Skip to main content
McAfee MVISION Cloud

MVISION Cloud Connector Known Issues

For MVISION Cloud Known Issue, see MVISION Cloud Known Issues and Bug Fixes

Known Issues 

Date Description and Workaround (if any) Found in Release Fixed in Release
April 6, 2021 The SMTP Advanced Properties are not getting removed from YAML after being deleted from the dashboard. 5.3.2 -
April 6, 2021

The date format doesn't automatically pick the selected Timestamp column from the Map Log Fields in the Log parser when there are multiple date header columns such as Date or Timestamp in the parsed logs. As a workaround, make sure to manually update the correct date format. 

NOTE: The Log Parser automatically picks the available date format when there are no multiple date header columns.

5.3.2 -
Feb 20, 2021

Cloud Connector throws ldapusers cache error after upgrading from 3.9.2 to 5.3.0 and above versions. As a workaround:

  1. Delete the ldapusers cache from the Cloud Connector installed directory (leveldb) and restart the Cloud Connector.
  2. Use the following curl command to push respective properties to YML with the mentioned payload when switching between rocksdb and leveldb:

Switching to leveldb

{
  "logProcessor":{ "unmatchedtracker.keyValueStoreType":"LEVELDB",
  "ldapusers.cache.type":"LEVELDB","dualmode.storeType":"LEVELDB",
  "tldcache.cache.type":"LEVELDB","ipDomainCache.cache.type":"LEVELDB",
  "blockedURLCache.cache.type":"LEVELDB",
  "ipUserMapperStore.cache.type":"LEVELDB"   },
  "integration": {
    "smtp": {},
    "siem": {},
    "panorama": {},
    "custom_attributes": {},
    "ip_user_mapping": {},
    "syslog": {}
  }
}

Switching to rocksdb

{
  "logProcessor":
  { 
  "unmatchedtracker.keyValueStoreType":"ROCKSDB",
  "ldapusers.cache.type":"ROCKSDB","dualmode.storeType":"ROCKSDB",
  "tldcache.cache.type":"ROCKSDB","ipDomainCache.cache.type":"ROCKSDB",
  "blockedURLCache.cache.type":"ROCKSDB",
  "ipUserMapperStore.cache.type":"ROCKSDB"   },
  "integration": {
    "smtp": {},
    "siem": {},
    "panorama": {},
    "custom_attributes": {},
    "ip_user_mapping": {},
    "syslog": {}
  }
}

NOTE: Before you switch between DBs, delete only the respective caches throwing exceptions after the Cloud Connector is started.

5.3.1

-

Feb 20, 2021 ipUserMapping.config.adDataSource.domainHost property cannot be added in HSQL with CES as datasource. 5.3.0 5.3.1
Feb 20, 2021 Exclude File Types field cannot be configured from the Cloud Connector dashboard. As a workaround, make an API post call to Maestro with the expected value to be updated (if needed) and push them to YML. 5.3.0 5.3.1
Jan 20, 2021 MVISION Cloud Connector cannot be upgraded in running status. You should stop the MVISION Cloud Connector before upgrading. 5.3.0 -
Jan 20, 2021 Log parser sometimes may not fetch information accurately from the Timestamp field of the logs. 5.3.0 -
Jan 20, 2021 Log parser cannot process  Websense log lines that do not start with string literals ('quotes', "double quotes"). As a workaround, you should manually add string literals('quotes', "double quotes") in the Websense log lines. 5.3.0 -
Jan 20, 2021

RocksDB is not the default cache memory when MVISION Cloud Connector is upgraded from 5.0.1 to 5.3.0 version. As a workaround, you need to explicitly configure levelDB to RocksDB.

5.3.0 -
Jan 20, 2021 Multiple log lines starting with comment line (#), cannot be skipped from processing into log parser.  5.3.0 -
Jan 20, 2021 The Log Processing configuration wizard cannot process the Timestamp field input with space in between. 5.3.0 -
Jan 20, 2021 Rules generated by the Log parser wizard for Timestamp field in a custom log may not work as expected sometimes. As a workaround, you need to generate rules manually. 5.3.0 -
Dec 20, 2020

AD(Additional Domain Controller) multi-forest feature is NOT supported in MVISION Cloud Connector. However, as a workaround:

  1. You need to configure ADCs to send events to root DC (Domain Controller). 

  2. You can use the CSV method with MVISION Cloud Connector on each DCs.

5.2.1 5.2.2
Dec 20, 2020 MVISION Cloud Connector cannot be installed for users created after the IAM migration. 5.2.1 5.2.2
Oct 20, 2020

Sanctioned Custom Attributes would fail to map Policy Incidents on dashboard if UserAttribute in DB  has caps or mixed characters.  As a workaround, you need to SAVE the config again from the dashboard.

5.2.1 5.2.2
Oct 20, 2020 Installing multiple MVISION Cloud Connectors on the same directory is corrupting EC properties. 5.2.1 -
Oct 20, 2020 MVISION Cloud Connector fails to upgrade if you do not create configname through the Admin dashboard but using CLI commands. As a workaround, you must set the configname using the Admin dashboard before upgrading to the latest MVISION Cloud Connector. 5.2.1 5.2.2
Oct 20, 2020 MVISION Cloud Connector fails to start while upgrading from => 4.1.0 version to any higher version with SMTP advanced properties. As a workaround, you can remove/delete the SMTP advanced properties before upgrading to the latest MVISION Cloud Connector version. 5.2.1 -
Oct 20, 2020 With the Tokenization enabled by default, the case sensitive properties of the users are normalized and tokenized.
5.2.0

5.2.1
Sep 14, 2020 File Rotation of the MapDBEncrypted.txt files cannot happen with the data export option enabled for mapdbtxt.enableMapDBTxtScheduler. 5.2.0 -
Sep 14, 2020 The data from  RocksDB cache and MapDBEntries/MapDBEncrypted.txt file are deleted only after  Restart/Context Refresh in EC. 5.2.0 -
Sep 14, 2020 Syslog migrates the old properties if publishPeriodInMinutes property is not found in YAML. 5.2.0 -
Aug 12, 2020 After the MVISION Cloud login migrates to IAM, users created in the new MVISION Cloud URL cannot be logged into MVISION Cloud Connector. To fix this issue, you must upgrade to Cloud Connector 5.0.2. 5.0.1 5.0.2
Aug 12, 2020

The publisher config field under Syslog server configuration settings cannot be saved with empty values.

5.1.1 5.1.2
Aug 12, 2020

AD shadow and sanctioned attributes are being removed from YML when upgraded to the latest EC version with one or more mapped values set to null. This issue is fixed.

5.1.1 5.1.2
Aug 12, 2020 Failure in upgradation if any mappedTo or DisplayName properties are appended with '\' causing parser error. As a workaround, you can delete the local custom_attribute.properties file and run the cc command when the above issue is encountered. 5.1.1 5.1.2
July 10, 2020 Frequent logout issues in MVISION Cloud Connector. 5.1.0 5.1.1
May 28, 2020 MVISION Cloud Connector is not uploading unmatched events data to Log collector. 5.0.1 5.1.0
May 22, 2020 If you install a new MVISION Cloud Connector with an old CC symbolic name, then try to uninstall the old CC, the Certificate will be removed. To get a new copy of the Certificate, use the CC CLI command:
certificatePull(cp)
5.1.0 -
May 22, 2020 In the EC Configuration > Custom Attributes tab, when you try to create more than one virtual custom attribute at a time, only the first attribute is saved. To create more virtual custom attributes, you must save the configuration, then go back to the Custom Attributes tab to add another. This issue will be fixed in a future release.  5.0.2 -
May 22, 2020 MVISION Cloud Connector was seeing disk space issues due to Leveldb dualmode_urlcache file sizer building up and using most of the disk. Because disk space was unavailable, Cloud Connector stopped. The issue was fixed by updating the hard refresh context once in 24 hours.  4.x 5.0.1
May 5, 2020 Due to a bug found after the release, MVISION Cloud Connector versions 5.0.1 and 5.0.2 have been removed from the Download page. They will be fixed and replaced as soon as possible. THIS ISSUE IS FIXED.  5.0.1 and 5.0.2 5.0.1 and 5.0.2
April 28, 2020 In EC Configuration, when you configure the Custom Attributes Active Directory integration with an AD Server and more than 8 Lakh users, the Evaluate Attributes page takes more than 20 minutes to display the sample set of user attributes. You will only see this issue the first time you configure the AD integration with a fresh MVISION Cloud Connector installation. Once all user details are pulled after this, the page will display much faster.  5.0.1 or 4.3.2 -
April 28, 2020

In MVISION Cloud Connector when a test connection is made to Active Directory, you will see the exception below. This happens because the main thread that is the web request will end once the 10K users reach the iterator, and the result is returned to UI. This triggers a cancellation to the task directoryUserLoaderFuture.


