Versions / Builds AffectedEndPointSecurity 2012 build 20120104
Problem SummaryThe same event is inserted in the database multiple times. Closing and opening the console again causes more of the same events to be inserted in the database.
TT / JIRAID34
How to IdentifyThe issue is caused when the service is not able to insert the events into the database, but the user running the console is able to connect to the SQL Server.
In logesecservice.csv you will find errors similar to:
2012-04-23, 15:20:45, 395, 2, 40c, 308, information, opdboperations, DbOperationsPlugin, AgentLogsThread, Count agentlogs = 1 2012-04-23, 15:20:45, 395, 2, 40c, 308, information, opdboperations, DatabaseManager, InsertAgentLogs, Dmanager insert logs 2012-04-23, 15:20:45, 395, 2, 40c, 308, information, opdboperations, DatabaseManager, InsertAgentLogs, Updating sql connection data from xml...
2012-04-23, 15:20:45, 401, 0, 40c, 308, error, opdboperations,
DatabaseManager, InsertAgentLogs, Unable to open sql server connection:
Login failed for user domain\gfieps'.
When the service fails to insert events in the database, the events are kept in a cache and are inserted in the database when the UI is opened. A bug in the caching mechanism causes the same events to be inserted in the database every time the UI is opened.
Workaround / Fix Details- If using Windows Authentication, configure the GFI EndPointSecurity service with a user that is able to update the database
- If using SQL Server authentication, configure a user that is able to update the EndPointSecurity database in Configuration -> Options -> Database Backend
Required Actions1. Provide workaround to the customer and close case if it works
2. Attach this article to the case