Reference: Common errors
Review common Comply error messages and possible solutions. For information about general errors in Comply, see Troubleshooting.
COMPLY_STATUS_COULD_NOT_FIND_ENGINE
Error type: Health check - Could not find matching engine configured for scan.
Cause
This occurs when the engine (Joval, CIS-CAT, SCC) targeted for an endpoint cannot be found or is not configured.
Solution
Check your targeting. Engines must be targeted for the correct endpoints.
COMPLY_STATUS_DB_CORRUPTED
Error type: Health check - Database may be corrupted. Not performing any scans.
Cause
This may occur if the database is being connected to manually while Comply is writing to it.
Solution
The database is automatically deleted and reset when the client is restarted. To prevent database corruption, do not manually interact with the database outside of Tanium.
COMPLY_STATUS_ENGINE_SETUP_FAILURE_JRE
Error type: Health check - Engine setup failure: Could not setup JRE.
Cause
This can occur if a bad JRE zip file was deployed, if there was an issue with encryption for the JRE, or if there is a problem with security exclusions or antimalware software. This message may appear if the JAVA_TOOL_OPTIONS environment variable is defined. See Java tool options when executing java.
Solution
Check for a Security exclusions issue, an antimalware software issue, or any other software trying to catch script executions.
COMPLY_STATUS_FAILED_STOP_ENGINE_TIMEOUT
Error type: Health check - Failed to stop one or more engines, engine in scanning state.
Cause
This may occur if a current scan needs to be stopped. For instance, if the same scan is set to run in debug mode, the current scan will be stopped.
Solution
Redeploy the scan.
COMPLY_STATUS_INSTALL_FAILURE
Error type: Health check - Installation failure for ECF category.
Cause
This type of failure could be due to insufficient disk space or an issue with security exclusions.
Solution
If this occurs, check Security exclusions and make sure disk space requirements are met.
COMPLY_STATUS_INVALID_JAVA
Error type: Health check - The java executable in the package is invalid for this system.
Cause
This may occur if the wrong executable was targeted for an endpoint. For example, if a Windows JRE is targeted to a Linux endpoint.
Solution
Check your targeting.
COMPLY_STATUS_JRE_INSUFFICIENT_MEMORY_FOR_HEAP
Error type: Health check - Insufficient memory to run the engine.
Cause
This only occurs on Windows and Linux endpoints. Comply checks the heap size defined in the profile configuration or custom configuration, and if there’s more heap size defined than what is available on the system, this message may appear. In some circumstances, with virtual systems that dynamically allocate memory, the system may not yet have allocated the necessary amount of memory at start up. If so, this message may appear.
Solution
Allocate sufficient memory or scans will not run.
Joval [compliance or vulnerability] scan failure
Error type: Health check for ComplyCX 1.5
This joval scan failure message may appear if the JAVA_TOOL_OPTIONS environment variable is defined. See Java tool options when executing java. If debug is enabled or low resources mode is configured, error could appears as follows: Joval [debug] [low resource] [compliance or vulnerability] scan failure: <error string>
Error string could be one of the following:
-
Scan failure - See scan output logs for more details
-
Low resource scan failure - See scan output logs for more details
-
Configuration file was not found
-
Schema validation error in an input intel XML
-
Not enough memory was allocated to run scan
If you encounter this error, you can try increasing the Java heap size memory allocation using Comply Custom Settings. See Custom settings
Nmap network scan failure
Error type: Health check for network unauthenticated scans
When an nmap scan fails, (where debug is enabled) the following error may appear as follows: Nmap [debug] network scan failure: <error string>
Error string could be one of the following:
-
Generic error - An unspecified error reported by the nmap provider (in Extras CX) or other internal error.
-
Timeout error - A scan timeout, as reported by the nmap provider.
-
Executable error <exit code> [(overflow!)] - A non-zero, signed 32-bit exit code from the nmap binary, as reported by the nmap provider. Some large magnitude exit codes cannot be represented. For these, the (overflow!) warning will be appended.
-
Results write error - The scan completed successfully with results, but there was an error producing the results output.
Could not add scan – bad configuration?
Error type: Health check for scans
Cause
An attempt was made to add a scan with a bad configuration, such as missing required fields, this scan already exists, or other various reasons. This generally indicates an internal error between the Comply service and Comply CX.
Solution
This error is not user actionable.
To contact Tanium Support for help, sign in to https://support.tanium.com.
COMPLY-UNKNOWN
Error type: Sensor, assessment status
Cause
There was a unknown error when the assessment attempted to run on the endpoint. This is a catch-all message for several issues.
Solution
Likely there were health check messages that were ignored before the fatal message appeared. Look for health check issues and get log files from the endpoint. See Locate log files.
COMPLY-NOINTEL
Error type: Sensor, assessment status
Cause
Something went wrong assembling the intel for the scan on the endpoint.
Solution
Try deleting and re-creating the assessment, or uninstalling and re-installing Comply CX on the endpoint.
COMPLY-SCANTIMEOUT
Error type: Sensor, assessment status
Cause
The scan took longer than six hours.
Solution
It may need more time or you may need to scan fewer CVE’s or use larger intel chunks and/or a larger heap size.
COMPLY-EXCEPTION
Error type: Sensor, assessment status
Cause
This may be due to an OS problem, such as Windows file locking.
Solution
Look for health check issues and get log files from the endpoint. See Locate log files.
COMPLY-NOCISCAT
Error type: Sensor, assessment status
Cause
The assessment is configured to use the CIS-CAT scan engine, but it was not found on the endpoint
Solution
Go to your configuration and deploy CIC-CAT to the endpoint before redeploying the assessment. See Download and import the CIS engine.
COMPLY-NOJRE
Error type: Sensor, assessment status
Cause
The assessment was supposed to use a scan engine that requires a JRE and none were found on the endpoint. This message could also indicate the wrong JRE is on the endpoint.
Solution
Make sure you targeted a JRE at the endpoint, and if so, that the one you targeted is correct. See Upload a Java Runtime Environment (JRE) package.
COMPLY-NO-CHECKS-EVALUATE
Error type: Sensor, assessment status
Cause
The assessment was not able to evaluate any of the specified checks on the endpoint. This usually means the targeting is incorrect. The content you targeted for that endpoint does not apply to the endpoint.
Solution
Check the targeting. For example, make sure Windows vulnerabilities aren’t targeted for a Red Hat Linux machine.
COMPLY-NOSCC
Error type: Sensor, assessment status
Cause
The assessment is configured to use the SCC scan engine, but none were found on the endpoint.
Solution
Go to your configuration and deploy SCC to the endpoint before redeploying the assessment. See Download and import the SCC scan engine.
COMPLY-NORESULTFILE
Error type: Sensor, assessment status
Cause
The assessment did not generate a result file on the endpoint. This can happen when the assessment runs, but the engine encounters an issue due to bad content, such as benchmark rules or oval definitions.
Solution
Look at logs on the endpoint for a more specific reason for this message. See Locate log files.
Failed_Auth
Error type: Sensor, assessment status
Cause
The assessment failed to login to an unmanaged endpoint to evaluate the assessment on that endpoint. In a RAS scan, the provided credentials did not work for the targeted endpoint.
Solution
Check that the provided credentials are correct for the endpoint.
Last updated: 9/26/2023 2:05 PM | Feedback