OES11 server hangs during startup after installing McAfee VSE 1.7.1

  • 7010736
  • 04-Sep-2012
  • 06-Feb-2014

Environment

Novell Open Enterprise Server 11
McAfee VirusScan Enterprise for Linux 1.7.1
McAfee Anti-Virus for Linux

Situation

After McAfee VirusScan Enterprise for Linux 1.7.1 (McAfee VSE) was installed on an OES11 server, the server hangs on a reboot after eDirectory has started.

Resolution

McAfee reports that HF 779525 for VirusScan Enterprise for Linux v1.7.1 has been released that includes a fix for the OES 11 startup issue.

Workaround
Restart the server in maintenance mode (runlevel S) and edit the file /etc/init.d/nails changing the Should-Start option from novell-nss to nss.

Change the line:
# Should-Start: novell-nss
to
# Should-Start: nss
(or add the Should-Start line if missing depending on the McAfee version)

An example of the corrected section would look like:
### BEGIN INIT INFO
# Provides: anti-virus
# Should-Start: nss
# Should-Stop: novell-nss novell-ncs
# Required-Start: $local_fs $network ndsd cma
Run insserv after saving the changes to apply the modifications and reorder the startup scripts.

Note: Changes made to this script may be overwritten with future updates from McAfee. Customers are advised to use this workaround with caution.

Cause

Checking the novell-nss startup script, the service named nss is provided and not a service named novell-nss. This is seen in the file /etc/init.d/novell-nss:
### BEGIN INIT INFO
# Provides: nss
The nss service has not started when the McAfee VSE initialization reaches that check step in it's startup process. this appears to result in the server hanging as the McAfee VSE application waits for a service (nss) that has not yet started.

Additional Information

One other option that was found to work was adding namcd to the Required-Start line in /etc/init.d/nails. As the McAfee VSE application is using an eDirectory user and group, the thought was to make sure that the nails user and nailsgroup group in eDirectory are accessible (via namcd) prior to McAfee VSE's startup. It is possible that making this change resulted in changing the startup order enough, that the nss service was running by the time the McAfee VSE application tested for it. An example of combining both changes in /etc/init.d/nails would look like:
### BEGIN INIT INFO
# Provides: anti-virus
# Should-Start: nss
# Should-Stop: novell-nss novell-ncs
# Required-Start: $local_fs $network ndsd cma namcd
NOTE: The information provided in this TID is based on research with McAfee VSE 1.7.1 by one customer. Please test and evaluate this solution carefully for your environment. Further support should be directed to McAfee as needed. This information is not supported by Novell.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.