The ndtrack component of FlexNet inventory agent is responsible for tracking license consumption. Because it gathers large amounts of file evidence, it has the highest CPU usage of FlexNet Manager suite's components. There are, however, some preferences you can change to lower or increase CPU usage per your preference, including altering ndtrack's process priority and specifying folders in which file evidence scanning occurs. Process priority and CPU usage When the ndtrack component is gathering inventory, it's normally run with low process priority. This feature is by design. It allows the operating system to manage resources efficiently. However, if no processes with higher priority are running, the ndtrack process will typically be given as much CPU resources as it can consume. This can result in high CPU usage. Note: The ndtrack process is not multi-threaded, so it will generally only use a single CPU thread. It is possible that other processes invoked by the ndtrack process may be multi-threaded.   LowProfile preference setting The ndtrack component's LowProfile preference setting determines how your operating system prioritizes running this process and can affect CPU consumption. Ndtrack runs with low priority when the LowProfile setting is set to True (the default). This will make high CPU usage less likely. Ndtrack runs with normal priority (the same priority as most other processes) when the LowProfile setting is set to False. This is likely to result in ndtrack using more CPU resources while other processes are competing for CPU. It will have negligible effect if other processes are not competing for CPU resources. How to change the LowProfile preference setting You can alter the LowProfile setting to run the ndtrack process with either low or normal priority based on your preference. Windows After install Set the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\Tracker\CurrentVersion\LowProfile to the value False. At time of install Use the settings shown below in the mgssetup.ini configuration file. See Agent third-party deployment: Edit the Configuration File for Microsoft Windows in our help library for more information on configuring this setting during installation.   [Tracker] desc0 = LowProfile val0 = False   UNIX-like operating systems  Configure the following setting by running mgsconfig as described here in our help library: Agent third-party deployment: Updating config.ini on a UNIX Device. This action can be competing either at the time of installation or post-installation.   [ManageSoft\Tracker\CurrentVersion] LowProfile=False​   File evidence scanning settings High CPU usage may be particularly evident if you are gathering file evidence on a device with a large filesystem (such as a computer running a UNIX-like operating system). To lower CPU usage, you can alter the inventory settings in FlexNet Manager Suite to only scan specific file paths where file evidence is located. To configure which folders to scan for file evidence: 1. Go to Discovery & Inventory > Settings.       2. In the Inventory Settings, specify which folders to include or exclude. To specify which folders to include, select Collect file evidence for specified folders in Included File Evidence, then enter the file path in the textbox. Select the   icon to add more folders.           To specify folders to exclude, select Specify folders to exclude in Excluded file evidence, then enter the file path. Select the   icon to add more folders.           3. When you're finished, select .   Note: If you are still having further issues, please check our Known issues page to see if there is an open bug we are working to resolve that may affect CPU usage.   ... View more

This article aims to provide some guidance on how to gather the relevant information required by our Technical Support teams to provide a timely response to any issues encountered while using FlexNet Code Insight. When contacting our Technical Support team with a new FlexNet Code Insight issue, please include the logs from the following locations: <Install Directory>\tomcat\logs\ <Install Directory>\logs\ Please also include screenshots of the issue where appropriate and details of any operations that had been performed prior to the error occurring such as upgrades or scans. FlexNet Code Insight 6.X Detector Client Issues: If you encounter an issue when using the Detector Client on the FlexNet Code Insight 6.X products, please also include the Detector Logs from the local machine that is running the Detector Client. The logs are available from the following location: C:\Users\<USERNAME>\.palamida\config\detector\logs\ ScriptRunner Issues: If you encounter an error during the use of scriptRunner, please attach a copy of the script that you are attempting to use to the case.  If the error you receive states there is an issue with the JWT token you have provided, please use the following instructions to clear the cached JWT tokens before retrying the script: Shut down tomcat Navigate to C:\Users\Username\.palamida\scriptrunner\ Delete the file named scriptrunner.properties Restart tomcat and retry the script For more information on scripting you can also look at our Scripting - Getting Started article which provide additional information on scriptRunner. SCM Connections: If you encounter an issue with any of the SCM connections available in FlexNet Code Insight 6.X, please clearly identify which SCM connection you have attempted to use as well as the version details for the SCM Client that is running on your FlexNet Code Insight server. FlexNet Code Insight 7.X Plugins: If you encounter an issue with any of the Plugins available to FlexNet Code Insight 7.X, please clearly identify which plugin you have attempted to use, including the version, as well as the version details for any client that is running on your FlexNet Code Insight server. ... View more

Symptoms: The following error may be encountered during an installation of FlexNet Code Insight: Preparing to install  Extracting the JRE from the installer archive...  Unpacking the JRE...  Extracting the installation resources from the installer archive...  Configuring the installer for this system's environment...  Launching installer...  JRE libraries are missing or not compatible....  Exiting.... Diagnosis: This issue is typically caused by insufficient privileges on the 'tmp' directory Solution: To correct this issue, cutomers will need to create a new "temp" directory in a location where you do have the proper permissions (for example, /opt/fnci/tmp), and then set an environment variable called "IATEMPDIR".  Example: mkdir /opt/fnci/tmp export IATEMPDIR=/opt/fnci/tmp You should now be able to successfully launch the installer without encountering the "JRE libraries are missing or not compatible" error. ... View more

Symptoms: An issue has been identified when using the 'httpclient.proxy-autodetect=false' setting to force the system to use the HTTP proxy settings in core.proxy.server.properties and using a proxy server which authenticates via LDAP. When an electronic update is scheduled, the update fails with the following shown in core.update.log: 2019-01-11 11:38:57 ERROR   [http-bio-8888-exec-8]   [UpdateServiceImpl]   java.net.UnknownHostException: updates.palamida.com 2019-01-11 11:38:57 ERROR   [http-bio-8888-exec-8]   [UpdateServiceImpl]   Error checking for updates com.palamida.appsec.BusinessException: Error download from HTTPS: updates.palamida.com at com.palamida.appsec.service.impl.UpdateServiceImpl.downloadHTTPS(UpdateServiceImpl.java:1449) at com.palamida.appsec.service.impl.UpdateServiceImpl.downloadFromUpdatesHTTPS(UpdateServiceImpl.java:1386) at com.palamida.appsec.service.impl.UpdateServiceImpl.isManifestFileAvailable(UpdateServiceImpl.java:1216) at com.palamida.appsec.service.impl.UpdateServiceImpl$$FastClassBySpringCGLIB$$33823c93.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) Diagnosis: By default Oracle Java disables Basic authentication when proxying HTTPS as follows: (jdk.http.auth.tunneling.disabledSchemes = "Basic") Solution: Customers wishing to setup HTTPS proxy authentication can enable "Basic" authentication by removing the Basic from following property in the CATALINA_OPTS variable of the catalina.* file located at <Install Dir>/tomcat/bin/catalina.* jdk.http.auth.tunneling.disabledSchemes = "" For further information on this property please see: https://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html ... View more

Summary This article discusses how to configure TFS for use with HTTPS in FlexNet Code Insight Synopsis Steps to resolve the issue TFS HTTPS(sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException) 1.Get TFS server certificate(HTTPS) and file look like <"XYZ.cer">. i.Go to server machine where tfs server is installed. ii.Go to IE browser settings: Select Internet option==> Got content tab. iii.Click on certificate ==> trusted root certificate autority ==> export the certificate with <hostname>. 2.Import <"XYZ.cer"> certificate to "\jre1.8.0\lib\security"(where CodeInsight application is installed) by using below command. keytool -keystore cacerts -importcert -file <"XYZ.cer"> -alias tfs Note: After executing above command, give the password and Accept the trusted certificate by giving yes value. 3.Download and extract TFS client(add to Path environment variable). 4.Enable the tfs option,in "scm.properties" file. 5.Start the tomcat server with new command line session. Below are the scenario covered. 1. Verified the option of "TFS Update To" .i.e "Latest Changeset","Specific Changeset" and "Label" ==> Working as expected. 2. Verified below URL format for TFS 2015(http and https): http://<server>:<port>/<tfsroot>/<collection>/<project> http://<server>/<tfsroot>/<collection>/<project> https://<server>:<port>/<tfsroot>/<collection>/<project> https://<server>/<tfsroot>/<collection>/<project> 3. Verified below URL format for TFS 2017(http and https): http://<server>/<collection>/<project> https://<server>/<collection>/<project> 4. Verified below URL format for TFS 2012 update1(http): http://<server>/<tfsroot>/<collection>/<project> Covered below SCM: Perforce HTTP , Git , SVN HTTP ... View more

Summary This article documents the accessibility of Secunia research through FlexNet Code Insight following the closure of the Secunia Community site in February 2019 Synopsis The Secunia Community site will become inaccessible at the end of February. A future release of Code Insight will incorporate the following changes to ensure access to Secunia data: Deliver additional Secunia Advisory properties (currently visible on the Secunia Community site) to Code Insight through the Electronic Update service. Provide a new Get Vulnerability Details REST API to obtain the additional Secunia Advisory data. Develop a new "vulnerability details" interface to display additional Secunia Advisory data. Meanwhile, if you want to temporarily disable Secunia Advisories from Code Insight, refer to the instructions below for your version of the product. Code Insight 6.13.0 (or later) Follow the steps below to disable Secunia Advisories from Code Insight v6 (JIRA: SCA-8639) Update the following properties in /FNCI_ROOT/config/core/core.properties : disable.secunia=true (value is false by default) enable.forceupdate=true (value is false by default) Restart Code Insight Force an electronic update Log in as an Administrator Navigate to Administration >> Updates Manually trigger an Electronic Update Code Insight 2019 R1 (or later) Follow the steps below to disable Secunia Advisories from Code Insight v7 (JIRA: SCA-12114) Execute the following database SQL insert statement using a database client of your choice: INSERT INTO PAS_GLOBAL_PROPERTIES (SERVER_ID_, KEY_, VALUE_, ENCRYPTED_) VALUES (0, 'disable.secunia', 'true', 0); Restart Code Insight Force an electronic update Log in as an Administrator Navigate to Administration >> Electronic Update Check the Force Full Electronic Update option Click the Schedule Update button ... View more

Summary Palamida Analyzer - Quick Assessment and Group Builder fail Due to certificate issues. This issue has been identified as a bug under reference SCA-14890. This article contains a workaround to allow the reports to be generated Symptoms A bug has been identified in the Analyzer - Quick Assessment and Analyzer - Group Builder reports due to a certification issue. The following error can be observed in the catalina.out log file under <Install Dir>/tomcat/logs/: 2019-02-06 23:46:15,741 ERROR [http-apr-8888-exec-8] [AnalyzerTask] Error running Palamida Analyzer: class javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at com.palamida.sdk.impl.PalamidaService.get(Unknown Source) at com.palamida.sdk.impl.PalamidaService.get(Unknown Source) at com.palamida.repoanalyzer.impl.DataServiceSource.testConnection(DataServiceSource.groovy:159) at com.palamida.repoanalyzer.WorkspaceProcessor.process(WorkspaceProcessor.groovy:201) at com.palamida.repoanalyzer.ReportTask.process(ReportTask.groovy:176) at palamida_analyzer_task.run(palamida_analyzer_task.groovy:75) Resolution A bug for this issue has been reported under reference SCA-14890. The following workaround has been made available to allow the reports to be used: - Rename analyzer.properties.example to analyzer.properties - Add following property in analyzer.properties- dataServicesUrl = https://api.palamida.io - Restart FNCI - Now the group builder and quick assessment reports from analyzer are working fine ... View more

Summary This article documents the Oracle License Optimization Report noted in FNMS-26234 Symptoms Enhancement FNMS-26234 discusses new Oracle License Optimization Reports. The scripts to create these reports are attached to this article. Resolution Only one script should be used in each environment, please select the script appropriate to your environment from the options below: - OracleOptimizationReport.sql - This script should be applied to multi tenant environments - OracleOptimizationReportSingleTenant.sql - This script should be used in single tenant environments ... View more

Summary This article provides steps to investigate an issue where the OS freezes during scanning Symptoms The following problems occurred at customer 's environment. OS freezes during scan execution. Resolution Customer confirmed the issue no longer appears. No further access to the database to test resolution. ... View more