Master Database downloading outside defined period

PROBLEM:

The Master Database is being downloaded during production hours (e.g. 8:23AM, 1:16PM) and causing a slowdown of the customer’s network. However, it is set in the Triton Manager to download during 21:00 – 06:00.

SITUATION:

·        Web Filter, v7.8.4.

·        One primary policy server, eight Filtering Services at sites in cities around the state. All are in the same time zone and have the correct time.

·        Yesterday we made a fresh install on a Windows server of a secondary Policy Server and a Filtering Service, and configured it to download in the same time window. However, it downloaded the Master Database at the same time as the others, during production hours.

Here’s are sections of the Websense.log from that fresh install, beginning at 21:00.

09/23/2015 21:13:25,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 21:13:27,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 21:39:10,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsTransferTimer.cpp:417,0x11460004,Websense Master Database version 04954 dated 2015-9-23 is up to date.

09/23/2015 22:04:56,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 22:04:58,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 22:56:28,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 22:56:29,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 23:47:59,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/23/2015 23:48:00,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]

… [repeats of those XID disconnect/connect messages every 51-52 minutes] …

09/24/2015 08:23:13,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/24/2015 08:23:15,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]

09/24/2015 08:23:37,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsTransferTimer.cpp:322,0x11460017,Websense has successfully transferred an updated Websense Master Database. This database will now be loaded.

09/24/2015 08:36:41,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsCategoryAgent.cpp:533,0x11460005,Successfully loaded Websense Master Database version 04955 dated 2015-9-24.

09/24/2015 08:59:08,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsTransferTimer.cpp:417,0x11460004,Websense Master Database version 04955 dated 2015-9-24 is up to date.

09/24/2015 08:59:27,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]

Documentation ( http://www.websense.com/content/support/library/web/v78/triton_web_help/db_download_explain.aspx ) says that “Any time Filtering Service is restarted, it checks for available Master Database updates. The update may begin immediately, rather than waiting for the defined period.” However, the Windows Event Viewer shows no indication that Filtering Service was restarted. On the other hand, it does contain “Special Logon” events in the Security section timestamped a minute or two after each of the XID disconnect/connect messages. Following case 01468067 I checked the ignore.txt file; it already contained an entry for “anonymous logon”.

NEXT STEPS: Unknown to me. How might we enforce the defined download period?