Cortex XDR agent's protection is disabled with error Failed to open corrupted database
21614
Created On 04/03/23 08:14 AM - Last Modified 04/22/24 06:07 AM
Symptom
- The Cortex XDR agent's protection is disabled
- The cyserver process crashed several times
- trapsd.log error messages
Failed to initialize security. Error code = 0x[ERRFMT]
Failed to open corrupted database 'C:\ProgramData\Cyvera\LocalSystem\Persistence\<File Name>.db'. Attempting repair.
Environment
- Cortex XDR Agent versions 7.9.0, 8.0.0
- Windows Operating System
Resolution
The issue has been fixed in the following Cortex XDR/XSAIM agent versions, we suggest upgrading your agent to one of the following or to higher versions.
- 8.1.0
- 8.0.1
- 7.9.2
Below is the workaround:
- Stop the Cortex agent by running the command
C:\Program Files\Palo Alto Networks\Traps\cytool runtime stop
- Delete the particular corrupted DB files located at C:\ProgramData\Cyvera\LocalSystem\Persistence\.
- Note: Do not delete the Persistence folder
- Start the Cortex agent by running the command
C:\Program Files\Palo Alto Networks\Traps\cytool runtime start
Note: The Distribution ID needs to exist in the trapsd.xml before starting the agent. In case missing follow the steps below
- Obtain Distribution ID from tenant Endpoints > Agent Installations
- On the local machine with the agent still stopped, navigate to C:\Program Files\Palo Alto Networks\Traps\config
- Paste Distribution ID to trapsd.xml field <distribution_id></distribution_id>
- example: <distribution_id>123456789</distribution_id>
- Save the file changes
- Start the Cortex agent service using the command in step 3 above.
Additional Information
Refer Install the Cortex XDR/XSAIM Agent for Windows for agent installation steps on Windows