IBM Support

QRadar Vulnerability Manager: Scans fail to start on newly installed or recently licensed 7.2.x installs

Troubleshooting


Problem

An automated task that verifies the internal QVM contract date on fresh installs or newly licensed QRadar Vulnerability Manager systems might prevent a scan from starting as expected.

Symptom

This issue can affect any QRadar Vulnerability Manager that is a new install or a newly licensed at version 7.2.x.

When this issue occurs, scans in QRadar Vulnerability Manager might not start a scan as expected. This is because the automated script that updates the contract date has not had the opportunity to run.

Cause

Every night at 6:00 a.m. (Console time), an automated task runs to check if the activation date for the license needs to be updated. If an administrator has just installed or recently added a QRadar Vulnerability Manager license to activate this feature, then the script might not have had a chance to launch and can prevent scans from starting. When this issue occurs, no error message is generated for the user.


There are two main use cases where the activation end date could cause an issue for administrators:

  1. Customers want to run QVM scans the same day* they installed QRadar from an ISO (fresh installation).
  2. Customers want to run QVM scans the same day* they licensed QVM on an preexisting QRadar system.

    * Until 6am the following day.

Diagnosing The Problem

If a scan fails to start after a new appliance is commissioned by an administrator, then the activation date might need to be updated.

Resolving The Problem

The administrator can take one of the following actions to resolve this issue.

  1. Wait until after 6:00am to start the first scan for a fresh install or newly licensed QRadar Vulnerability Manager product.
  2. Manually update the activation date for QRadar Vulnerability Manager.




Note: This procedure should only be attempted by administrators experienced with database changes and requires root access to the appliance hosting QRadar Vulnerability Manager.


To manually update the activation date for QRadar Vulnerability Manager


Procedure
  1. Using SSH, log in to the appliance hosting the QRadar Vulnerability Manager Processor as a root user.
  2. To force the contract to update, the adminsitrator can run the following command: psql -U fusionvm -p 15433 -c "select cw_schedule_checkforcontractend()"
  3. Log in to the QRadar user interface.
  4. Click the Vulnerabilities tab.
  5. Select a scan profile.
  6. Click Actions > Run Now.
    The scan status should change to Running shortly after starting the scan.



Where do I find more information?
If you have additional questions or some of this content is not clear, you can see the QRadar forum or contact customer support:

[{"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 May 2019

UID

swg21694490

Page Feedback