Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Scheduled Scan failed to execute in Deep Security 8.0

    • Updated:
    • 29 Jun 2016
    • Product/Version:
    • Deep Security 8.0
    • Platform:
    • Windows 2008 Standard 64-bit
Summary

Scheduled Scan was missed on the servers. Upon checking the diagnostic log, it shows the following:

Caused by: com.thirdbrigade.manager.core.protocol.httpsclient.exceptions.HttpsConnectException: Connect failed.
at com.thirdbrigade.manager.core.protocol.httpsclient.exceptions.HttpsException.convertExceptionToHttpsException(Unknown Source)
... 27 more
Caused by: java.net.ConnectException: Connection refused: connect
Details
Public

To resolve the issue:

  1. Check if the Scheduled Scan is running on a virtual machine (VM) protected by Deep Security Virtual Appliance (DSVA). If the VM is activated during vMotion, the Scheduled Scan may be interrupted.
  2. Disable the automatic migration of DSVA to different ESXi hosts in DRS-enabled ESXi environments. Otherwise, it can cause communication issues that may interrupt Scheduled Scan.
  3. Verify the status of the Anti-Malware feature on ESXi host, DSVA, and agentless host. Take note if any of them is showing "No" or "Not capable" status.
  4. Extend the timeout settings.
    1. Go to the DSVA protecting the affected agentless host.
    2. Press ALT + F2 and log in with the username and password. The default credentials are "dsva/dsva".
    3. Navigate to /var/opt/ds_agent/am directory.
    4. Create the ds_am.ini file with the following information:

      main=debug_level=6
      /opt/ds_agent/lib/libvmpd_rtscan.so=ods_stalled=9,ods_timeout=60

    5. Save the file.
    6. Restart the ds_am service using these commands:

      # sudo stop ds_am
      # sudo start ds_am

  5. Make sure the VMware vShield Endpoint Thin Agent is running in the protected virtual machine.
    1. Open the Run dialog box in the virtual machine.
    2. Type the "msinfo32" command.
    3. Navigate to Software Environment > System Drivers > System Information applet.
    4. Verify that the VM drivers are running.
    5. Run the command "sq query vsepflt". If the result shows that vsepflt does not exist, make sure that the vShield Endpoint Agent is installed and the vsepflt driver is running on the VM.

If the procedure above does not resolve the issue:

  1. Identify the agentless host where the issue is happening.
  2. Collect the following:
    • Diagnostic Package from the agentless host (renamed as "dsa-diag.zip" file)
    • Diagnostic Package from DSM (renamed as "dsm-diag.zip" file)
    • Diagnostic Package from the DSVA that is protecting the agentless host (renamed as "dsva-diag.zip" file)
    • Copy of the following files from DSVA:
      • /var/opt/ds_agent/am/ds_am.ini
      • /var/log/messages* (all)
      • /var/log/dmseg* (all)
      • Date and time when the Scheduled Scan failed
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1101615
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.