An unexpected error occurred (import of Firewall Catalog Group XML files fails)
Technical Articles ID:
KB91850
Last Modified: 2022-03-11 05:16:21 Etc/GMT
Last Modified: 2022-03-11 05:16:21 Etc/GMT
Environment
Endpoint Security (ENS) Firewall 10.x
ePolicy Orchestrator (ePO) 5.x
ePolicy Orchestrator (ePO) 5.x
Problem
The import of ENS Firewall Catalog Group XML files fails with the following error message:
An unexpected error occurred
The ePO serverorion.log file contains the following error:
NOTE: It's not needed to enableorion debug logging to observe this error. But, debug logging might provide other details to verify the issue. Note the ERROR versus DEBUG entries below.
2019-09-05 12:18:10,729 ERROR [http-nio-8443-exec-229] servlet.ControllerServlet - Exception thrown by ActionBean:
java.sql.BatchUpdateException: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_FW_Group_FW_Rule2". The conflict occurred in database "ePO_EPOSERVER", table "dbo.FW_RuleMT".
at net.sourceforge.jtds.jdbc.JtdsStatement.executeBatch(JtdsStatement.java:1106)
at sun.reflect.GeneratedMethodAccessor392.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.mcafee.orion.core.db.sqlserver.JtdsStatementRetryInvocationHandler.invoke(JtdsStatementRetryInvocationHandler.java:86)
at com.sun.proxy.$Proxy5.executeBatch(Unknown Source)
at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:345)
at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:345)
at com.mcafee.endp.fw.catalog.dao.GroupDAO.saveRules(GroupDAO.java:256)
at com.mcafee.endp.fw.catalog.dao.GroupDAO.save(GroupDAO.java:96)
at com.mcafee.endp.fw.catalog.dao.GroupDAO.save(GroupDAO.java:34)
at com.mcafee.endp.fw.catalog.service.CatalogDBService.save(CatalogDBService.java:219)
at com.mcafee.endp.fw.catalog.controller.TypeAction.importFinish(TypeAction.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.mcafee.orion.core.servlet.mvc.MvcActionFactoryBase.executeAction(MvcActionFactoryBase.java:64)
at com.mcafee.orion.core.servlet.ControllerServlet.executeAction(ControllerServlet.java:342)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:162)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
at com.mcafee.orion.core.servlet.Forward.respond(Forward.java:143)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:163)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.mcafee.orion.core.servlet.filter.OptionsHttpMethodFilter.doFilter(OptionsHttpMethodFilter.java:29)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1203)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.mcafee.orion.core.server.MdcFilter.doFilter(MdcFilter.java:31)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.mcafee.orion.core.server.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:603)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
at com.mcafee.orion.core.server.mfsvalve.ValveContext.invokeNextInChain(ValveContext.java:27)
at com.mcafee.orion.core.server.AccessControlValveHook.invoke(AccessControlValveHook.java:81)
at com.mcafee.orion.core.server.mfsvalve.ValveContext.invokeNextInChain(ValveContext.java:25)
at com.mcafee.orion.core.server.LoginValidationValveHook.invoke(LoginValidationValveHook.java:89)
at com.mcafee.orion.core.server.mfsvalve.ValveContext.invokeNextInChain(ValveContext.java:25)
at com.mcafee.orion.core.server.mfsvalve.MfsValve.invoke(MfsValve.java:39)
at com.mcafee.orion.core.server.AjaxValve.invoke(AjaxValve.java:84)
at com.mcafee.orion.core.server.OrionUserSetupValve.invoke(OrionUserSetupValve.java:41)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:321)
at com.mcafee.orion.core.server.OrionSingleSignOn.invoke(OrionSingleSignOn.java:203)
at com.mcafee.orion.core.server.ClientCertValve.invoke(ClientCertValve.java:60)
at com.mcafee.orion.core.server.ExternalAuthenticationStrategyExtPointValve.invoke(ExternalAuthenticationStrategyExtPointValve.java:140)
at com.mcafee.orion.core.server.ParameterEncodingValve.invoke(ParameterEncodingValve.java:34)
at com.mcafee.orion.core.server.ThreadLocalInfoCleanupValve.invoke(ThreadLocalInfoCleanupValve.java:25)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1137)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2019-09-05 12:18:10,730 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Starting new doPost request: /ENDP_FW_META/uncaughtThrowable.do
2019-09-05 12:18:10,730 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Starting new doPost request: /core/handleUncaughtThrowable.do
2019-09-05 12:18:10,731 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Validating action: handleUncaughtThrowable.do
2019-09-05 12:18:10,731 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Executing action: handleUncaughtThrowable.do
2019-09-05 12:18:10,731 DEBUG [http-nio-8443-exec-229] error.UncaughtThrowableHandler - An uncaught exception occurred:
error message: java.sql.BatchUpdateException: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_FW_Group_FW_Rule2". The conflict occurred in database "ePO_EPOSERVER", table "dbo.FW_RuleMT".
web application url that resulted in the error :/ENDP_FW_META/GroupDependencyEditFinish.do
servlet name that resulted in the error: controller
username of user who submitted the request: admin
ID of user who submitted the request: 1
The ePO server
NOTE: It's not needed to enable
java.sql.BatchUpdateException: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_FW_Group_FW_Rule2". The conflict occurred in database "ePO_EPOSERVER", table "dbo.FW_RuleMT".
at net.sourceforge.jtds.jdbc.JtdsStatement.executeBatch(JtdsStatement.java:1106)
at sun.reflect.GeneratedMethodAccessor392.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.mcafee.orion.core.db.sqlserver.JtdsStatementRetryInvocationHandler.invoke(JtdsStatementRetryInvocationHandler.java:86)
at com.sun.proxy.$Proxy5.executeBatch(Unknown Source)
at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:345)
at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:345)
at com.mcafee.endp.fw.catalog.dao.GroupDAO.saveRules(GroupDAO.java:256)
at com.mcafee.endp.fw.catalog.dao.GroupDAO.save(GroupDAO.java:96)
at com.mcafee.endp.fw.catalog.dao.GroupDAO.save(GroupDAO.java:34)
at com.mcafee.endp.fw.catalog.service.CatalogDBService.save(CatalogDBService.java:219)
at com.mcafee.endp.fw.catalog.controller.TypeAction.importFinish(TypeAction.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.mcafee.orion.core.servlet.mvc.MvcActionFactoryBase.executeAction(MvcActionFactoryBase.java:64)
at com.mcafee.orion.core.servlet.ControllerServlet.executeAction(ControllerServlet.java:342)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:162)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
at com.mcafee.orion.core.servlet.Forward.respond(Forward.java:143)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:163)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.mcafee.orion.core.servlet.filter.OptionsHttpMethodFilter.doFilter(OptionsHttpMethodFilter.java:29)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1203)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.mcafee.orion.core.server.MdcFilter.doFilter(MdcFilter.java:31)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.mcafee.orion.core.server.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:603)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
at com.mcafee.orion.core.server.mfsvalve.ValveContext.invokeNextInChain(ValveContext.java:27)
at com.mcafee.orion.core.server.AccessControlValveHook.invoke(AccessControlValveHook.java:81)
at com.mcafee.orion.core.server.mfsvalve.ValveContext.invokeNextInChain(ValveContext.java:25)
at com.mcafee.orion.core.server.LoginValidationValveHook.invoke(LoginValidationValveHook.java:89)
at com.mcafee.orion.core.server.mfsvalve.ValveContext.invokeNextInChain(ValveContext.java:25)
at com.mcafee.orion.core.server.mfsvalve.MfsValve.invoke(MfsValve.java:39)
at com.mcafee.orion.core.server.AjaxValve.invoke(AjaxValve.java:84)
at com.mcafee.orion.core.server.OrionUserSetupValve.invoke(OrionUserSetupValve.java:41)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:321)
at com.mcafee.orion.core.server.OrionSingleSignOn.invoke(OrionSingleSignOn.java:203)
at com.mcafee.orion.core.server.ClientCertValve.invoke(ClientCertValve.java:60)
at com.mcafee.orion.core.server.ExternalAuthenticationStrategyExtPointValve.invoke(ExternalAuthenticationStrategyExtPointValve.java:140)
at com.mcafee.orion.core.server.ParameterEncodingValve.invoke(ParameterEncodingValve.java:34)
at com.mcafee.orion.core.server.ThreadLocalInfoCleanupValve.invoke(ThreadLocalInfoCleanupValve.java:25)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1137)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2019-09-05 12:18:10,730 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Starting new doPost request: /ENDP_FW_META/uncaughtThrowable.do
2019-09-05 12:18:10,730 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Starting new doPost request: /core/handleUncaughtThrowable.do
2019-09-05 12:18:10,731 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Validating action: handleUncaughtThrowable.do
2019-09-05 12:18:10,731 DEBUG [http-nio-8443-exec-229] servlet.ControllerServlet - Executing action: handleUncaughtThrowable.do
2019-09-05 12:18:10,731 DEBUG [http-nio-8443-exec-229] error.UncaughtThrowableHandler - An uncaught exception occurred:
error message: java.sql.BatchUpdateException: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_FW_Group_FW_Rule2". The conflict occurred in database "ePO_EPOSERVER", table "dbo.FW_RuleMT".
web application url that resulted in the error :/ENDP_FW_META/GroupDependencyEditFinish.do
servlet name that resulted in the error: controller
username of user who submitted the request: admin
ID of user who submitted the request: 1
Cause
Within the Firewall Catalog XML file, there are references to Catalog Rules that are embedded in the Catalog Groups. These Catalog Rules need to be imported before you import the Catalog Groups. The reason is because FW_Group_RuleMT has a foreign key constraint FK_FW_Group_FW_Rule2 on column "id " of the FW_RuleMT table. During the Catalog Group import, the import looks for Catalog Rules first in the FW_RuleMT table. Then, it looks for the ID in the Catalog Group table. If you try to import the Catalog Groups before the Catalog Rules, a violation of the foreign key constraint is triggered, generating the error.
Solution
This behavior is working as designed. Import the Catalog Rules before importing the Catalog Groups.
NOTE: There are no other constraints when importing ENS Firewall Catalog entries from XML files. The only requirement is to import the Catalog Rules before you import the Catalog Groups.
NOTE: There are no other constraints when importing ENS Firewall Catalog entries from XML files. The only requirement is to import the Catalog Rules before you import the Catalog Groups.
Workaround
Modify the exported ENS Firewall Catalog XML file and remove CATALOG from every group, children, rule, and space element. For example, use a text editor, such as Notepad++, to find all >CATALOG< references (case-sensitive) and replace them with ><. Removing the CATALOG references changes the XML file to perform a "force-import" of the Catalog objects within the XML file. Removing the CATALOG references doesn't change the Firewall Catalog objects (for example, rules, groups, and networks) in any way.
Example:
Change the following:<spaces enum-type="com.mcafee.endp.fw.catalog.model.DataObject$Space">CATALOG</spaces>
To:
<spaces enum-type="com.mcafee.endp.fw.catalog.model.DataObject$Space"></spaces>
Example:
Change the following:
To:
Affected Products
Languages:
This article is available in the following languages: