Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
3
Replies

Cisco Endpoint connector degrade the version from 7.5.5 to 7.5.1.

Subi
Level 1
Level 1

‎08-25-2022 07:29 AM - edited ‎08-25-2022 07:31 AM

Guys,

We are seeing an product update failed alerts on lot of systems. The host failed to update a product. When we check the logs it shows  The Connector From Version 7.5.5.21061 Failed To Update To 7.5.1.20833. The error code is 1638. I would like to know if someone has faced this kind of issue ? Why the connector is trying to degrade the version.

see attached screenshot

 

 

Labels:
Preview file
9 KB
Preview file
17 KB
0 Helpful
3 Replies 3

Divya Jain
Cisco Employee
Cisco Employee

‎09-04-2022 11:43 PM - edited ‎09-04-2022 11:44 PM

Hello Subi,

This error code occurs when you are trying to install same or lower version on your connector. Now there could be diffeent reasons for that.

1. Try to check if you have any policy configurations where you might have specified some connector version manually
2. Someone might have tried making changes via SCCM installer ( Microsoft System Center Configuration Manager)
3. See if any changes were made via some other 3rd party tool to your endpoints CloudManagement Suite (CMS)
Usually we have seen this error when some change was made by customer unknowingly using one of these methods.


If its none of the above, we would have to dig deeper and check for logs. But i would suggest to double check if any changes were made on the day of alert.

 

You can also learn more about Endpoint Security through our live Ask the Experts (ATXs) session. Check out Cisco Endpoint Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

0 Helpful

Subi
Level 1
Level 1

‎09-08-2022 11:38 AM

HI Divya,

Thanks for the update. I also found some other issue's and would like to elaborate.

We have 4-5 policies - like Audit,Server,Protect,Active directory etc. All hosts were part of Server policy but on organizational settings the default policy was Audit. Under audit policy the product update version was 7.5.1 whereas the Server policy product update version was set as 7.5.5 and most of the host was having 7.5.5 version. Do you think that Deafult policy under Organizational setting might have created this issue ? As the product version update could have pushed from default policy and this could have been a conflict - This is same like Permission from under windows file system.

The reason I'm asking is because after setting the product version under audit policy as 7.5.5, we have not received a single alerts.

0 Helpful

Divya Jain
Cisco Employee
Cisco Employee
In response to Subi

‎09-09-2022 03:58 AM

Hello Subi,

Yes that could be the cause for getting alert. The connector would have gotten lower version details from the audit policy as you suggested. Again going into the details we would have to check the logs to understand the behaviour and why is taking old version from your audit policy.. But as a good practice i would recommend that you check for version on all your policies and avoid discrepancies.

Thanks
Divya Jain

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents