we have an advanced scenario!
Server====> Router =====> internet =====EEPC machine at remote office
No VPN, no firewall!
We can push applications to the machine, and it talks to ePO perfectly, if we assign a policy relating to the ePO (MFE agent) it works like remove the icon from the sys tray...
When we assign a EEPC ePO pol it does not apply???
any ideas, a prize to the one that can figure this out!!!
any help is much appriciated...
I imagine you have NAT involved somewhere? If the EPO server itself cannot ping the endpoint, then you can't deploy EEPC6 to it. EPO initiates the connection to send user information etc, this won't work if NAT is in the middle.Message was edited by: SafeBoot on 9/9/10 5:18:29 PM EDT
I should add, that you can use EEPC5 in this situation, as connections are initiated from the client, not the server - you probably won't be able to use the "Force Sync" feature of EEM though for the same reason - there's no way for the server to ping the client.
thank you for your response
We have this working with EEPC v 5
We don't have it working with EEPC v 6
If we manually put the MFE agent on the machine, it finds the ePO server on the web and downloads EEPC and installs it perfectly, and the time stamps are updated on the ePO server.
When we push a policy to the machine, it does not encrypt.
same answer - if you have NAT in the middle it's never going to work - the system which retrieves the user info requires EPO to be able to connect back to the client, obviously if the EPO server and client have NAT in the middle, that's never going to be possible. The situation may change with future releases, but that's how it is at the moment AFAIK.
All (known) activation problems are covered in KB68410 though.Message was edited by: SafeBoot on 9/9/10 5:29:28 PM EDT
NAT is not supported, but might work, otherwise this doc would make no sense:
Many client systems can still be managed well if client initiates connections. Like in EEPC 5.x.
Thanks for the response,
This document is correct and it works 100% for ePO agent or McAfee agent traffic, we can do all we want with that product, remove and add icons etc.
What we can't do is apply a policy to EEPC v6 even though the ePO agent is working, no matter what ports we open!
Any bight ideas?
still the same answer - Do you have NAT in between? If so EEPC6 will not work at the moment, no way. Other products will work, EPO will deploy products etc, but you will NEVER get EEPC6.0x to activate if you have NAT in the middle - Does the client appear to have a fixed IP address to the EPO server?Message was edited by: SafeBoot on 9/9/10 7:20:35 PM EDT
it does seem to have a fixed ip on the ePO server yes.
If we change it, it updates on the ePO server.
The thing is if we put the client directly on the internet with a Public address, with no firewall and not NAT it still updates the IP but no pol is updated. ePO traffic still works.
If we put it on the same segment then it starts applying all the pols
there must be some NAT in between then, either that or your firewall is blocking access to AD - you need to make sure SSL and standard LDAP ports are available.