Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: App Control agent not able to connect to the console because of the error "disconnected (not permitted)"

App Control: App Control agent not able to connect to the console because of the error "disconnected (not permitted)"

Environment

  • App Control Server: All Versions

Symptoms

  • App control Agent is not able to communicate with the App Control Console.
  • Dascli status outputs shows "disconnected (not permitted)" in the connection information
    Client Information
        Connection:        disconnected (not permitted)
  • App Control Server logs shows messages like below
    [533517] <date> <hour> (8304 Register Thread 0) Statement returned error [2627]: [Microsoft][SQL Server Native Client 11.0][SQL Server]Violation of UNIQUE KEY constraint 'UQ__hostmain__4E88F7AD5AEE82B9'. Cannot insert duplicate key in object 'dbo.hostmain'. The duplicate key value is (xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx-xxxxxxxx).
    Statement: SET NOCOUNT ON;{CALL dbo.RegisterHost (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)}
    [533518] <date> <hour> (8304 Register Thread 0) Host <domainName>\<hostname> [-1] record created.
    [533519] <date> <hour> (8304 Register Thread 0) Error creating host record for computer <domainName>\<hostname> from <IP address>.
    [533520] <date> <hour> (8304 Register Thread 0) Error: Extra Result Set: 1, Statement: SET NOCOUNT ON;{CALL dbo.RegisterHost (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)}
    [533521] <date> <hour> (8304 Register Thread 0) Error: Extra SQL Message: #2, Message: [Microsoft][SQL Server Native Client 11.0][SQL Server]The 'RegisterHost' procedure attempted to return a status of NULL, which is not allowed. A status of 0 will be returned instead., Statement: SET NOCOUNT ON;{CALL dbo.RegisterHost (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)}
    [533522] <date> <hour> (8304 Register Thread 0) SQL Connection was disconnected. Server: localhost
    [533523] <date> <hour> (8304 Register Thread 0) Registration of <domainName>\<hostname> from <IP address> failed, returning error 401.

Cause

  • Duplicated unique id of endpoint(s)

Resolution

*NOTEPlease made sure a full database backup is taken before executing the given steps*
  1. Go to https://YourAppControlServerAddress/shepherd_config.php
  2. Search for the property MaxDeletedHosts and set it 1
  3. Save the change
  4. Get the duplicate key from the App control Server logs (look for "The duplicate key value is"  and copy the value found inside the parenthesis) and run the below query 
    use DAS
    GO
    update hostmain
    set deleted =1
    where cookie = '<duplicate key value>'  -- Based on the server log example mentioned in the article the value here will be xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx-xxxxxxxx
  5. Execute the below SQL query to prune the deleted host:
    use DAS
    GO
    exec dbo.PruneDeletedHosts

     

Additional Notes

Please made sure a full database backup is taken before executing the resolution steps

If after running the 'Prune Deleted Hosts' query, the results contain a message like the below info, then please...
  • Stop both the App Control Server & Reporter Services
  • Re-run both scripts
  • Confirm there are no more messages seen
  • Re-start both the App Control Server & Reporter Services
Msg 2627, Level 14, State 1, Procedure PruneDeletedHosts, Line 25 [Batch Start Line 2]
Violation of UNIQUE KEY constraint 'UQ__hostmain__4E88F7AD186E4FA6'. Cannot insert duplicate key in object 'dbo.hostmain_bak'. The duplicate key value is (xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx-xxxxxxxx).
The statement has been terminated.


 

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎02-01-2022
Views:
302