Reference: Common errors

Review common Comply error messages and possible solutions. For information about general errors in Comply, see Troubleshooting.

COMPLY_STATUS_COULD_NOT_FIND_ENGINE

Error type: Health check - Could not find matching engine configured for scan.

Cause

This occurs when the engine (Joval, CIS-CAT, SCC) targeted for an endpoint cannot be found or is not configured.

Solution

Check your targeting. Engines must be targeted for the correct endpoints.

COMPLY_STATUS_DB_CORRUPTED

Error type: Health check - Database may be corrupted. Not performing any scans.

Cause

This may occur if the database is being connected to manually while Comply is writing to it.

Solution

The database is automatically deleted and reset when the client is restarted. To prevent database corruption, do not manually interact with the database outside of Tanium.

COMPLY_STATUS_ENGINE_SETUP_FAILURE_JRE

Error type: Health check - Engine setup failure: Could not setup JRE.

Cause

This can occur if a bad JRE zip file was deployed, if there was an issue with encryption for the JRE, or if there is a problem with security exclusions or antimalware software.

Solution

Check for a Security exclusions issue, an antimalware software issue, or any other software trying to catch script executions.

COMPLY_STATUS_FAILED_STOP_ENGINE_TIMEOUT

Error type: Health check - Failed to stop one or more engines, engine in scanning state.

Cause

This may occur if a current scan needs to be stopped. For instance, if the same scan is set to run in debug mode, the current scan will be stopped.

Solution

Redeploy the scan.

COMPLY_STATUS_INSTALL_FAILURE

Error type: Health check - Installation failure for ECF category.

Cause

This type of failure could be due to insufficient disk space or an issue with security exclusions.

Solution

If this occurs, check Security exclusions and make sure disk space requirements are met.

COMPLY_STATUS_INVALID_JAVA

Error type: Health check - The java executable in the package is invalid for this system.

Cause

This may occur if the wrong executable was targeted for an endpoint. For example, if a Windows JRE is targeted to a Linux endpoint.

Solution

Check your targeting.

COMPLY_STATUS_JRE_INSUFFICIENT_MEMORY_FOR_HEAP

Error type: Health check - Insufficient memory to run the engine.

Cause

This only occurs on Windows and Linux endpoints. Comply checks the heap size defined in the profile configuration or custom configuration, and if there’s more heap size defined than what is available on the system, this message may appear. In some circumstances, with virtual systems that dynamically allocate memory, the system may not yet have allocated the necessary amount of memory at start up. If so, this message may appear.

Solution

Allocate sufficient memory or scans will not run.

COMPLY-FATAL

Error type: Sensor, assessment status

Cause

There was a fatal error when the assessment attempted to run on the endpoint. This is a catch-all message for several issues.

Solution

Likely there were health check messages that were ignored before the fatal message appeared. Look for health check issues and get log files from the endpoint. See Locate log files.

COMPLY-NOCISCAT

Error type: Sensor, assessment status

Cause

The assessment is configured to use the CIS-CAT scan engine, but it was not found on the endpoint

Solution

Go to your configuration and deploy CIC-CAT to the endpoint before redeploying the assessment. See Download and import the CIS engine.

COMPLY-NOJRE

Error type: Sensor, assessment status

Cause

The assessment was supposed to use a scan engine that requires a JRE and none were found on the endpoint. This message could also indicate the wrong JRE is on the endpoint.

Solution

Make sure you targeted a JRE at the endpoint, and if so, that the one you targeted is correct. See Upload a Java Runtime Environment (JRE) package.

COMPLY-NO-CHECKS-EVALUATE

Error type: Sensor, assessment status

Cause

The assessment was not able to evaluate any of the specified checks on the endpoint. This usually means the targeting is incorrect. The content you targeted for that endpoint does not apply to the endpoint.

Solution

Check the targeting. For example, make sure Windows vulnerabilities aren’t targeted for a Red Hat Linux machine.

COMPLY-NOSCC

Error type: Sensor, assessment status

Cause

The assessment is configured to use the SCC scan engine, but none were found on the endpoint.

Solution

Go to your configuration and deploy SCC to the endpoint before redeploying the assessment. See Download and import the SCC scan engine.

COMPLY-NORESULTFILE

Error type: Sensor, assessment status

Cause

The assessment did not generate a result file on the endpoint. This can happen when the assessment runs, but the engine encounters an issue due to bad content, such as benchmark rules or oval definitions.

Solution

Look at logs on the endpoint for a more specific reason for this message. See Locate log files.

Failed_Auth

Error type: Sensor, assessment status

Cause

The assessment failed to login to an unmanaged endpoint to evaluate the assessment on that endpoint. In a RAS scan, the provided credentials did not work for the targeted endpoint.

Solution

Check that the provided credentials are correct for the endpoint.