IBM Support

IJ24430: QVM SCANNER REVERSE TUNNELS ARE NOT BEING CREATED WHEN THE QVM PROCESSOR IS LOCATED ON THE QRADAR CONSOLE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • QRadar Vulnerability Manager reverse tunnels are not being
    created to QVM scanners when the QVM processor is located on the
    QRadar Console.
    No scan tools will run when this issue is occurring.
    Messages similar to the following might be visible in
    /var/log/qradar.error when this issue is occuring:
    [7171]: WARNING: Interceptor for
    {http://processor.workflow.qvm.q1labs.com/}IProcessorEndpointSer
    vice#{http://processor.workflow.qvm.q1labs.com/}getScans has
    thrown exception, unwinding now
    [7171]: org.apache.cxf.interceptor.Fault: Could not send
    Message.
    [7171]: at
    org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende
    rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:6
    7)
    [7171]: at
    org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte
    rceptorChain.java:308)
    [7171]: at
    org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
    [7171]: at
    org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)
    [7171]: at
    org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
    [7171]: at
    org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
    [7171]: at
    org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:
    96)
    [7171]: at
    org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.ja
    va:140)
    [7171]: at com.sun.proxy.$Proxy59.getScans(Unknown Source)
    [7171]: at
    com.q1labs.qvm.workflow.scan.gateway.ws.ProcessorServiceGatewayW
    ebServiceImpl.getQueuedJobs(ProcessorServiceGatewayWebServiceImp
    l.java:53)
    [7171]: at
    com.q1labs.qvm.workflow.scan.ScanToolProcess.exec(ScanToolProces
    s.java:81)
    [7171]: at
    com.q1labs.qvm.workflow.AbstractWorkflowProcess.run(AbstractWork
    flowProcess.java:160)
    [7171]: at java.lang.Thread.run(Thread.java:818)
    [7171]: Caused by: java.net.ConnectException: ConnectException
    invoking https://127.0.0.1:9999/processor: Connection refused
    (Connection refused)
    [7171]: at
    sun.reflect.GeneratedConstructorAccessor59.newInstance(Unknown
    Source)
    [7171]: at
    sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Delega
    tingConstructorAccessorImpl.java:57)
    [7171]: at
    java.lang.reflect.Constructor.newInstance(Constructor.java:437)
    [7171]: at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.ma
    pException(HTTPConduit.java:1402)
    [7171]: at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.cl
    ose(HTTPConduit.java:1386)
    [7171]: at
    org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j
    ava:56)
    [7171]: at
    org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java
    :673)
    [7171]: at
    org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSende
    rEndingInterceptor.handleMessage(MessageSenderInterceptor.java:6
    3)
    [7171]: ... 12 more
    [7171]: Caused by: java.net.ConnectException: Connection
    refused (Connection refused)
    [7171]: at
    java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketIm
    pl.java:380)
    [7171]: at
    java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainS
    ocketImpl.java:236)
    [7171]: at
    java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl
    .java:218)
    [7171]: at
    java.net.SocksSocketImpl.connect(SocksSocketImpl.java:374)
    [7171]: at java.net.Socket.connect(Socket.java:666)
    [7171]: at
    sun.net.NetworkClient.doConnect(NetworkClient.java:187)
    [7171]: at
    sun.net.www.http.HttpClient.openServer(HttpClient.java:494)
    [7171]: at
    sun.net.www.http.HttpClient.openServer(HttpClient.java:589)
    [7171]: at
    com.ibm.net.ssl.www2.protocol.https.c.<init>(c.java:56)
    [7171]: at com.ibm.net.ssl.www2.protocol.https.c.a(c.java:222)
    [7171]: at
    com.ibm.net.ssl.www2.protocol.https.d.getNewHttpClient(d.java:25
    )
    [7171]: at
    sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpUR
    LConnection.java:1217)
    [7171]: at
    sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURL
    Connection.java:1068)
    [7171]: at
    com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:78)
    [7171]: at
    sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Htt
    pURLConnection.java:1352)
    [7171]: at
    sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Http
    URLConnection.java:1327)
    [7171]: at
    com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:87)
    [7171]: at
    org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnec
    tionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPCond
    uit.java:275)
    [7171]: at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.ha
    ndleHeadersTrustCaching(HTTPConduit.java:1345)
    [7171]: at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on
    FirstWrite(HTTPConduit.java:1306)
    [7171]: at
    org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnec
    tionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.ja
    va:307)
    [7171]: at
    org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrap
    pedOutputStream.java:47)
    [7171]: at
    org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh
    resholdOutputStream.java:69)
    [7171]: at
    org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.cl
    ose(HTTPConduit.java:1358)
    [7171]: ... 15 more
    

Local fix

  • Where possible, disable encryption to QVM hosts and perform a
    Deploy Full Configuration.
    

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 7.4.0 FixPack
    2.
    

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 7.4.0 FixPack
    2.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ24430

  • Reported component name

    QR VULNERABILIT

  • Reported component ID

    5725QVMSW

  • Reported release

    740

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-04-21

  • Closed date

    2020-05-01

  • Last modified date

    2020-05-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QR VULNERABILIT

  • Fixed component ID

    5725QVMSW

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSHLPS","label":"IBM QRadar Vulnerability Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}]}]

Document Information

Modified date:
02 May 2020