Appscan Test Failed Due To Communication Error
> Topic: What can be the reason for several "failed due to communication error" messages in… No replies Display:ConversationsBy Date 1-3 of 3 Previous Next tfriess 270001BQA2 1 Post Pinned topic What can be the reason for several "failed due to communication appscan communication error error" messages in the log 2014-04-09T14:03:44Z | Tags: Answered question This question has ibm appscan tutorial been answered. Unanswered question This question has not been answered yet. Hello, I try to scan a web service prototype using Rational AppScan Enterprise. I've manually specified the URLs to be tested, since this is a webservice and AppScan cannot really explore my URLs. After a scan I see some findings, but also a lot of "Test (XYZ) failed due to communication error: http://xyz". If I have a look into my web services log, I see in fact fewer requests coming in there, compared to what AppScan seems to send. Is there a way to find out what exactly the "communication error" problem for AppScan is? I can't find anything in the log that gives me more information about this. I set the log level to "detailed", but that didn't write more information in the ScanLog, which I analyse. I only noticed that the ItemLog-file gets bigger, but I don't know how to analyse this file. It seems like a binary file to me. Any hints how to figure out what the real problem behind the "communication error" is, is very welcome! Thanks in advance, Tim Log in to reply. Marek Stepien 120000HX78 69 Posts Re: What can be the reason for several "failed due to communication error" messages in the log 2014-04-09T16:27:38Z This is the accepted answer. This is the accepted answer. Check if this technote helps CommunicationerrorsdisplayedwhenscanningwithAppScanStandard Log in to reply. jbucanel 120000FUFQ 12 Posts Re: What can be the reason for several "failed due to communication error" messages in the log 2014-04-14T00:51:40Z This is the accepted answer. This is the accepted answer. You may also want to think about how you are testing. If you are testing web services, you will need to use the GSC(generic services client), to invoke the methods for the service. If you are testing web services but those web services are consumed from a web page, all that you are really testing is the web page
refreshed; Session Identifier value refreshed; Windows File; Unix File; Windows File Parameter Alteration; Parameter Alteration Technote (troubleshooting) Problem(Abstract) At the end of a scan, IBM Security AppScan Standard displays a "Test File Parameter Alteration failed due to communication error" message. Symptom The ScanLog.log file includes several sequences such as these: Test xxx (Windows File Parameter Alteration ) failed due to communication error: ... Test xxx (Windows File Parameter Alteration ) is negative on: ... Session Identifier value refreshed; ... Session Identifier value refreshed; ... Session Identifier value refreshed; ... Session Identifier value https://www.ibm.com/developerworks/community/forums/html/topic?id=5142b957-996b-469c-8f63-8e80f135d1d8 refreshed; ... ... or Test xxx (Unix File Parameter Alteration ) failed due to communication error: ... Test xxx (Unix File Parameter Alteration ) is negative on: ... Session Identifier value refreshed; ... Session Identifier value refreshed; ... Session Identifier value refreshed; ... Session Identifier value refreshed; ... ... Cause The target application server does not respond to the "Windows File Parameter Alteration" or "Unix http://www-01.ibm.com/support/docview.wss?uid=swg21505524 File Parameter Alteration" tests, and AppScan tries to rerun the tests after 180 seconds. The test "XPath Injection" can result in the same error. Diagnosing the problem Although these three tests: Windows file parameter alteration Unix file parameter alteration XPath Injection are classified as non-invasive, they do attempt to access system directories on the target web server and can sometimes cause the target server to stop responding. Resolving the problem Disable the three tests and rerun the scan to avoid the issue: Open Scan Configuration > Test Policy Find these tests (for example, enter File Parameter in the find/search field and press Enter) - and then disable them: Windows File Parameter Alteration Unix File Parameter Alteration XPath Injection Press OK when done. After changing the Test Policy, rerun the explore phase by completing one of these actions: Scan > Re-Scan > Re-Scan (Full) Scan > Re-Scan > Re-Explore Document information More support for: IBM Security AppScan Standard Performance Software version: 8.0, 8.5, 8.6.0.0 Operating system(s): Windows Reference #: 1505524 Modified date: 2014-02-19 Site availability Site assistance Contact and feedback Need support? Submit feedback to IBM Support 1-800-IBM-7378 (USA) Directory of worldwide contacts Contact Priv
out-of-session and is trying to re-login" 1283302; AppScan; In-session; detection; login sequence; login; login management; In-SessionDetection; In-Session-Detection; In-Session_Detection; InSession Detection; In_Session Detection; http://www.ibm.com/support/docview.wss?uid=swg21283302 In Session Detection; appscan standard; login expert; expert; 00003357 Technote (troubleshooting) Problem(Abstract) https://www.ibm.com/support/knowledgecenter/SSPH29_9.0.3/com.ibm.help.common.infocenter.aps/r_AdvancedConfig.html Running a scan results with IBM Security AppScan Standard results in error "AppScan Standard has detected it is out-of-session and is trying to re-login" Symptom Running a scan, the following notification is displayed in the UI followed by a 90 second countdown: "AppScan Standard has detected it is out-of-session communication error and is trying to re-login" During this time, the Scan Log will display multiple login requests until the scan eventually stops with this log entry: Stopping scan due to out of session detection Cause As the error message says, AppScan Standard detects it is out-of-session and it is not able to login into the target application. Resolving the problem Consult Login methods appscan test failed in AppScan Standard. There are several possibilities why this can occur: Server stopped responding: AppScan Standard may not be able to get a response in a timely manner from the application due to it being overloaded or temporarily down. During the login steps, the system down checks are disabled, and AppScan is not detecting communication errors. To confirm if this is a communication error, uncheck Configuration > Logim Management > Activate Session Detection and scan again. If the scan stop, this time due to communication error, consult Scanning results in "Communication error". Issues with session cookies/parameters This applies to the Request-based login. Some session cookies or session parameters are missing or tracking is set incorrectly on them. When recording, AppScan will automatically try to detect cookies or parameters in the login sequence that it believes to be related to the session state (i.e. "ASP.NET_SessionId", "JSESSIONID"), and AppScan determines if the cookies/parameters should be tracked or not. These will be listed on the Configuration > Login Management > Session IDs tab. There is a check box to set tracking. If there are session identifiers