cancel
Showing results for 
Search instead for 
Did you mean: 

Client Install issues

First off,  a little background...

  For about 2 years now,  we have been using a SafeBoot install package built with version 5.1.3 client files, and sent out through SMS.  Once the client software is installed,  machines are moved into proper groups that have a more recent set of client files assigned (5.2.1).  We currently have done this with around 12,000 machines.

Now for the issue...

  The time has finally come to create a new install set using the 5.2.1 client files from the start.  While doing this, I want to include the AutoDomain files into the install set.  I created a new machine group,  selected the AutoDomain and 5.2.1 client file sets, and created the install package.  Before sending it to our packaging team,  I attempted to test the package to make sure everything was as I intended it to be.  Low and behold,  Once the installer runs, the machine will reboot, and then... nothing.  The client will not synch with the server.  A review of the SBClientLog.txt shows an "[5c020004\ Authentication signature not valid" error.  A search through the KnowledgeBase indicates this is a mis-matched client/server SDMCFG.ini file, and sure enough the client SDMCFG shows "Authenticate = yes" and the server SDMCFG file shows "Authenticate = no".   I haven't been able to find a way to create an install set that includes the correct SDMCFG.ini file.

Has anyone else had this issue?  If so, how did you resolve it?

15 Replies

Re: Client Install issues

Add "Remote" database server to the SDMCFG.INI file on the system that you create client install set.

Local database always has authenticate=no, remote databases have authenticate=yes.

Make sure you select Remote database when you create install set.

on 2/22/10 12:17:19 PM EST
Highlighted

Re: Client Install issues

Forgive me if I'm being dense...

   I don't understand why I should have to create another "Remote" database server.  I have 12,000 machines that are able to synch just fine, with the servers that I currently have setup. Why won't my install set use the same servers as my previous install sets?

I checked an existing client that is synching correctly,  and it has "Authenticate" set to no.  So I have clients that have it set to "no", and my server is set to "no", so why do my new installs have it set to yes?

Message was edited by: R3k1awyk5 on 2/22/10 2:15:58 PM GMT-06:00

Re: Client Install issues

Oh no, server that has database on it, runs also database service. That service is your "Remote".

It is just different way of accessing database files. For locally present EEM you can run via local entry in SDMCFG.INI. All remote clients use "remote" access to database. You probably forgot how you set it up initially....

Post client and database server SDMCFG.INI's. It will become clear...

Re: Client Install issues

Server SDMCFG

[Databases]
Database1=eepc.homeoffice.XXXXXXXX.com
Database2=SBFILEDB.DLL
[Database1]
Description=SafeBoot Administration Database
IsLocal=No
Authenticate=No
Port=5555
ServerKey= (Cropped for space)

Authtype=1
SetLocalTime=No
[Defaults]
DatabaseID=1
TokenType=01000000
[Database2]
Description=SafebootDB
IsLocal=Yes
Authenticate=No
DataPath=F:\SafeBoot511\SBAdmin\SafebootDB
SetLocalTime=No

Good Client

[Databases]
Database1=eepc.homeoffice.XXXXXXXX.com
Database2=SBFILEDB.DLL
[Database1]
Description=SafeBoot Administration Database
IsLocal=No
Authenticate=No
Port=5555
ServerKey=

Authtype=1
SetLocalTime=No
[Defaults]
DatabaseID=2
TokenType=01000000
[Database2]
Description=SafebootDB
IsLocal=Yes
Authenticate=No
DataPath=F:\SafeBoot511\SBAdmin\SafebootDB
SetLocalTime=No

Bad Client

[Databases]
Database1=eepc.homeoffice.XXXXXXXX.com
[Database1]
Description=SafeBoot Administration Database
IsLocal=No
Authenticate=Yes
Port=5555
ServerKey= Cropped for space

AuthType=1

Re: Client Install issues

What is "DataPath=F:\SafeBoot511\SBAdmin\SafebootDB" doing in good client?

Does it really point to database? Does it provide file access to database itself?

If it does, then good client accesses databse locally and that is bad.

You should have

[Databases]
Database1=eepc.homeoffice.XXXXXXXX.com
[Database1]
Description=SafeBoot
Administration
Database
IsLocal=No
Authenticate=Yes
Port=5555
ServerKey=<filled>

Extrainfo=<someinfo>

Authtype=1
SetLocalTime=No
[Defaults]
DatabaseID=1
TokenType=01000000

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 7 of 16

Re: Client Install issues

looks like a tinkered-with sdmcfg.ini.

the only legal way to get a local connection in a client side sdm, is if it's an offline install. F:\ etc though sounds like the sdm was copied from an admin system, probably the original file had out of date keys for servers in it (which means more than one server definition was created).

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 8 of 16

Re: Client Install issues

remember when you first started your sbdbserver, it asked you what definition to use?

Well, that's NOT the one you used when you created the install set - to allow the client to talk to the server, the definition the server is using, and the definition the client is using must be the same.

That's all there is to it. 🙂

Re: Client Install issues

SafeBoot --  When I create the install set,  I only have 1 database option to choose from.

Peter_EEPC -- That is the datapath where my database is installed on the server.  Being as the client machine is not a server, or in particular my EEPC server, I don't believe it is accessing the database locally.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 10 of 16

Re: Client Install issues

right click all your server definitions and do "add to databases", then compare the resulting sdmcfg.ini file with a good working client.

when you find the two keys which match, you'll know what server definition you should be using in your install sets.

quite possibly you created a new server, but didnt add them to the connection list, thus when you create installs sets, you are picking an out of date connection strategy.

the create installs set builder uses the definitions in your eem sdmcfg.ini, NOT those from the db. The reason is long and complex.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community