forensic queries that are stuck in pending (NETIQKB72882)

Sometimes, for reasons unknown, a forensic query will get stuck in a status of pending. Follow the instructions in this KB to remove the query from the pending status. These instructions will not allow the query to finish, it is to completely remove the pending query. The query must be restarted if you choose to run it again.

The easiest way to cancel a query stuck in pending is to right-click the query and select Cancel Pending Query.  If that doesn't work, a more drastic measure is to try restarting the services on CC and the LAS.

However, sometimes neither of the above will work so there is a third option that can be used by following the instructions below.

Go to SQL management studio and run the following stored procedure to return all of the queryrequestid?s for the pending reports.

Use onepoint exec SM_ForensicQueryPendingReports

After getting the results of the query plug in the queryrequestid for each pending report and run the following stored procedure.  the queryrequestid will be a guid.  Each guid will have to be deleted separately. There should be single quotes around the GUID.

Use onepoint exec SM_ForensicQueryDeleteQuery ?query_request_id?  (6.5.x)

Use onepoint exec SM_ForensicQueryDeleteReport ?query_request_id?  (6.6)

Go back to control center to confirm that the pending reports queries have been deleted.  Refresh if necessary.

 

N\A

Formerly known as NETIQKB72882