Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Intrusion Prevention engine appears offline and log shows "Error/1 dsi open failed: No such file or directory" on Solaris 10

    • Updated:
    • 4 Apr 2019
    • Product/Version:
    • Deep Security 10.0
    • Platform:
    • N/A N/A
Summary

Intrusion Prevention engine appears as offline in Deep Security Manager on Solaris 10 Sparc. After trying to uninstall the Deep Security Agent and re-installing it in the global zone, the process fail and the following errors appear in the logs:

2019-02-07 14:34:50.391945: [Error/1] | dsi open failed: No such file or directory | ...RIS10_SPARC/src/dsa/plugins/fw.dpi/dsp/fwdpi/service.lua:141:main | 2CA:7:dsp.fwdpi.service  2019-02-07 14:34:50.000000: [Error/1] | dsi_open(): No such file or directory | /export/home/build/workspace/Sustain/10.0/Build_DSA_10_SOLARIS10_SPARC/src/dsa/plugins/fw.dpi/SSLCertThread.cpp:261:OnRun | 2CA:A:CSSLCertThread
Details
Public

Root Cause

The issue occurred because the previous installation or uninstallation had left some remnants of dsa_filter module (i.e. the module was unloaded, but some module-related files were still present). This was preventing the module from being loaded.

To confirm the cause of the issue:

  1. Check if the assigned policy has Firewall or Intrusion Prevention enabled with rules assigned.
  2. Run "modinfo |grep ds". It should show the module is not loaded.
  3. Go to cat /var/svc/log/application-ds_agent:default.log. It should contain a section similar below:
    [ Feb  3 00:32:34 Executing stop method ("/opt/ds_agent/ds_agent.init stop") ]
    Stopping Deep Security Agent
    stop: Stopping /opt/ds_agent/ds_agent (will wait up to 60 seconds) kill -TERM 675
    ...
    stop: /opt/ds_agent/ds_agent stopped.
    Stopping Trend Micro Deep Security Drivers
    Driver (dsa_filter) not installed.
    Driver failed to be removed: rc=1
    Stopping Deep Security Drivers (svcadm)
    [ Feb 3 00:32:37 Method "stop" exited with status 0 ]

Resolution

To resolve the issue:

  1. Run the following commands:

    svcadm disable svc:/application/ds_agent:default
    /usr/sbin/rem_drv dsa_filter
    cd /usr/kernel/drv
    rm dsa_filter.conf
    cd sparcv9
    rm dsa_filter
    rm /dev/dsa
    rm /dev/dsa_ssl
    svcadm enable svc:/application/ds_agent:default

  2. Execute "svcs -a |grep ds". It should show the ds_9up, ds_filter, and ds_agent services as online similar below:
    bash-3.2# svcs -a |grep ds
    online 13:09:56 svc:/application/ds_9up:default
    online 13:09:59 svc:/network/ds_filter:default
    online 13:10:06 svc:/application/ds_agent:default
    bash-3.2#
  3. Run "modinfo |grep ds". The dsa_filter module is now loaded.
  4. Verify on the Deep Security Manager that the Firewall and Intrusion Prevention features are enabled and online.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1122431
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.