4.3.2 | - |
April 28, 2020 |
In MVISION Cloud Connector when a test connection is made to Active Directory, you will see the exception below. This happens because the main thread that is the web request will end once the 10K users reach the iterator, and the result is returned to UI. This triggers a cancellation to the task directoryUserLoaderFuture. 28 Apr 2020 09:14:00 [WARN ] [Active Directory Import Thread] c.s.e.l.i.ActiveDirectoryUsersFetcher| Received Local Error from LDAP Server, will continue com.unboundid.ldap.sdk.LDAPSearchException: Search processing was interrupted while waiting for a response from server 172.18.154.17:389. at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3643) at com.shn.ec.ldap.impl.ActiveDirectoryUsersFetcher$DirectoryUserLoaderTask.call(ActiveDirectoryUsersFetcher.java:235) at com.shn.ec.ldap.impl.ActiveDirectoryUsersFetcher$DirectoryUserLoaderTask.call(ActiveDirectoryUsersFetcher.java:206) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: com.unboundid.ldap.sdk.LDAPException: Search processing was interrupted while waiting for a response from server 172.18.154.17:389. at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1175) at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3633) ... 6 common frames omitted Caused by: java.lang.InterruptedException: null at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.reportInterruptAfterWait(AbstractQueuedSynchronizer.java:2014) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2088) at java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:467) at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1164) ... 7 common frames omitted Also, Cloud Connector queries AD for 10,000 users when it goes to the tenant dashboard. This is not the expected behavior. It will be fixed in an upcoming release. |
4.4.1 | 5.1.0 |
Mar. 20, 2020 | If you install MVISION Cloud Connector 5.0.1 on a tenant that is not yet migrated to McAfee IAM login, you will see an error that says, "Failed to authenticate with remote server, please check username/password/proxy settings." This will be the behavior going forward. If you see this error, contact MVISION Cloud Support. | 5.0.1 | - |
Mar. 18, 2020 |
Due to a security issue, in the MVISION Cloud Connector Web UI, the password field is removed. If you try to connect Cloud Connector using the Web UI, you may see an error message that reads, "Could not authenticate with Skyhigh cloud services. Please check your Skyhigh credentials." This issue is fixed in 5.0.1. |
5.0.0 | 5.0.1 |
Mar. 18, 2020 | If you enable RocksDB for dual-mode URL cache in MVISION Cloud, Cloud Connector uses LevelDB only. This issue is fixed in 5.0.0. |
4.4.1 | 5.0.0 |
Mar. 13, 2020 |
Cloud Connector was seeing an issue where if you configured SMTP integration advanced properties, such as mail.smtp.auth*, the cloud config was corrupted and CC failed to start or upgrade due to corrupted configs. This issue fixed in 5.0.0. If you see this issue, contact MVISION Cloud Support for assistance. |
4.4.1 | 5.0.0 |
Mar. 13, 2020 |
Cloud Connector was seeing an issue where the SIEM protocol was set as UDP, but it was changed to TCP on its own, so no logs were received. This issue has been fixed. |
4.4.1 | 5.0.0 |
Mar. 6, 2020 |
The API used by MVISION Cloud to pull threat protection incidents had an issue that caused it to send duplicate incidents to SIEM. This has been resolved. If you are seeing duplicate incidents:
|
5.0.0 | |
Feb. 18, 2020 |
After updating to MVISION Cloud Connector 4.4.x, sometimes the crypt.properties file is not created, which prevents the Syslog service from starting. The Syslog-debug file shows the following exception: 20 Jan 2020 23:54:25 [WARN ] [main] o.s.c.s.ClassPathXmlApplicationContext| Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanInitializationException: Could not load properties; nested exception is java.io.FileNotFoundException: class path resource [crypt.properties] cannot be opened because it does not exist As a workaround, manually create the crypt.properties file using the following value: crypt.key=YTgIfyYTwq5iwowwwrHDkjfCjRRAIcOyAFk\= Then the Syslog service will start and receive data. |
5.0.0 | 5.0.1 |
Feb. 18, 2020 | The MVISION Cloud Connector Panorama integration is not supported for Panorama 7.1 or later, as the endpoints include the version number, and the request payload structure has also changed. If you have Panorama 7.1 or later, and you want to pull the Service Group information from the MVISION Cloud dashboard, use the Publish URL method instead of configuring Cloud Connector. | 5.0.0 | - |
