Receiver 4.4 Selfservice.exe -terminate Does Not Disconnect Sessions

When the -terminate command is passed to SelfService.exe, our ExpandCommandLineMacros method translates it to the equivalent multi-command line options -disconnectapps and -clearAuthManagerState:

In other words: -terminate == -disconnectapps + -clearAuthManagerState

You can either toggle EnableFastConnectTransitionAPI back to its default value of false, or simply execute SelfService.exe -disconnectapps & SelfService.exe -clearAuthManagerState:

[EnableFastConnectTransitionAPI can be found under the following locations:

HKLMSOFTWARE{Wow6432Node}CitrixDazzle

HKLMSOFTWARE{Wow6432Node}PoliciesCitrixDazzle

The expanded form of our -terminate command would look like this:

SelfService.exe -disconnectapps

SelfService.exe -clearAuthManagerState

Related:

Error importing Local License file on Citrix Endpoint Management Server

CEM logs will indicate that lic_checkout_cache_lifetime value cannot be NULL as below


2018-11-21T10:03:03.872+0100 | F0CF2522DCDC489E | INFO | http-nio-14443-exec-7 | com.citrix.xam.listener.ContextInitializedListener | Shutting down license notifications

2018-11-21T10:03:03.872+0100 | F0CF2522DCDC489E | INFO | http-nio-14443-exec-7 | com.citrix.xam.licensing.LicensingNotificationService | Setting up notification schedule

2018-11-21T10:03:03.879+0100 | F0CF2522DCDC489E | ERROR | http-nio-14443-exec-7 | org.hibernate.engine.jdbc.spi.SqlExceptionHelper | Cannot insert the value NULL into column ‘lic_checkout_cache_lifetime’, table ‘Xenmobile.dbo.licensing_server’; column does not allow nulls. INSERT fails.

2018-11-21T10:03:03.884+0100 | F0CF2522DCDC489E | ERROR | http-nio-14443-exec-7 | com.citrix.controlpoint.rest.LicensingResource | Error updating licensing info.

javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: could not execute statement

at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:147) ~[hibernate-core-5.2.7.Final.jar:5.2.7.Final]


CEM server will try to match the hostname in License file against the hostname provided during installation and is case sensitive.

Related:

ViPR SRM VMAX DIscovery issue from VMAX Collector. Running symcfg list receive error “The function could not obtain memory”

Article Number: 492559 Article Version: 2 Article Type: Break Fix



ViPR SRM

Remote discovery of VMAX fails in Device Management

VMAX not collecting data

When checking the connectivity from SRM VMAX Collector. Running symcfg list receive error “The function could not obtain memory”

Possible lock on device is stuck check Symapi logs

A restart of the STORSRVD daemon resolved the issue.

To restart the Solutions Enabler Daemons in Linux do the following

#storedaemon list (this will tell you what daemons are running by showing an * next to it’s name.

#storedaemon stop STORSRVD (to make sure it is stopped and not on a hung state)

#storedaemon start STORSRVD

storedaemon list (to make sure it started)

symcfg list should now show your VMAX’s you are discovering

Related:

  • No Related Posts

Detect and Block Process that loads two particular DLL’s

I need a solution

I want to create Application Device Control Policy to detect Mimikatz in memory, has our red teamers keep by passing SEP AV SONAR and Signatures. 

Refernce for mimikatz https://securityriskadvisors.com/blog/detecting-in-memory-mimikatz/ 

Example scenario, mimikatz is spawned in the context of rundll32.exe, then always loads two specific DLL’s (vaultcli.dll and wlanapi.dll).  Is there a way to setup ADC to log and block process if proccess image  loads both (vaultcli.dll and wlanapi.dll). 

I have alredey tested where, monitor all processes, then if process loads codition either (vaultcli.dll and wlanapi.dll) then log event. In reality what is being logged is if process x spawns vaultcli.dll OR process X spawns wlanapi.dll. This is not very helpful since I have thousands of events generated.  

Has anyone done this in SEP 14.x I have read numurous documentation and found no clear answer if this possible, I need help??

0

Related:

  • No Related Posts

Unable to deploy custom receiver from Store front. Getting ” An error occurred while saving changes on the “Deploy Citrix Receiver” property dialog. Please check the log in event viewer and try again.”

While trying to add customized “receiver.exe” to deploy receiver option in Storefront, you might get following error while saving it.

“An error occurred while saving changes on the “Deploy Citrix Receiver” property dialog. Please check the log in event viewer and try again”.

It works fine with default receiver.

This was the event:

Log Name: Citrix Delivery Services

Source: Citrix Delivery Services Admin

Event ID: 1

Description:

An error occurred running the command: ‘Update-DSWebReceiverHTML5Config’

Filepath ‘C:Program FilesCitrixReceiver StoreFrontReceiver ClientsWindowsFLExternalTest.EXE’ does not contains a filename.

At C:Program FilesCitrixReceiver StoreFrontManagementCmdletsWebReceiverModule.psm1:1658 char:41

+ $SourceTypeForInstallerForWindows = GetReceiverInstallerSourceType -Installe …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Filepath ‘C:Program FilesCitrixReceiver StoreFrontReceiver ClientsWindowsFLExternalTest.EXE’ does not contains a filename.

Citrix.DeliveryServices.PowerShell.Command.RunnerInterfaces.Exceptions.PowerShellExecutionException, Citrix.DeliveryServices.PowerShell.Command.RunnerInterfaces, Version=3.12.0.0, Culture=neutral, PublicKeyToken=e8b77d454fa2a856

An error occurred running the command: ‘Update-DSWebReceiverHTML5Config’

Filepath ‘C:Program FilesCitrixReceiver StoreFrontReceiver ClientsWindowsFLExternalTest.EXE’ does not contains a filename.

At C:Program FilesCitrixReceiver StoreFrontManagementCmdletsWebReceiverModule.psm1:1658 char:41

+ $SourceTypeForInstallerForWindows = GetReceiverInstallerSourceType -Installe …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

System.Management.Automation.ActionPreferenceStopException, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

The running command stopped because the preference variable “ErrorActionPreference” or common parameter is set to Stop: Filepath ‘C:Program FilesCitrixReceiver StoreFrontReceiver ClientsWindowsFLExternalTest.EXE’ does not contains a filename.

System.Management.Automation.Interpreter.InterpretedFrameInfo: System.Management.Automation.Interpreter.InterpretedFrameInfo[]

at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)

at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext)

at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)

at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)

Related:

OneFS Daemons

Barely a week goes by when there isn’t one or more questions from the field about what a particular OneFS process is and/or does. Certainly, the output from running a CLI command such as ‘ps’ or ‘top’ lists a considerable number of services with an isi_* prefix.



For example:



# top

last pid: 16537; load averages: 2.99, 2.53, 2.46 up 4+01:16:22 14:38:23

53 processes: 2 running, 51 sleeping

CPU: 3.3% user, 0.0% nice, 8.3% system, 0.0% interrupt, 88.4% idle

Mem: 65M Active, 274M Inact, 17G Wired, 1036M Buf, 231G Free

Swap:

PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND

2067 root 1 103 0 149M 13564K CPU2 2 74.8H 100.00% syslogd

2126 root 2 20 0 422M 36760K select 8 15:56 0.00% isi_lcd_d

2372 root 19 98 r150 342M 62368K kqread 3 3:18 0.00% isi_stats_d

2298 root 18 98 r150 152M 15656K kqread 4 2:19 0.00% isi_mcp

2355 root 1 20 0 175M 17888K dfq_ch 8 1:41 0.00% isi_upgrade_agent_d

2342 root 1 20 0 259M 26516K select 8 1:41 0.00% isi_rpc_d

2729 root 2 52 0 146M 13148K sigwai 12 1:26 0.00% isi_flexnet_d

2095 root 1 20 0 303M 24768K select 7 0:44 0.00% isi_hangdump

2073 root 2 20 0 421M 35292K select 3 0:35 0.00% isi_lcd_d

2386 root 1 -22 r30 174M 16556K select 8 0:34 0.00% isi_drive_d

2042 root 1 20 0 138M 12416K select 9 0:11 0.00% isi_boot_d

As you’d expect, the majority of these processes, or daemons, live in /usr/bin and /usr/sbin. Most are fairly intuitively name, such as isi_boot_d. However, others like isi_tardis_d are a just a little bit more obscure.

So, by popular demand, here’s a catalog of the various OneFS daemons, along with a brief description of their basic purpose:

Daemon Name

Description

isi_audit_d

Daemon providing queuing service for OneFS audit functionality.

isi_avscan_d

OneFS Anti-virus scanner daemon which logs to /var/log/isi_avscan_d.log. A separate anti-virus scan daemon runs on each node.

isi_boot_d

Boot daemon responsible for maintaining cluster state via the array.xml file, in association with isi_join_d.

Isi_cbind_d

OneFS Bind cache daemon, which accelerates DNS lookups on the cluster, in particular for NFS netgroups.

isi_cdate_d

Daemon that manages OneFS SmartLock WORM compliance clock.

isi_celog

OneFS daemon that manages the Cluster event logging and notification mechanism, in conjunction with isi_celog_coalescer, isi_celog_monitor, and isi_celog_notification.

isi_checkjournal

Verify IFS journal integrity.

isi_collect_d

Framework for collecting and recording performance data at a regular interval.

isi_comp_d

SmartLock compliance store daemon.

isi_cpool_d

Daemon managing CloudPools service, in conjunction with isi_cpool_io_d.

isi_diags_d

Daemon for gathering cluster diagnostics.

isi_dmilog

CPU & memory statistics logging daemon.

isi_dnsiq_d

SmartConnect flexnet daemon. Monitors cluster group state and interface status (flx_config.xml). Controls IP assignments to interfaces and responds to DNS requests.

isi_drive_d

Handles events from the drive controller, kernel, user requests, etc. Responsible for adding and removing drives from the system, and maintaining their states.