28 Apr 2020 09:14:00 [WARN ] [Active Directory Import Thread] c.s.e.l.i.ActiveDirectoryUsersFetcher| Received Local Error from LDAP Server, will continue
com.unboundid.ldap.sdk.LDAPSearchException: Search processing was interrupted while waiting for a response from server 172.18.154.17:389.
        at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3643)
        at com.shn.ec.ldap.impl.ActiveDirectoryUsersFetcher$DirectoryUserLoaderTask.call(ActiveDirectoryUsersFetcher.java:235)
        at com.shn.ec.ldap.impl.ActiveDirectoryUsersFetcher$DirectoryUserLoaderTask.call(ActiveDirectoryUsersFetcher.java:206)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.unboundid.ldap.sdk.LDAPException: Search processing was interrupted while waiting for a response from server 172.18.154.17:389.
        at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1175)
        at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3633)
        ... 6 common frames omitted
Caused by: java.lang.InterruptedException: null
        at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.reportInterruptAfterWait(AbstractQueuedSynchronizer.java:2014)
        at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2088)
        at java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:467)
        at com.unboundid.ldap.sdk.SearchRequest.process(SearchRequest.java:1164)
        ... 7 common frames omitted

Also, Cloud Connector queries AD for 10,000 users when it goes to the tenant dashboard. This is not the expected behavior. It will be fixed in an upcoming release. 

4.4.1 5.1.0
Mar. 20, 2020 If you install MVISION Cloud Connector 5.0.1 on a tenant that is not yet migrated to McAfee IAM login, you will see an error that says, "Failed to authenticate with remote server, please check username/password/proxy settings." This will be the behavior going forward. If you see this error, contact MVISION Cloud Support. 5.0.1 -
Mar. 18, 2020

Due to a security issue, in the MVISION Cloud Connector Web UI, the password field is removed. If you try to connect Cloud Connector using the Web UI, you may see an error message that reads, "Could not authenticate with Skyhigh cloud services. Please check your Skyhigh credentials." This issue is fixed in 5.0.1. 

5.0.0 5.0.1
Mar. 18, 2020 If you enable RocksDB for dual-mode URL cache in MVISION Cloud, Cloud Connector uses LevelDB only.
This issue is fixed in 5.0.0. 
4.4.1 5.0.0
Mar. 13, 2020

Cloud Connector was seeing an issue where if you configured SMTP integration advanced properties, such as mail.smtp.auth*, the cloud config was corrupted and CC failed to start or upgrade due to corrupted configs. This issue fixed in 5.0.0. If you see this issue, contact MVISION Cloud Support for assistance. 

4.4.1 5.0.0
Mar. 13, 2020

Cloud Connector was seeing an issue where the SIEM protocol was set as UDP, but it was changed to TCP on its own, so no logs were received. This issue has been fixed. 

4.4.1 5.0.0
Mar. 6, 2020

The API used by MVISION Cloud to pull threat protection incidents had an issue that caused it to send duplicate incidents to SIEM. This has been resolved. If you are seeing duplicate incidents:

  1. Contact MVISION Cloud Support to set a feature flag.
  2. Go to Infrastructure > EC Configuration, and select the SIEM Integration tab. Set the Audit Log Export Type to All Incidents
  3. Contact MVISION Cloud Support again to disable the feature flag.
  4. Set the Audit Log Export Type to New Incidents Only
5.0.0  
Feb. 18, 2020

After updating to MVISION Cloud Connector 4.4.x, sometimes the crypt.properties file is not created, which prevents the Syslog service from starting. The Syslog-debug file shows the following exception:

20 Jan 2020 23:54:25 [WARN ] [main] o.s.c.s.ClassPathXmlApplicationContext| 
Exception encountered during context initialization - cancelling refresh 
attempt: org.springframework.beans.factory.BeanInitializationException: 
Could not load properties; nested exception is java.io.FileNotFoundException: 
class path resource [crypt.properties] cannot be opened because it 
does not exist

As a workaround, manually create the crypt.properties file using the following value:

crypt.key=YTgIfyYTwq5iwowwwrHDkjfCjRRAIcOyAFk\=

Then the Syslog service will start and receive data. 