Feb. 18, 2020 | An upgrade from MVISION Cloud Connector 4.3.1 to a later version will fail to migrate the AD configuration if the same Virtual Attributes are configured for both Shadow and Sanctioned Custom Attributes settings. | 4.3.1 | - |
Jan. 24, 2020 |
There is a Known Issue with MVISION Cloud Connector 4.3.2 where Syslog over TLS does not work on Windows. To fix this, you must update to the latest version of Cloud Connector using these steps:
|
4.3.2 | 4.4.0 |
Dec. 3, 2019 | Do not use white space when you create a service group name. You can use "_" or "-" instead of a space. If there is white space in the service group name, and if the service group is used in Panorama integration, there can be problems accessing the published URL list. | 4.3.2 | - |
Nov. 12, 2019 | There is a known issue in MVISION Cloud Connector 4.3.2 where the installation fails with Sanctioned attributes exceptions when the tenant config has more than 10 attributes. This will be fixed in the following release. | 4.3.2 | 4.4.0 |
July 9, 2019 | There is a known issue where all sub-configurations may be disabled, and cause MVISION Cloud Connector to become inactive. Make sure that at least one sub-configuration is enabled at all times. | 4.2.2 | - |
June 6, 2019 |
When you upgrade MVISION Cloud Connector to 4.2.0 or later, if you have a Panorama integration, you will need to go to Settings > Infrastructure > EC Configuration, click the Panorama tab, and manually modify the Panorama Commit Level value according to the previous configuration. If you want to upgrade Panorama settings in MVISION Cloud Connector 4.1.2, contact MVISION Cloud Support. |
4.1.2 | - |
April 30, 2019 |
When you upgrade MVISION Cloud Connector from 3.9.x to 4.x.x versions, rule-based configurations with complex rules have failed. To workaround this issue, add additional backslashes "\'"to skip the special characters in the additional rule config section. Specifically, configure four slashes for a single slash in the additional config preprocessor rule. For example, to configure this, add the extra backslashes as shown:
|
4.1.2 | - |
April 25, 2019 |
When you upgrade an older version of MVISION Cloud Connector (3.9.x) to the latest version of Cloud Connector (4.x) you may encounter install or upgrade failures that are caused by errors regarding the inability to fetch or install certificates. For details see MVISION Cloud Connector Certificate Issues. |
4.x | - |
March 28, 2019 | In MVISION Cloud Connector 4.1.2, in the Dashboard configuration, the commit level status for the Panorama integration incorrectly shows Panorama and Device Group if Panorama Only is selected. This will be fixed in 4.2. | 4.1.2 | 4.2 |
March 28, 2019 |
In MVISION Cloud Connector 4.1.2, updating the Log Processor and Integration configurations together may not work properly due to an improper API call. As a workaround, save the configurations separately for each tab. |
4.1.2 | - |
March 28, 2019 |
When you upgrade to MVISION Cloud Connector 4.1.2 from 4.1.0, the SMTP and SIEM configuration may be disabled. We recommended that you reconfigure and Enable the SMTP and SIEM integration from the Dashboard configuration at Settings > Infrastructure > EC Configuration. |
4.1.2 | 4.2 |
March 28, 2019 | In the MVISION Cloud Connector web user interface (not the Dashboard interface), the SIEM and PANORAMA configuration tabs are still visible after the upgrade from 4.1.1 to 4.1.2. Make sure to use the Dashboard configuration at Settings > Infrastructure > EC Configuration to configure SIEM and Panorama settings. This will be fixed in a future release. | 4.1.2 | 4.2 |
March 22, 2019 | On Windows VMs, if you switch the Unmatched Key Value Store from LevelDB to RocksDB and see main loop spinning errors or "UnmatchedTracker - Bean instantiation" errors in Cloud Connector debug logs, this may mean that Visual C++ is not installed properly. Install Visual C++ and try again. | 4.1.1, 4.1.2 | - |
Feb 28, 2019 | Enterprise Connector is now MVISION Cloud Connector. You'll notice we're transitioning over to our new name in the UI and in all other areas of our product. But the Settings menu still reads Infrastructure > EC Configuration. This is a known issue for this release and will be fixed in a future release. | 4.1.1 | - |
Jan. 30, 2019 |
