Environment
Novell Open Enterprise Server 11
McAfee VirusScan Enterprise for Linux 1.7.1
McAfee Anti-Virus for Linux
McAfee VirusScan Enterprise for Linux 1.7.1
McAfee Anti-Virus for Linux
Situation
After McAfee VirusScan Enterprise for Linux 1.7.1 (McAfee VSE) was installed on an OES11 server, the server hangs on a reboot after eDirectory has started.
Resolution
McAfee reports that HF 779525 for VirusScan Enterprise for Linux v1.7.1 has been released that includes a fix for the OES 11
startup issue.
Workaround
Restart the server in maintenance mode (runlevel S) and edit the file /etc/init.d/nails changing the Should-Start option from novell-nss to nss.
Change the line:
An example of the corrected section would look like:
Note: Changes made to this script may be overwritten with future updates from McAfee. Customers are advised to use this workaround with caution.
Workaround
Restart the server in maintenance mode (runlevel S) and edit the file /etc/init.d/nails changing the Should-Start option from novell-nss to nss.
Change the line:
# Should-Start: novell-nssto
# Should-Start: nss(or add the Should-Start line if missing depending on the McAfee version)
An example of the corrected section would look like:
### BEGIN INIT INFORun insserv after saving the changes to apply the modifications and reorder the startup scripts.
# Provides: anti-virus
# Should-Start: nss
# Should-Stop: novell-nss novell-ncs
# Required-Start: $local_fs $network ndsd cma
Note: Changes made to this script may be overwritten with future updates from McAfee. Customers are advised to use this workaround with caution.
Cause
Checking the novell-nss startup script, the service named nss is provided and not a service named novell-nss. This is seen in the file /etc/init.d/novell-nss:
### BEGIN INIT INFOThe nss service has not started when the McAfee VSE initialization reaches that check step in it's startup process. this appears to result in the server hanging as the McAfee VSE application waits for a service (nss) that has not yet started.
# Provides: nss
Additional Information
One other option that was found to work was adding namcd to the Required-Start line in /etc/init.d/nails. As the McAfee VSE application is using an eDirectory user and group, the thought was to make sure that the nails user and nailsgroup group in eDirectory are accessible (via namcd) prior to McAfee VSE's startup. It is possible that making this change resulted in changing the startup order enough, that the nss service was running by the time the McAfee VSE application tested for it. An example of combining both changes in /etc/init.d/nails would look like:
### BEGIN INIT INFONOTE: The information provided in this TID is based on research with McAfee VSE 1.7.1 by one customer. Please test and evaluate this solution carefully for your environment. Further support should be directed to McAfee as needed. This information is not supported by Novell.
# Provides: anti-virus
# Should-Start: nss
# Should-Stop: novell-nss novell-ncs
# Required-Start: $local_fs $network ndsd cma namcd