Has someone seen his before?
Nexpose console stops at 93%. Initializing scan engines:
[INFO] [Thread: Security Console] Starting local scan engine.
[INFO] [Thread: NeXpose Scan Engine] Initializing JDBC drivers
[INFO] [Thread: NeXpose Scan Engine] Initializing WinPCap support from E:\Program Files\rapid7\nexpose\nse\nmap …
[INFO] [Thread: NeXpose Scan Engine] Initializing administrative alerters
[ERROR] [Thread: NeXpose Scan Engine] Error during server initialization
java.lang.IllegalStateException: Not a JSON Object: "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\
I’m getting what appears to be the same thing. Were you ever able to solve this?
For anyone else coming across this, I’m in /opt/rapid7/nexpose/nsc/logs/nsc.log
I had to search/replace \u0000 because there were literally millions of them:
2097360 substitutions on 6 lines
Here’s what follows that for me:
2021-02-17T14:49:11 [INFO] [Thread: Security Console] Starting local scan engine.
2021-02-17T14:49:11 [INFO] [Thread: NeXpose Scan Engine] Initializing JDBC drivers
2021-02-17T14:49:11 [INFO] [Thread: NeXpose Scan Engine] Initializing administrative alerters
2021-02-17T14:49:11 [ERROR] [Thread: NeXpose Scan Engine] Error during server initialization
java.lang.IllegalStateException: Not a JSON Object: "\u0000<repeat appx 349,560 times>"
at com.google.gson.JsonElement.getAsJsonObject(JsonElement.java:90) ~[gson-2.2.4.jar:na]
at com.rapid7.updater.UpdateTable.getUpdateTable(Unknown Source) ~[r7shared.jar:na]
at com.rapid7.updater.UpdatePackageProcessor.restoreUpdateTable(Unknown Source) ~[r7shared.jar:na]
at com.rapid7.updater.UpdatePackageProcessor.<init>(Unknown Source) ~[r7shared.jar:na]
at com.rapid7.nexpose.nse.NSE.initAutoUpdate(Unknown Source) [nse.jar:na]
at com.rapid7.nexpose.nse.NSE.run(Unknown Source) [nse.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_252]
2021-02-17T14:49:11 [INFO] [Thread: NeXpose Scan Engine] Shutting down networking support.
2021-02-17T14:49:21 [INFO] [Thread: pool-2-thread-1] [Silo ID: default] [Group ID: 2] [Started: 2021-02-17T14:49:21] [Duration: 0:00:00.002] Updated risk score for group.
If it is what i think it is, its so incredibly rare that it was decided not to fix the code allowing this to happen. It basically means that something, possibly an AV or other security related tool corrupted the update table file for Nexpose. The \u0000 is the interpretation of Java as a Null value most likely due to the corruption of that file.
The best way to fix this would be running a repair install. The Rapid7 support team can help walk through this process. It is recommended to work with support when performing the repair mainly to minimize any complications. In the end, a repair is just running a new installer over an existing install, repairing any corrupt files.
2 Likes
Confirmed, ran the repair install and fixed it. I was a little worried about doing that, mostly didn’t want all the settings, assets, and other things to get inadvertently erased. I didn’t run into any issues though.
For anyone else finding this, kill the current nexpose/rapid7 service, download the latest installer and run it on your current box, e.g.
./Rapid7Setup-Linux64.bin -c
I immediately got a message that a previous installation was detected, and some warnings about backups and only doing this after being in contact with support (I’m a rebel, so I did neither).
Yes -> Yes -> Next -> Finished. Rebooted the entire server, and everything was there.
2 Likes