5.0.0 5.0.1
Feb. 18, 2020 The MVISION Cloud Connector Panorama integration is not supported for Panorama 7.1 or later, as the endpoints include the version number, and the request payload structure has also changed. If you have Panorama 7.1 or later, and you want to pull the Service Group information from the MVISION Cloud dashboard, use the Publish URL method instead of configuring Cloud Connector. 5.0.0 -
Feb. 18, 2020 An upgrade from MVISION Cloud Connector 4.3.1 to a later version will fail to migrate the AD configuration if the same Virtual Attributes are configured for both Shadow and Sanctioned Custom Attributes settings. 4.3.1 -
Jan. 24, 2020

There is a Known Issue with MVISION Cloud Connector 4.3.2 where Syslog over TLS does not work on Windows. To fix this, you must update to the latest version of Cloud Connector using these steps:

  1. Stop all running services.
  2. Run the Cloud Connector installer to upgrade to the latest version. 
  3. Perform the command shnlpcli jksp --newPass xxxx.
  4. Start Syslog server first and then Cloud Connector.
4.3.2 4.4.0
Dec. 3, 2019 Do not use white space when you create a service group name. You can use "_" or  "-" instead of a space. If there is white space in the service group name, and if the service group is used in Panorama integration, there can be problems accessing the published URL list.  4.3.2 -
Nov. 12, 2019 There is a known issue in MVISION Cloud Connector 4.3.2 where the installation fails with Sanctioned attributes exceptions when the tenant config has more than 10 attributes. This will be fixed in the following release.  4.3.2 4.4.0
July 9, 2019 There is a known issue where all sub-configurations may be disabled, and cause MVISION Cloud Connector to become inactive. Make sure that at least one sub-configuration is enabled at all times. 4.2.2 -
June 6, 2019

When you upgrade MVISION Cloud Connector to 4.2.0 or later, if you have a Panorama integration, you will need to go to Settings > Infrastructure > EC Configuration, click the Panorama tab, and manually modify the Panorama Commit Level value according to the previous configuration. 

If you want to upgrade Panorama settings in MVISION Cloud Connector 4.1.2, contact MVISION Cloud Support

4.1.2 -
April 30, 2019

When you upgrade MVISION Cloud Connector from 3.9.x to 4.x.x versions, rule-based configurations with complex rules have failed. 

To workaround this issue, add additional backslashes "\'"to skip the special characters in the additional rule config section. Specifically, configure four slashes for a single slash in the additional config preprocessor rule. For example, to configure this, add the extra backslashes as shown:

  • Configuration: "{"type":"csv","on":",","trim":"true","escape":"\u0000"}" 
  • Configuration with workaround: "{"type":"csv","on":",","trim":"true","escape":"\\\\u0000"}"
4.1.2 -
April 25, 2019

When you upgrade an older version of MVISION Cloud Connector (3.9.x) to the latest version of Cloud Connector (4.x) you may encounter install or upgrade failures that are caused by errors regarding the inability to fetch or install certificates. For details see MVISION Cloud Connector Certificate Issues

4.x -
March 28, 2019 In MVISION Cloud Connector 4.1.2, in the Dashboard configuration, the commit level status for the Panorama integration incorrectly shows Panorama and Device Group if Panorama Only is selected. This will be fixed in 4.2. 4.1.2 4.2
March 28, 2019

In MVISION Cloud Connector 4.1.2, updating the Log Processor and Integration configurations together may not work properly due to an improper API call. As a workaround, save the configurations separately for each tab.

4.1.2 -
March 28, 2019

When you upgrade to MVISION Cloud Connector 4.1.2 from 4.1.0, the SMTP and SIEM configuration may be disabled. We recommended that you reconfigure and Enable the SMTP and SIEM integration from the Dashboard configuration at Settings > Infrastructure > EC Configuration.

4.1.2 4.2
March 28, 2019 In the MVISION Cloud Connector web user interface (not the Dashboard interface), the SIEM and PANORAMA configuration tabs are still visible after the upgrade from 4.1.1 to 4.1.2. Make sure to use the Dashboard configuration at Settings > Infrastructure > EC Configuration to configure SIEM and Panorama settings. This will be fixed in a future release.  4.1.2 4.2
March 22, 2019 On Windows VMs, if you switch the Unmatched Key Value Store from LevelDB to RocksDB and see main loop spinning errors or "UnmatchedTracker - Bean instantiation" errors in Cloud Connector debug logs, this may mean that Visual C++ is not installed properly. Install Visual C++ and try again.  4.1.1, 4.1.2 -
Feb 28, 2019 Enterprise Connector is now MVISION Cloud Connector. You'll notice we're transitioning over to our new name in the UI and in all other areas of our product. But the Settings menu still reads Infrastructure > EC Configuration. This is a known issue for this release and will be fixed in a future release.  4.1.1 -
Jan. 30, 2019

For Enterprise Connector 4.1.1, (build 5268) some fonts are missing from the Unix installation. You will see the following error, and then a list of missing fonts.

java.lang.Error: Probable fatal error:No fonts found.

