Summary The ndtrack component of the agent causes high CPU usage. Synopsis When the FlexNet Inventory Agent runs the ndtrack.exe component to gather inventory, a high CPU usage is recorded. This is a feature of the agent by design and is not a defect. The ndtrack component is designed to allow the operating system to manage resources according to priority, so the Agent can take as much available CPU resources as available if nothing else is running as a higher priority. By design, the operating system will hand back CPU resources to any running applications with a higher priority. Discussion The LowProfile setting determines the CPU priority of the FlexNet Inventory Agent on the device where it is executing. When set to True (which is the default value if nothing is specified), the FlexNet Inventory Agent process runs with low priority. For UNIX-like systems, this sets the nice level of the process to 10. On recent Windows platforms, it uses background processing mode (PROCESS_MODE_BACKGROUND_BEGIN). On legacy Windows platforms where this is not supported (such as Windows XP and earlier), it uses a priority of idle (IDLE_PRIORITY_CLASS). When set manually to False, the same processes run with normal priority which is the most common mode and could be competing with other processes. Full information on the LowProfile setting is available on page 302 of the 'GatheringFlexNetInventory.pdf' file available from docs.flexera.com (also attached below). Additional Information To set the LowProfile to False to use less CPU utilization, you can configure it by: A) Setting the value in the registry hive [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\Tracker\CurrentVersion](Windows) B) Adding the line 'LowProfile=True' to the /var/opt/managesoft/etc/config.ini configuration file under the section [ManageSoft\Tracker\CurrentVersion] (non-Windows) [ManageSoft\Tracker\CurrentVersion] LowProfile= VALUE [True/False] Excessively large directory scans are the most common cause of high CPU usage. For example, if you are scanning the root ('/') directory across all of your Linux devices, then this could create a significant overhead, as the tracker component will recurse through all subdirectories by default. If these settings need to changed, navigate to Discovery & Inventory -> Settings -> File evidence in the Web UI (see attached .PNG below to illustrate): The agent executables are not multi-threaded If none of the above solutions seems to explain your scenario, then it is recommended to ensure that your operating system (+ version) is compatible with the agent version that you are running. You can check the System Requirements documentation -> Prerequisite Software -> FlexNet inventory agent section to verify this. ... View more

This article aims to provide some guidance on how to gather the relevant information required by our Technical Support teams to provide a timely response to any issues encountered while using FlexNet Code Insight. When contacting our Technical Support team with a new FlexNet Code Insight issue, please include the logs from the following locations: <Install Directory>\tomcat\logs\ <Install Directory>\logs\ Please also include screenshots of the issue where appropriate and details of any operations that had been performed prior to the error occurring such as upgrades or scans. FlexNet Code Insight 6.X Detector Client Issues: If you encounter an issue when using the Detector Client on the FlexNet Code Insight 6.X products, please also include the Detector Logs from the local machine that is running the Detector Client. The logs are available from the following location: C:\Users\<USERNAME>\.palamida\config\detector\logs\ ScriptRunner Issues: If you encounter an error during the use of scriptRunner, please attach a copy of the script that you are attempting to use to the case.  If the error you receive states there is an issue with the JWT token you have provided, please use the following instructions to clear the cached JWT tokens before retrying the script: Shut down tomcat Navigate to C:\Users\Username\.palamida\scriptrunner\ Delete the file named scriptrunner.properties Restart tomcat and retry the script For more information on scripting you can also look at our Scripting - Getting Started article which provide additional information on scriptRunner. SCM Connections: If you encounter an issue with any of the SCM connections available in FlexNet Code Insight 6.X, please clearly identify which SCM connection you have attempted to use as well as the version details for the SCM Client that is running on your FlexNet Code Insight server. FlexNet Code Insight 7.X Plugins: If you encounter an issue with any of the Plugins available to FlexNet Code Insight 7.X, please clearly identify which plugin you have attempted to use, including the version, as well as the version details for any client that is running on your FlexNet Code Insight server. ... View more

Symptoms: The following error may be encountered during an installation of FlexNet Code Insight: Preparing to install  Extracting the JRE from the installer archive...  Unpacking the JRE...  Extracting the installation resources from the installer archive...  Configuring the installer for this system's environment...  Launching installer...  JRE libraries are missing or not compatible....  Exiting.... Diagnosis: This issue is typically caused by insufficient privileges on the 'tmp' directory Solution: To correct this issue, cutomers will need to create a new "temp" directory in a location where you do have the proper permissions (for example, /opt/fnci/tmp), and then set an environment variable called "IATEMPDIR".  Example: mkdir /opt/fnci/tmp export IATEMPDIR=/opt/fnci/tmp You should now be able to successfully launch the installer without encountering the "JRE libraries are missing or not compatible" error. ... View more

Symptoms: An issue has been identified when using the 'httpclient.proxy-autodetect=false' setting to force the system to use the HTTP proxy settings in core.proxy.server.properties and using a proxy server which authenticates via LDAP. When an electronic update is scheduled, the update fails with the following shown in core.update.log: 2019-01-11 11:38:57 ERROR   [http-bio-8888-exec-8]   [UpdateServiceImpl]   java.net.UnknownHostException: updates.palamida.com 2019-01-11 11:38:57 ERROR   [http-bio-8888-exec-8]   [UpdateServiceImpl]   Error checking for updates com.palamida.appsec.BusinessException: Error download from HTTPS: updates.palamida.com at com.palamida.appsec.service.impl.UpdateServiceImpl.downloadHTTPS(UpdateServiceImpl.java:1449) at com.palamida.appsec.service.impl.UpdateServiceImpl.downloadFromUpdatesHTTPS(UpdateServiceImpl.java:1386) at com.palamida.appsec.service.impl.UpdateServiceImpl.isManifestFileAvailable(UpdateServiceImpl.java:1216) at com.palamida.appsec.service.impl.UpdateServiceImpl$$FastClassBySpringCGLIB$$33823c93.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) Diagnosis: By default Oracle Java disables Basic authentication when proxying HTTPS as follows: (jdk.http.auth.tunneling.disabledSchemes = "Basic") Solution: Customers wishing to setup HTTPS proxy authentication can enable "Basic" authentication by removing the Basic from following property in the CATALINA_OPTS variable of the catalina.* file located at <Install Dir>/tomcat/bin/catalina.* jdk.http.auth.tunneling.disabledSchemes = "" For further information on this property please see: https://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html ... View more

Summary This article discusses how to configure TFS for use with HTTPS in FlexNet Code Insight Synopsis Steps to resolve the issue TFS HTTPS(sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException) 1.Get TFS server certificate(HTTPS) and file look like <"XYZ.cer">. i.Go to server machine where tfs server is installed. ii.Go to IE browser settings: Select Internet option==> Got content tab. iii.Click on certificate ==> trusted root certificate autority ==> export the certificate with <hostname>. 2.Import <"XYZ.cer"> certificate to "\jre1.8.0\lib\security"(where CodeInsight application is installed) by using below command. keytool -keystore cacerts -importcert -file <"XYZ.cer"> -alias tfs Note: After executing above command, give the password and Accept the trusted certificate by giving yes value. 3.Download and extract TFS client(add to Path environment variable). 4.Enable the tfs option,in "scm.properties" file. 5.Start the tomcat server with new command line session. Below are the scenario covered. 1. Verified the option of "TFS Update To" .i.e "Latest Changeset","Specific Changeset" and "Label" ==> Working as expected. 2. Verified below URL format for TFS 2015(http and https): http://<server>:<port>/<tfsroot>/<collection>/<project> http://<server>/<tfsroot>/<collection>/<project> https://<server>:<port>/<tfsroot>/<collection>/<project> https://<server>/<tfsroot>/<collection>/<project> 3. Verified below URL format for TFS 2017(http and https): http://<server>/<collection>/<project> https://<server>/<collection>/<project> 4. Verified below URL format for TFS 2012 update1(http): http://<server>/<tfsroot>/<collection>/<project> Covered below SCM: Perforce HTTP , Git , SVN HTTP ... View more

Summary This article documents the accessibility of Secunia research through FlexNet Code Insight following the closure of the Secunia Community site in February 2019 Synopsis The Secunia Community site will become inaccessible at the end of February. A future release of Code Insight will incorporate the following changes to ensure access to Secunia data: Deliver additional Secunia Advisory properties (currently visible on the Secunia Community site) to Code Insight through the Electronic Update service. Provide a new Get Vulnerability Details REST API to obtain the additional Secunia Advisory data. Develop a new "vulnerability details" interface to display additional Secunia Advisory data. Meanwhile, if you want to temporarily disable Secunia Advisories from Code Insight, refer to the instructions below for your version of the product. Code Insight 6.13.0 (or later) Follow the steps below to disable Secunia Advisories from Code Insight v6 (JIRA: SCA-8639) Update the following properties in /FNCI_ROOT/config/core/core.properties : disable.secunia=true (value is false by default) enable.forceupdate=true (value is false by default) Restart Code Insight Force an electronic update Log in as an Administrator Navigate to Administration >> Updates Manually trigger an Electronic Update Code Insight 2019 R1 (or later) Follow the steps below to disable Secunia Advisories from Code Insight v7 (JIRA: SCA-12114) Execute the following database SQL insert statement using a database client of your choice: INSERT INTO PAS_GLOBAL_PROPERTIES (SERVER_ID_, KEY_, VALUE_, ENCRYPTED_) VALUES (0, 'disable.secunia', 'true', 0); Restart Code Insight Force an electronic update Log in as an Administrator Navigate to Administration >> Electronic Update Check the Force Full Electronic Update option Click the Schedule Update button ... View more

Summary Palamida Analyzer - Quick Assessment and Group Builder fail Due to certificate issues. This issue has been identified as a bug under reference SCA-14890. This article contains a workaround to allow the reports to be generated Symptoms A bug has been identified in the Analyzer - Quick Assessment and Analyzer - Group Builder reports due to a certification issue. The following error can be observed in the catalina.out log file under <Install Dir>/tomcat/logs/: 2019-02-06 23:46:15,741 ERROR [http-apr-8888-exec-8] [AnalyzerTask] Error running Palamida Analyzer: class javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at com.palamida.sdk.impl.PalamidaService.get(Unknown Source) at com.palamida.sdk.impl.PalamidaService.get(Unknown Source) at com.palamida.repoanalyzer.impl.DataServiceSource.testConnection(DataServiceSource.groovy:159) at com.palamida.repoanalyzer.WorkspaceProcessor.process(WorkspaceProcessor.groovy:201) at com.palamida.repoanalyzer.ReportTask.process(ReportTask.groovy:176) at palamida_analyzer_task.run(palamida_analyzer_task.groovy:75) Resolution A bug for this issue has been reported under reference SCA-14890. The following workaround has been made available to allow the reports to be used: - Rename analyzer.properties.example to analyzer.properties - Add following property in analyzer.properties- dataServicesUrl = https://api.palamida.io - Restart FNCI - Now the group builder and quick assessment reports from analyzer are working fine ... View more

Summary This article documents the Oracle License Optimization Report noted in FNMS-26234 Symptoms Enhancement FNMS-26234 discusses new Oracle License Optimization Reports. The scripts to create these reports are attached to this article. Resolution Only one script should be used in each environment, please select the script appropriate to your environment from the options below: - OracleOptimizationReport.sql - This script should be applied to multi tenant environments - OracleOptimizationReportSingleTenant.sql - This script should be used in single tenant environments ... View more

Summary This article provides steps to investigate an issue where the OS freezes during scanning Symptoms The following problems occurred at customer 's environment. OS freezes during scan execution. Resolution Customer confirmed the issue no longer appears. No further access to the database to test resolution. ... View more