Issue with the check_mk_agent updater/installer on windows

CMK version: 2.0.0p17 (CFE)
OS version: Windows (agent)

Error message: [ERROR:CRITICAL] Size of data is too big 33940800

I can not update the CVE-2021-44228-log4j scanner plugin to the latest scanner.
After doing so the check_mk_update plugin will leave the checkmk agent in an
inconsistent state. The mk_agent_update plugin is gone and also the log4j2-scan.exe plugin.

The only difference betwen the working and the new version is the size of the log4j2-scan.exe.
It gas grown from 13MB to 33MB.

In the logfile of the installer (C:\ProgramData\checkmk\agent\log\agent_msi.log) I have founf this messages:

2022-02-14 12:22:56.752 [srv 7176] [Trace] Processing file 'plugins/..\bin\log4j2-scan.exe'
2022-02-14 12:22:56.753 [srv 7176] [Trace] Processing 33940800 bytes of data
2022-02-14 12:22:56.753 [srv 7176] [ERROR:CRITICAL] Size of data is too big 33940800
2022-02-14 12:22:56.754 [srv 7176] [ERROR:CRITICAL] Invalid cap file, [name] plugins/..\bin\log4j2-scan.exe
2022-02-14 12:22:56.754 [srv 7176] [Err  ] CAP file C:\Program Files (x86)\checkmk\service\install\plugins.cap looks as bad

The question is, is this by design, or is this an bug.

There are two problems with this

  • I can not update the plugin :frowning:
  • More important: as the automatic update of the agent is no longer working after updating to this agent package, I can not automatically rollback to a working version.

We just encountered this issue in support and are already working on a fix. Keep an eye on the releases!

1 Like

Oh my goodness, it must never happen that agent updater plugin get lost.
We would have to re-install on several thousands of hosts :open_mouth:
I hope this is only related to this log4j plugin.


We have investigated the situation and a fix is in the making. Look out for a new release and I will try to keep you posted here.

:exclamation: Until the bug fix has been released, we recommend everyone to disable the Log4J MKP rollout through the agent bakery or at least to not attempt to update to the current version! :exclamation:
We are sorry for the inconvenience and a said a fix is expected shortly.

1 Like

As long as your agent plugins are not larger than 20MB then yes :frowning:

this is good, but it still means before someone can try to install a large(r) agent plugin he has to install your fix, if not he has a problem :frowning:

1 Like

OK, so its related to the size. Luckily from our custom plugins the biggest one is ~9MB

Good to know but I hope they fix it before we migrate to 2.0

Thank you for this information.


To sum up: This is a general problem only coincidentally triggered by the size of the scanner executable.
@thl-cmk described the problem pretty good, if the cab file for the agent installation grow too big, the installation fails and leaves the agent in an inconsistent state, and it obviously has unexpected and severe repercussions.
@thl-cmk: I assume your update has already been published, or are you still in testing?

luckily not. I was running in this issue on my testing environment.

1 Like

Perfect, then the criticality is not too high. But severe, no question.
I will keep you posted on the fix @thl-cmk, can you wait with your update until then? The fix should be out within this week.

I have another choice?

Well, if you are a fan of The Joker, you might want to watch the burn, but I would appreciate you helping us out here. :wink:

Breaking news: The problem has been fixed in the following Werks:

The fix will be included in the next releases of the stable and oldstable version.
There will however be no emergency release for this, the normal release cadence will be followed.

1 Like

Is this a per file (plugin) limit, or for the hole installer?

I hope the bakery has a nice error message for this :wink:

@robin.gierse (and tribe29) more question(s) about the size limit:

  • Why 64 MB? Is there a special reason to make it not for 1024 MB for example, or even on limit?
  • Why not say: do not use the bakery as software deployment, If you need to deploy large files (executables) do it outside of CMK?

Why 64 MB? Is there a special reason to make it not for 1024 MB for example, or even on limit?

64 MB as a limit is valid only for a server(monitoring sire). Server doesn’t allow embedding bigger file. If you really need something very big, then it is quite easy to patch this limit. Also, the final value of the limit is not written in stone: on requests from clients, we can change the value without hesitation. And there is no special reason to set a limit on 64 MB, just a soft recall, that Windows agent is not intended for mass deployment of third-party software.

Limit on client site 1024 MB, it is just a RAM protection.

Why not say: do not use the bakery as software deployment, If you need to deploy large files (executables) do it outside of CMK?

For me this is self-evident, and I did say this many times :grinning:

1 Like

Thanks for the feedback, for me this is fine :wink:

just for calrification: Is this 64MB limit a per file (plugin) limit, or for the hole installer?

64 MB is a per file limit

Post must be at least 20 characters :wink:

1 Like