To resolve the issue, reinstall the fonts using the command:

sudo apt-get install fontconfig

Then reinstall EC 4.1.1.

4.1.1 4.1.2
July 18, 2018 In the Enterprise Connector SIEM integration, anomaly/incidents are not being received by the Enterprise Connector, but Audit logs are being received. Anomaly/Incidents should be sent to the SIEM. This issue will be fixed in Enterprise Connector 3.9.2.  3.9.1 3.9.2
Nov 29, 2017 Enterprise Connector uses persistent-cache for various tasks. This cache must be periodically rotated to reduce the amount of data held locally by EC, or else it may cause the service to crash. Enhancements have been made to allow cache rotation in #hours instead of #days, as the amount of data could be in GBs. And a new property, leveldb.dualmode.maxhours, has been added to rotate older entries against dual-mode processing. 3.6 3.7
Sept 12, 2017 If Excel spreadsheet tabs include tokenized text that is less than 31 characters, the text for the tab cannot be detokenized. This is a limitation of Excel. This issue will be fixed in the 3.6.1 release.  3.6 3.6.1
Aug 16, 2017

Detokenizing reports for PDF files is currently not working in Enterprise Connector and MVISION Cloud dashboard. Also, multiple worksheets in Excel cannot be detokenized if the group-by option was selected in Report Manager. Both issues are being worked on. The Excel issue will be fixed in the 3.6.1 release. 

3.6 3.6.1
July 26, 2017 The MVISION Cloud logo in the PDF template does not display properly. The issue is not specific to EC, but will be observed with EC 3.5.1. This is fixed with MVISION Cloud 3.6 release. 3.5.1 MVISION Cloud 3.6
July 26, 2017 Detokenizing PDF reports in Enterprise Connector is not working 3.5.1 PDF detokenization is not supported
July 20, 2017 If Enterprise Connector SMTP is configured for your MVISION Cloud instance, there is a known issue with Enterprise Connector 3.5 where Services Report Emails remain stuck in the queue and will not be delivered. Install Enterprise Connector 3.5.1 to resolve this issue. For help, contact MVISION Cloud Support 3.5 3.5.1
July 5, 2017 On Windows systems, Enterprise Connector does not process .tgz files. Please make sure that such files are extracted before being provided to EC for processing. 3.3  
May 11, 2017 If you currently have Panorama CLR enabled in legacy mode (i.e., not using the Firewall/Proxy Integration UI), and you want to upgrade to Enterprise Connector 3.5, contact MVISION Cloud Support to manually upgrade your instance.  3.5  
May 8, 2017 Older entries did not get deleted from levelDB causing levelDB taking a lot of disk space. 3.3 3.3 SP1
April 20, 2017 The import command (./shnlpcli md —import MapDB.txt) returns the the following result even if the correct number of entries are imported: Total 0 mappings imported from MapDB.export.txt. 3.3 SP1 3.3 SP2
April 20, 2017 Enterprise Connector stopped processing Syslog logs when a large number of TCP connections were made on the configured port. This issue was fixed when EC was restarted.  3.1 3.3 SP2
March 31, 2017 When Enterprise Connector is reinstalled, you can reuse the existing DNS. But during installation, if you do not reuse, it creates a new DNS record for EC, which can cause confusion. Contact MVISION Cloud Support to request that they delete old and invalid EC DNS records. Existing behavoir  
March 28, 2017 Explicit de-tokenization of data from .csv files on EC WebUI fails if the file had less than 5 rows. 3.3 3.3 SP1
March 28, 2017 If AD attributes are configured to be tokenized (through the propertycustom_attributes.tokenize=true via log processor.local.properties file), then logback.xml file also needs to be edited as below: 

After this line:
<logger name="org.springframework" level="WARN" additivity="true"/>

add the following line:
<logger name="com.shn.ec.tokenization.impl.EventTokenizerImpl" level="INFO" additivity="true"/>

3.3 3.3 SP1
March 28, 2017 The feature Receiving Notification Emails from Your Corporate Domain in the 3.3 release did not have an explicit property to specify the sender. This is fixed. You may configure the property mail.smtp.sender in the logprocessor.smtp.properties file. 3.3 3.3 SP1
March 28, 2017 Event logs with timestamps more than 24 hours in the future are not processed. The timestamp from the event log is compared to the time on the computer where Enterprise Connector is installed 3.3 SP1  

 

 

  • Was this article helpful?