000033664 - Driver error 0xe0010014 ECAT Agents not registering in RSA ECAT 4.1

Document created by RSA Customer Support Employee on Aug 3, 2016Last modified by RSA Customer Support on Oct 26, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033664
Applies ToRSA Product Set: ECAT
RSA Product/Service Type: ECAT
RSA Version/Condition: 4.1.x,4.2.x,4.3.x,4.4.x
Platform: Windows
O/S Version: All
 
IssueOn the Machine tab in eCatUI, the error code for all the machines that are unable to check-in are 0xe0010014. An agent reporting a driver error 0xe0010014 is telling us that it did not receive sufficient information on how to handle the Windows kernel that is currently running.
Additionally, you may see messages like this in the Windows logs:

The EcatServiceDriverXXXXX service failed to start due to the following error: %%-536805356

-536805356 converted into hex is 0xe0010014 driver error code and indicates the same error message.
Causenew/unknown kernel exists on the Windows agent that is unrecognized by the ECAT kernel agent
Resolution

ECAT 4.1 has a security feature which disables it on unknown Windows Kernels.


There are 2 mechanisms to make the ECAT team aware of new kernels:


  1. we have a mechanism to detect new kernels from Microsoft before they are available to the public.
  2. we have a mechanism to receive potential new kernels directly from the customer through a hardcoded connection.

On a disconnected environment, this last step should be done manually using ConsoleServerSync.exe.


This has otherwise been designed to be transparent to the customer.


Workaround

NOTE: If a 100% unknown kernel is detected in a customer's environment, then there needs to be some manipulations made by the ECAT team in order to generate the associated tables. Therefore, doing the following steps 1-2-3 will NOT succeed in all kernels being known directly.


Once step 2 is completed, the ECAT team will be aware of the new kernels and will take action, so the tables will be published shortly after (we aim for a matter of hours|day).


1. On the ConsoleServer machine


>ConsoleServerSync.exe 1 kernel  


You will be asked for DB credentials the 1st time you try to connect to it.


This will output a file named revocation_urls_live.xml which looks like this, when there is 1 unknown kernel in an environment:


2. On the connected machine(i.e. the machine with Internet connectivity)


>ConsoleServerSync.exe 2 kernel  
Once step 2 is completed, the ECAT team will be aware of the new kernels and will take action, so the tables will be published shortly after (we aim for a matter of hours|day).

3. Back to the Server


>ConsoleServerSync.exe 3 kernel  

Attachments

    Outcomes