2 Replies Latest reply on Mar 3, 2011 2:23 PM by rmarrero1fl

    Error: "Failed. Cannot Interpret Data" occurs while running a Vulnerability Scan.

    Apprentice

      Error: "Failed. Cannot Interpret Data" occurs while running a Vulnerability Scan.

      ======================================================================================================================

      If running a "Security/Compliance scan" task from the Core or Console, the result column may show "Unable to get vulnerability definitions from the core"

      The Vulscan.log (C:\Documents and Settings\all users\application data\vulscan\vulscan.log) may show the following:

      240 Getting definition data from core <coreservername>
      Wed, 23 Sep 2009 13:19:20 HTTP POST: http://<coreservername>WSVulnerabilityCore/VulCore.asmx
      Wed, 23 Sep 2009 13:19:26 Success
      240 VulnerabilityData::GetData: Unable to process vulnerability data stream
      240 Skipping repair step because scan errors occurred.
      Wed, 23 Sep 2009 13:19:26 Exiting with return code 0x8db30194.

      Resolution:

      There can be various causes for this issue.   The following sections will list the various causes and possible resolutions:

      Core Server Reboot

      Often rebooting the core server will clear up an issue like this.  This should be attempted before changes are made.

      The patch for KB973917 has been installed on the Core Server

      Refer to the following community article for the fix.

      IIS Configuration and/or Permissions Issue:

      Vulnerability Data is stored in the \\CORESERVER\LDLOGON\VulnerabilityData folder.   A basic connectivity test can be done by browsing from Internet Explorer on the client to \\Coreserver\LDLOGON\VulnerabilityData.   This should result in a directory listing displaying various .XML and .XMLZ files.

      If this fails, directory and virtual directory permissions should be verified within IIS (Internet Services Manager.)

      For information on the proper permissions that should be applied to directories, see this article.

      Additionally, the .NET Framwork may need to be re-registered and IIS reset as pictured below (Note: The directory for the .NET Framework version may vary)

       

      The web services log file on the core server can be useful for troubleshooting:

      Run a vulnerability scan and then check the following log on your core server:

      c:\windows\system32\logfiles\w3svc1\(latest log file)

      Within this log file there will be lines similar to the following:

      2009-12-02 17:58:21 W3SVC1 192.168.0.69 GET /ldlogon/VulnerabilityData/0_win2k3_ENU.1259766918.xmlz - 80 - 192.168.0.1 3200-LANDeskDownloader 206 0 0

      If the HTTP result code (A red "206" in the example above) is in the 400's or the 500's, this can indicate a server-side error.

      An internet search of "HTTP ERROR CODES" can aid in diagnosis.

      It is also important that the Core Server was not renamed after IIS installation.   Verify that the IUSR_<coreservername> and IUSR_<coreservername> accounts truly match the current name of the core server.  (Check account names in IIS Manager or Computer Management vs. what is returned by running "hostname" in a command prompt" window.

      Modifying the Identity used by the WSVulnerability Application Pool

      At times there have been Group Policy changes that have restricted the rights to the "Network Service" that the Application Pool normally uses.   Changing this Identity to use "Local System" has at times resolved this issue.

      1 - In the IIS manager, if you have not already create a new application pool then add the wsvulnerability web service to it. If you already have the pool then skip this step 1.
      2 - On the application pool for WSVulnerability right-click and select properties.
      3 - On the properties window select the Identity tab.
      4 - Change the Predefined to "Local System"
      5 - Open a Command Prompt and run "IISRESET"

      Additional information regarding the Optimization of IIS can be found here.

      MSXML installation corrupted or missing on client

      In order for the VulnerabilityData .XML files to be downloaded and properly parsed by the client, the MSXML installation must be functioning properly on the client.

      Obtain the latest MSXML version and install on the client.

      The LDZIP.DLL in \Program Files\LANDesk\ManagementSuite\wsvulnerabilitycore\bin on the core server is not up to date.

      If this is the case, the PatchCore.log (...\LANDesk\ManagementSuite\log\) on the core server will likely show the following error:

      System.EntryPointNotFoundException: Unable to find an entry point named 'LDCompressFile' in DLL 'ldzip.dll'.
      at LANDesk.ManagementSuite.WSVulnerabilityCore.VulnerabilityData.LDCompressFile(String fileIn, String fileOut)
      at LANDesk.ManagementSuite.WSVulnerabilityCore.VulnerabilityData.SerializeToFile(String filename)
      at LANDesk.ManagementSuite.WSVulnerabilityCore.VulnerabilityData.Serialize(Int32 type, String platform, String language)
      at LANDesk.ManagementSuite.WSVulnerabilityCore.VulCore.GetVulnerabilitiesOfType(Int32 type, String platform, String language, Int32 lastUpdated)
      System.EntryPointNotFoundException: Unable to find an entry point named 'LDCompressFile' in DLL 'ldzip.dll'.
      at LANDesk.ManagementSuite.WSVulnerabilityCore.VulCore.GetVulnerabilitiesOfType(Int32 type, String platform, String language, Int32 lastUpdated)
      at LANDesk.ManagementSuite.WSVulnerabilityCore.VulCore.GetVulnerabilitiesOfTypeCompressed(Int32 type, String platform, String language, Int32 lastUpdated)

      1. Compare the Version of the LDZIP.DLL in that directory with the one in \Program Files\LANDesk\ManagementSuite.

      2. If the LDZIP.DLL in \Program Files\LANDesk\ManagementSuite is newer than the one in \Program Files\LANDesk\ManagementSuite\wsvulnerabilitycore\bin, copy the LDZIP.DLL from \Program Files\LANDesk\ManagementSuite to \Program Files\LANDesk\ManagementSuite\wsvulnerabilitycore\bin

      3. From the command prompt run "IISRESET".

      Remove the /3GB switch from the BOOT.INI file on the Core Server

      BOOT.INI is a hidden system file at the root of the system drive.

      Reboot the Core Server after removing the switch.

      =====================================================================================================================

      I have been done running the guideline but there's still not working or problem ?