Isi_drive_repurpose_d

Migration daemon responsible for converting SSD diskpools to L3 cache.

isi_eth_mixer_d

Maintains the failover subnet IP assignments for a cluster’s backend network.

isi_flexnet_d

Manages the cluster’s front-end network interfaces.

isi_group_change_d

Cluster group change management daemon.

isi_hangdump

Monitors cluster state and collects lock information from all nodes.

isi_hardening_d

OneFS security hardening daemon.

isi_ipmi_d

Dummy server to prevent port stealing by IPMI.

isi_jcommit_d

Daemon handling ifs journal commit logging.

isi_job_d

OneFS Job Engine daemon.

isi_join_d

Daemon managing the node add process. Runs in two modes, node and cluster, determining what information the discovery provider provides.

isi_km_d

Encrypted drive (SED) key manager daemon.

isi_lcd_d

Node front panel LCD control daemon.

isi_lid_d

Daemon that monitors and alerts if chassis is opened.

isi_mcp

Service and configuration management daemon which starts, monitors, and restarts failed OneFS services. Monitors configuration files for changes and propagating local file changes to the rest of the cluster.

isi_ndmp_d

NDMP backup daemon.

isi_netgroup_d

NIS authentication by hostname. Looks up netgroups.

isi_papi_d

Platform API daemon that allows roles based administration (RBAC).

isi_patch_d

Manages OneFS patches.

Isi_psi_d

Platform system information configuration daemon.

isi_quota_notify_d

Quotas notification and logging daemon.

isi_quota_report_d

Quotas reporting daemon.

isi_quota_sweeper_d

Daemon responsible for periodically collecting and removing zero-usage quotas.

isi_rpc_d

Daemon handling Python RPC calls to other nodes in the cluster.

isi_rsapi_d

Remote service API daemon.

isi_snapshot_d

SnapshotIQ daemon.

isi_stats_d

Cluster statistics gathering daemon

isi_stats_hist_d

Historical statistics management daemon

isi_tardis_d

OneFS versioned configuration management daemon, in conjunction with isi_tardis_gconfig_d.

isi_upgrade_d

Manage upgrades, along with isi_upgrade_agent_d.

isi_vasa_d

Daemon that manages storage awareness reporting for VMWare VASA.

isi_vc_d

Isilon for vCenter task management daemon

isi_watchdog_d

Software watchdog that monitors and manages cluster state.

Related:

  • No Related Posts

On demand data in Python, Part 3: Coroutines and asyncio

Much of the data in modern big data applications comes from the web or
databases. You need to write code to process this at scale, but you don’t want
everything to grind to a halt in the process. Python 3 introduced a system for
cooperative multitasking, which alleviates this problem, using asynchronous
coroutines. Asynchronous coroutines build on similar concepts to generators.
They are objects created from special functions which can be suspended and
resumed. They make it possible to break down complex and inefficient
processing into simple tasks that cooperate to maximize trade-offs between CPU
and input/output. Learn these core techniques following a simple sequence of
examples.

Related:

Protection Engine Not Listening on port 8004 or 8005

I need a solution

Hi,

I have sucessfully installed Symantec Protection Engine on RHEL 5.11 (Tikanga) using JRE 1.8.0_144.

I have started the services using /etc/init.d/symcscan start and it reports that it has started and I see the following processes:

root     10164     1  0 14:01 ?        00:00:00 /opt/SYMCScan/bin/SymcMicrodefsManager -config:/opt/SYMCScan/bin -daemon
root     10165 10164  0 14:01 ?        00:00:00 /opt/SYMCScan/bin/SymcMicrodefsManager -config:/opt/SYMCScan/bin -daemon
root     10186     1  0 14:01 ?        00:00:00 /opt/SYMCScan/bin/symcscan -config:/opt/SYMCScan/bin -daemon
root     10187 10186  0 14:01 ?        00:00:03 /opt/SYMCScan/bin/symcscan -config:/opt/SYMCScan/bin -daemon

However netstat -an | grep [ 8004 | 8005 ] doesn’t return anything!

I have the same setup on a dev system where it works.

Can anybody help diagnose why this isn’t working?

Thanks,

Rizwan

0

Related:

Re: I Can’t Login to NMC

To me it looks like you have not started the NW daemons yet.

Do not forget that this is not automatically done at the end of the installation.

Please run

/etc/init.d/networker start

/etc/init.d/gstd start

and verify that the appropriate NW server daemon is running:

ps -ef | grep nsrd

Then try to connect via the command line.

If this works, go ahead and user the GUI.

Related:

I Can’t Login to NMC

To me it looks like you have not started the NW daemons yet.

Do not forget that this is not automatically done at the end of the installation.

Please run

/etc/init.d/networker start

/etc/init.d/gstd start

and verify that the appropriate NW server daemon is running:

ps -ef | grep nsrd

Then try to connect via the command line.

If this works, go ahead and user the GUI.

Related: