SOLVED: Software updater databases are NN days old
Hi,
We are currently investigating a challenge, where the Policy Manager is unable to download new Software Updater databases. The issue started on March 2nd, 2017 and as of March 7th a Policy Manager server alert was triggered containing the following information.
fspms-server-alerts.log:
07.03.2017 00:17:18,658 INFO [server.alerts] - Software Updater databases are NN days old. [severity=Security alert]
Products affected are centrally managed products supporting the Software Updater functionality (Client Security Premium, Server Security Premium and Email and Server Security Premium).
Currently, there is no workaround available. Please follow this thread for new updates.
Updates
8.3.2017: Investigation started
10.3.2017: We have identified the root cause and are currently considering different options for how to fix the issue.
13.3.2017: The 3rd party vendor providing the SWUP databases, currently enforces SNI (Server name indication) TLS extension to be implemented by clients downloading SWUP databases (including Policy Manager) and the client must specify server name (content.ivanti.com in this case) during TLS handshake. Unfortunately, PM uses a HTTP client which does not support SNI fully. We are currently discussing with the 3rd party vendor.
14.3.2017: We are still discussing with the 3rd party vendor. The change made was done without notifying F-Secure in advance which has put us in a tight spot.
16.3. The problem is now resolved. As of yesterday March 15th, our partner implemented some changes in their backend fixing the problem. No additional steps are required by customers and Policy Manager can now download Software Update database updates automatically.
17.3 The fix implemented is temporary and a Policy Manager Server hotfix is also being prepared. This hotfix needs to be installed on PM systems with Software Updater (SWUP), as otherwise the update feature will again stop working. The schedule for the release is still open.
22.3: A hotfix is now available to resolve this issue permanently, simply click the "Go to solution" link
