cancel
Showing results for 
Search instead for 
Did you mean: 

Scripting component

Hi all,

I've run into a problem when running the following command:

"sbadmcl.exe -command:GetMachineKey -group:*"

When run it produces the following output:

>>> Connecting to "servername"

>>> Logging on to the database as "username"

>>> Logon successful

>>> Group "groupname"

>>> Machine "machinename0001"

>>> Getting key..

>>> Machine "machinename0002"

>>> Getting key..

>>> Machine "machinename0003"

>>> Getting key..

>>> Machine "machinename0004"

>>> Getting key..

When I perform the command on a single entity like machinename0001, I received the expected output as displayed in the scripting guide.  The -group:* method simply displays "getting key..." and then moves on without displaying data.  I'd love to get this to work via the command line.  Any ideas?

Thanks!

8 Replies
Highlighted

Re: Scripting component

I tested the same command in my test environment and it worked for me....


It shows key information at last in "Command Result" before then it show exactly what you have shown above.. once it go through all machines in all group and finish the task it show keys of all machine in Command result"

See below output..

McAfee Endpoint Encryption Scripting Tool

Copyright ⌐ 1991-2010 McAfee, Inc. All Rights Reserved.

Executable version : 5.2.6.0

DLL version        : 5.2.6.11

>>> Connecting to "McAfee Endpoint Encryption Database"

>>> Logging on to the database as "sbadmin"

>>> Logon successful

>>> Group "SafeBoot Machines"

>>> Machine "TESTING-PCSB"

>>> Getting key..

>>> Machine "TESTING-PCSB0001"

>>> Getting key..

>>> Machine "66464"

>>> Getting key..

>>> No key found for machine 00000003

Connection result:

ResultCode = 0x00000000

ResultDescription = The operation completed successfully.

Command result:

Command = getmachinekey

ResultCode = 0x00000000

ResultDescription = The operation completed successfully.

Machine(Name=TESTING-PCSB, ID=00000001, NetworkName=TESTING-PCSB)

  Key(Size=128) = A2A9DFAF915DA0E1B7D69D9FA60CEFC33ED42C1CA830CC254F69BB064C08AD8A1D70FD57BEB2881FFC2E8B602D620CD728D95324B61F7EB06557366B48C69E927FEE4B08AFFA2F65862D117AAD04C1C31743612A21660C4F1ADD76BB2DE86E4B047C9D090D7BE40F0A7C147A9DE11FDE6A9C9AE408CA9EC392B6F6C7825A04E1

  ConfigEncryption

    Drive(Letter=c:, DiskNumber=0, PartitionNumber=1) = Partial

  ActualEncryption

    Drive(Letter=c:, DiskNumber=0, PartitionNumber=1) = Partial

Machine(Name=TESTING-PCSB0001, ID=00000002, NetworkName=TESTING-PCSB)

  Key(Size=128) = A2A9DFAF915DA0E1B7D69D9FA60CEFC33ED42C1CA830CC254F69BB064C08AD8A1D70FD57BEB2881FFC2E8B602D620CD728D95324B61F7EB06557366B48C69E927FEE4B08AFFA2F65862D117AAD04C1C31743612A21660C4F1ADD76BB2DE86E4B047C9D090D7BE40F0A7C147A9DE11FDE6A9C9AE408CA9EC392B6F6C7825A04E1

  ConfigEncryption

    Drive(Letter=c:, DiskNumber=0, PartitionNumber=0) = Partial

  ActualEncryption

    Drive(Letter=c:, DiskNumber=0, PartitionNumber=0) = Partial

Machine(Name=66464, ID=00000003)

  ConfigEncryption

    Drive(Letter=c:) = Partial

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 3 of 9

Re: Scripting component

Works for me as well Andrew. What's the full command line you are running?

Re: Scripting component

Thanks for the responses.  This is the command syntax I was using.

C:\>sbadmcl.exe -command:getmachinekey -group:* -adminuser:xxxxx -adminauth:xxxxx > filename.txt

After reading that it worked for both of you, I did a little more research on other commands where -group is a valid option.  When I ran those commands, such as GetLastCheckinDate, the scripts stopped upon reaching a certain key entry.  Or to be more clear, the script reaches a specific machine name/ID in the database and the script quits.  I'm sensing corruption in the database...but I'm just not sure what next steps should be to test my theory. 

Thoughts?

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 5 of 9

Re: Scripting component

Add a -help at the end. You are missing a parameter to define where to save the results.

They are not output to stdio, they are written to a file, but you didn't tell it what file.

Re: Scripting component

Are you referencing the -xferdb option for GetMachineKey?  If so, I'm not sure I understand how the -xferdb command will help in this instance since a redirect of output is all I require?  If not, please explain what I'm missing?

In my case, we have determined that all scripting commands that use the -group:* option fail when the reach a certain DB entry. 

Thanks again for the help.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 7 of 9

Re: Scripting component

my mistake - I'm so used to using the COM version I thought there was a -file parameter you needed to set.

You are right though, the api will abort on error, so if you have a bad object you need to clean that out first.

Can I ask why you want to dump all the keys for all the machines though? I hope you're going to keep that information VERY secure 😉

Re: Scripting component

No problema,

So logically should I be looking for corruption on the next object ID over the whole database or the next object ID in the current group that is being enumerated? 

What are they keys for anyhow? (just joking!)

Honestly I'm just doing data dumping to manipulate with Perl(because I can't figure out how to use the COM object with Perl).  I will probably be able to grab the data I want using other commands and will not require the keys to be dumped.  One Use Case for this is being able to wrap some logic around creating a list of entries to be removed for key/license recovery.  There are more, but this is an example.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

Re: Scripting component

yes, the next item in the current group should be the issue.

cleanupmachinegroup is probably your friend here.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community