For Enterprise Connector 4.1.1, (build 5268) some fonts are missing from the Unix installation. You will see the following error, and then a list of missing fonts. java.lang.Error: Probable fatal error:No fonts found. To resolve the issue, reinstall the fonts using the command: sudo apt-get install fontconfig Then reinstall EC 4.1.1. |
4.1.1 | 4.1.2 |
July 18, 2018 | In the Enterprise Connector SIEM integration, anomaly/incidents are not being received by the Enterprise Connector, but Audit logs are being received. Anomaly/Incidents should be sent to the SIEM. This issue will be fixed in Enterprise Connector 3.9.2. | 3.9.1 | 3.9.2 |
Nov 29, 2017 | Enterprise Connector uses persistent-cache for various tasks. This cache must be periodically rotated to reduce the amount of data held locally by EC, or else it may cause the service to crash. Enhancements have been made to allow cache rotation in #hours instead of #days, as the amount of data could be in GBs. And a new property, leveldb.dualmode.maxhours, has been added to rotate older entries against dual-mode processing. | 3.6 | 3.7 |
Sept 12, 2017 | If Excel spreadsheet tabs include tokenized text that is less than 31 characters, the text for the tab cannot be detokenized. This is a limitation of Excel. This issue will be fixed in the 3.6.1 release. | 3.6 | 3.6.1 |
Aug 16, 2017 |
Detokenizing reports for PDF files is currently not working in Enterprise Connector and MVISION Cloud dashboard. Also, multiple worksheets in Excel cannot be detokenized if the group-by option was selected in Report Manager. Both issues are being worked on. The Excel issue will be fixed in the 3.6.1 release. |
3.6 | 3.6.1 |
July 26, 2017 | The MVISION Cloud logo in the PDF template does not display properly. The issue is not specific to EC, but will be observed with EC 3.5.1. This is fixed with MVISION Cloud 3.6 release. | 3.5.1 | MVISION Cloud 3.6 |
July 26, 2017 | Detokenizing PDF reports in Enterprise Connector is not working | 3.5.1 | PDF detokenization is not supported |
July 20, 2017 | If Enterprise Connector SMTP is configured for your MVISION Cloud instance, there is a known issue with Enterprise Connector 3.5 where Services Report Emails remain stuck in the queue and will not be delivered. Install Enterprise Connector 3.5.1 to resolve this issue. For help, contact MVISION Cloud Support. | 3.5 | 3.5.1 |
July 5, 2017 | On Windows systems, Enterprise Connector does not process .tgz files. Please make sure that such files are extracted before being provided to EC for processing. | 3.3 | |
May 11, 2017 | If you currently have Panorama CLR enabled in legacy mode (i.e., not using the Firewall/Proxy Integration UI), and you want to upgrade to Enterprise Connector 3.5, contact MVISION Cloud Support to manually upgrade your instance. | 3.5 | |
May 8, 2017 | Older entries did not get deleted from levelDB causing levelDB taking a lot of disk space. | 3.3 | 3.3 SP1 |
April 20, 2017 | The import command (./shnlpcli md —import MapDB.txt ) returns the the following result even if the correct number of entries are imported: Total 0 mappings imported from MapDB.export.txt. |
3.3 SP1 | 3.3 SP2 |
April 20, 2017 | Enterprise Connector stopped processing Syslog logs when a large number of TCP connections were made on the configured port. This issue was fixed when EC was restarted. | 3.1 | 3.3 SP2 |
March 31, 2017 | When Enterprise Connector is reinstalled, you can reuse the existing DNS. But during installation, if you do not reuse, it creates a new DNS record for EC, which can cause confusion. Contact MVISION Cloud Support to request that they delete old and invalid EC DNS records. | Existing behavoir | |
March 28, 2017 | Explicit de-tokenization of data from .csv files on EC WebUI fails if the file had less than 5 rows. | 3.3 | 3.3 SP1 |
March 28, 2017 | If AD attributes are configured to be tokenized (through the propertycustom _attributes.tokenize=true via log processor.local.properties file), then logback.xml file also needs to be edited as below:
After this line: add the following line: |
3.3 | 3.3 SP1 |
March 28, 2017 | The feature Receiving Notification Emails from Your Corporate Domain in the 3.3 release did not have an explicit property to specify the sender. This is fixed. You may configure the property mail.smtp.sender in the logprocessor.smtp.properties file. |
3.3 | 3.3 SP1 |
March 28, 2017 | Event logs with timestamps more than 24 hours in the future are not processed. The timestamp from the event log is compared to the time on the computer where Enterprise Connector is installed | 3.3 SP1 |