IBM Support

IJ24430: QVM SCANNER REVERSE TUNNELS ARE NOT BEING CREATED WHEN THE QVM PROCESSOR IS LOCATED ON THE QRADAR CONSOLE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • QRadar Vulnerability Manager reverse tunnels are not being
created to QVM scanners when the QVM processor is located on the
QRadar Console.
No scan tools will run when this issue is occurring.
Messages similar to the following might be visible in
/var/log/qradar.error when this issue is occuring:
[7171]: WARNING: Interceptor for
{http://processor.workflow.qvm.q1labs.com/}IProcessorEndpointSer
vice#{http://processor.workflow.qvm.q1labs.com/}getScans has
thrown exception, unwinding now
[7171]: org.apache.cxf.interceptor.Fault: Could not send
Message.
[7171]: at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende
rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:6
7)
[7171]: at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte
rceptorChain.java:308)
[7171]: at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
[7171]: at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)
[7171]: at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
[7171]: at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
[7171]: at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:
96)
[7171]: at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.ja
va:140)
[7171]: at com.sun.proxy.$Proxy59.getScans(Unknown Source)
[7171]: at
com.q1labs.qvm.workflow.scan.gateway.ws.ProcessorServiceGatewayW
ebServiceImpl.getQueuedJobs(ProcessorServiceGatewayWebServiceImp
l.java:53)
[7171]: at
com.q1labs.qvm.workflow.scan.ScanToolProcess.exec(ScanToolProces
s.java:81)
[7171]: at
com.q1labs.qvm.workflow.AbstractWorkflowProcess.run(AbstractWork
flowProcess.java:160)
[7171]: at java.lang.Thread.run(Thread.java:818)
[7171]: Caused by: java.net.ConnectException: ConnectException
invoking https://127.0.0.1:9999/processor: Connection refused
(Connection refused)
[7171]: at
sun.reflect.GeneratedConstructorAccessor59.newInstance(Unknown
Source)
[7171]: at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Delega
tingConstructorAccessorImpl.java:57)
[7171]: at
java.lang.reflect.Constructor.newInstance(Constructor.java:437)
[7171]: at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.ma
pException(HTTPConduit.java:1402)
[7171]: at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.cl
ose(HTTPConduit.java:1386)
[7171]: at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j
ava:56)
[7171]: at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java
:673)
[7171]: at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende
rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:6
3)
[7171]: ... 12 more
[7171]: Caused by: java.net.ConnectException: Connection
refused (Connection refused)
[7171]: at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketIm
pl.java:380)
[7171]: at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainS
ocketImpl.java:236)
[7171]: at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl
.java:218)
[7171]: at
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:374)
[7171]: at java.net.Socket.connect(Socket.java:666)
[7171]: at
sun.net.NetworkClient.doConnect(NetworkClient.java:187)
[7171]: at
sun.net.www.http.HttpClient.openServer(HttpClient.java:494)
[7171]: at
sun.net.www.http.HttpClient.openServer(HttpClient.java:589)
[7171]: at
com.ibm.net.ssl.www2.protocol.https.c.<init>(c.java:56)
[7171]: at com.ibm.net.ssl.www2.protocol.https.c.a(c.java:222)
[7171]: at
com.ibm.net.ssl.www2.protocol.https.d.getNewHttpClient(d.java:25
)
[7171]: at
sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpUR
LConnection.java:1217)
[7171]: at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURL
Connection.java:1068)
[7171]: at
com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:78)
[7171]: at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Htt
pURLConnection.java:1352)
[7171]: at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Http
URLConnection.java:1327)
[7171]: at
com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:87)
[7171]: at
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnec
tionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPCond
uit.java:275)
[7171]: at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.ha
ndleHeadersTrustCaching(HTTPConduit.java:1345)
[7171]: at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on
FirstWrite(HTTPConduit.java:1306)
[7171]: at
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnec
tionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.ja
va:307)
[7171]: at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrap
pedOutputStream.java:47)
[7171]: at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh
resholdOutputStream.java:69)
[7171]: at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.cl
ose(HTTPConduit.java:1358)
[7171]: ... 15 more

Local fix

  • Where possible, disable encryption to QVM hosts and perform a
Deploy Full Configuration.

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 7.4.0 FixPack
2.

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 7.4.0 FixPack
2.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ24430
    • 

  • Reported component name
    QR VULNERABILIT
    • 

  • Reported component ID
    5725QVMSW
    • 

  • Reported release
    740
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-04-21
    • 

  • Closed date
    2020-05-01
    • 

  • Last modified date
    2020-05-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    QR VULNERABILIT
    • 

  • Fixed component ID
    5725QVMSW
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 May 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback