What is DataChannel?
Enables secure, private, bi-directional communication between a point product running on a managed endpoint and its ePO extension.
- The data channel subsystem in the Agent requires that the SpipeSite entry in the SiteList.xml file shows that the ePO version is at least 4.5.0. Otherwise, the subsystem will not start. The subsystem is implemented to run alongside (asynchronously) to the Agent subsystem (the subsystem which performs ASCI communications).
- It is designed to allow for simultaneous ASCI and Data Channel communications for optimal efficiency and without conflict.
- Product teams can now provide customers troubleshooting oriented UI Actions with real-time feedback. These are UI Actions designed to operate on a single end node while providing real-time status back to the ePO Admin. Examples include Update Now, Scan Now, Run Client Task Now.
- All datachannel connections between agents and ePO occur over a standard connection to Apache, these are no different than any other secure agent-to-server connection and will be limited by apache’s threshold of 245 active connections per handler.
- The datachannel relies on the EPOAgentHandlerDatachannelWQ table where each handler polls to receive messages and tasks from tomcat. Responses are sent directly from the handler’s apache service to tomcat.
EPO 4.5 required connectivity from the master ePO server (tomcat service) to the agent handler directly. This requirement has been removed in ePO 4.6, notifications from Tomcat to the AH are now sent as datachannel messages. This means that no direct connection from the ePO server to the remote handler is required. (responses still require that the handler can contact the master ePO server).
What is Run Client Task now and how it works?
You can now run client tasks on demand. ePO 4.6.0 includes a Run Client Task Now action which, when
using version 4.6.0 of McAfee Agent, queues the selected task to run immediately on the selected systems. If there is a network address translation layer (NAT) between the ePO server and the agent client, the task sent with Run Client Task Now runs the next time the agent communicates with the ePO server.
This will let an ePO administrator select and run a task immediately without initiating a wakeup call.
The Run Client Task Now feature uses the datachannel to send the request and to monitor updates as the task runs on the client.Run Now tasks open a status window when they are initiated showing progress on all machines selected.This window cannot be reopened after it is dismissed, but the Server Task Log permanently logs all RCTN attempts. There is a limit of 999 simultaneously selected systems for run now
This is defined in epo\server\conf\epo\epo.properties (clienttask.runnow.system.limit)
We should not change this value.
Following are the Backend status codes sent by the agent:
TASK_FAILED = -1;
TASK_SUCCEEDED = 1;
TASK_STOPPED_BY_SCHEDULER = 2;
TASK_FAILED_TO_GET_STATUS = 5;
TASK_PRODUCT_MANAGER_UNAVAILABLE = 6;
TASK_RECEIVED = 7;
TASK_STARTED = 8;
TASK_POINT_PRODUCT_UNAVAILABLE = 9;
TASK_NO_FINAL_STATUS = 12;
In the ePO interface you will see three segments to the status indicator:
The three steps are Send / Start / Progress. The possible statuses for each step are:
How to troubleshoot Run Client Task Now errors
A permanent store of RCTN events are available in the server task log. Important messages may also be found in the server.log
Run Now tasks may be triggered for multiple machines, but their statuses may take hours to complete. Different machines will return results asynchronously so the task may take a long time to complete
The AutoId of this server task log entry becomes the CorrelationId for the Run Task Now event. The Agent guid is the identifier for the subtask when a message is received.
The Correlation id links to main task then agent guid to link to correct subtask
If the services are terminated for any reason, some messages may be lost as they are temporarily held in a memory hashmap. Sometimes a task stays incomplete forever because subtasks are not complete
TASK_NO_FINAL_STATUS was added to address agent restart problem it sends this message before restarting / epo receives and assumes subtask has been completed in unknown state
AGENT ACTIONS (wakeup, push, dc message notification)
Wake-up call and push require that handler can connect directly to agent.
Agent wake-up will use FQDN/NetBIOS/IP in that order (if present in DB)
Push uses NetBIOS only-connection
Errors logged in server task log and server.log
”accept connections only from the epo server”
For 4.5 and later agents only accept from handlers in sitelist.xml. Pre-4.5 agents will only accept connections from first handler in sitelist no matter how many handlers are there.
Handler selection issues:
If “use all handlers” selected, preference is given to last handler used by that agent.
If that handler is offline or agent has never connected there is no preference and the first handler asking for work will pick up the work request.
Troubleshooting Datachannel issues
Certificates required for DataChannelAH_<Handler Server Name>. Connection problems between AH and ePO. Check server.log for entries like this:
20081216082409 E Srv 11528 McUpload Failed to send http request. Error=12029 (12029)
20081216082409 E Srv 11528 NAIMSRV ForwardDataChannelMessageToJava - Failed to send request, err=0x80004005, HTTP status code=0
This can mean a problem with certificates preventing AH from talking to ePO server .A mismatched DCRedirect extension if on the master handler.
In order to check for stuck items in datachannel:
select count(*) as count from epoagenthandlerdatachannelwq select * from epoagenthandlerdatachannelwq where Finished is NULL