如果到处理程序的连接丢失或被中断,则 TA 无法下载并应用策略。TA 执行其数据库事务回滚,从而失败并应用部分下载的策略,而不是回滚到最后一个已知策略。
示例:如果存在大型 ENS 防火墙策略,并且代理无法下载所有策略对象,则会在以下位置
masvc_<computer>.log 看到类似于以下内容的错误:
masvc(5096.5508) policy.Error: po_id: 2103 pso_id: 68290, pso validation failed
masvc(5096.5508) policy.Error: po_id: 2103 po validation failed
masvc(5096.5508) policy.Error: Assignment validation failed obj_id: 2103 product: ENDP_FW_1070 method: (null) param: (null)
masvc(5096.5508) policy.Error: Policy service start db validation failed, generating event for EPOAGENT3000
masvc(5104.5924) policy.Error: po_id: 2103 pso_id: 68290, pso validation failed
masvc(5104.5924) policy.Error: po_id: 2103 po validation failed
masvc(5104.5924) policy.Error: Assignment validation failed obj_id: 2103 product: ENDP_FW_1070 method: (null) param: (null)
masvc(5104.5924) policy.Error: Policy service start db validation failed, generating event for EPOAGENT3000
masvc(5456.5908) network.Notice: URL(https://0.0.0.0:443/policy/po.2103.ed16b6732eab48377ea8d18651a1fcea8511a0e0cb161axxxxxx) request failed with curl error <56>, response code <200>, http connect code 0
masvc(5456.5908) policy.Error: Length doesnot matches
masvc(5456.5908) policy.Error: Due to Hash Validation failure, calling policy handler stop rc - <1612>
masvc(5456.5908) sqlite.Error: mapolicy.db:ROLLBACK TRANSACTION:1
此错误会导致默认的 ENS 防火墙停止应用所有策略对象,其中可能会导致网络中断,直到代理可以成功检索整个策略对象集并在下一次通信时将它们应用到系统。