cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
ewas
Level 8
Report Inappropriate Content
Message 1 of 4

Odd Question

Hello All,

 

Recently I have seen a number of my encrypted Windows 10 1703 (MFE DE 7.2.7.7-I'm in the process of moving these system to another server that will have 7.2.9, but I didn't see nor am I confident that this will resolve this particular issue) systems have issues with logging in. They are configured to not use PBA by policy and I've verified that it hasn't been changed. But I cannot figure out what or why this continues to happen.  Has anyone come across this? All that I see are entries in the Mfeepe.log such as: 

019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to subscribe to data channel item EEADMIN_1000_AddDomainUsersRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_AddDomainUsersRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_GetAllUsersRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_GetAllOptInUsersRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_UserUpdatesAndAcknowledgementRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_AssignUsersRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_AddDomainUsersExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_GetAllUsersExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_GetAllOptInUsersExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_UserUpdatesAndAcknowledgementExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_AssignUsersExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_KSSetMachineKeyAck: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_KSSetMachineKeyExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_KSSetMachineRecoveryKeyAck: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_KSSetMachineRecoveryKeyExc: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_KSGetMachineKeyRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.
2019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to unsubscribe from data channel item EEADMIN_1000_KSGetMachineKeyExc: Unexpected IPC error. Please ensure MA/Point Product service is running.

 

As a result, an administrative recovery has to be done.  Has anyone come across this issue and if so how was is resolved? 

3 Replies

Re: Odd Question

When you transferred your systems to the new ePO server, did you decrypt the system on the old ePO prior to migration?

MDE stores the keys on the local ePO server when it gets encrypted, so before you transfer the systems you will need to decrypt then migrate, then encrypt on the new ePO server.  Keys are good for 160 days without communication to ePO, so what happens is when you migrate, 160 days go by and then you see this in the logs:

 019-07-29 18:08:39,677 ERROR MfeEpeServiceLPCServer Unable to subscribe to data channel item EEADMIN_1000_AddDomainUsersRsp: Unexpected IPC error. Please ensure MA/Point Product service is running.

 

The fix is to remove the MA and deploy the MA from the old ePO, then have it communicate with collect and send props. Then decrypt the drive. Remove the older ePO MA, install new ePO MA, encrypt. This will store the keys on the new ePO server.

Scott Culbertson
McAfee Professional Services
McAfee Certified Product Specialist - ePO, DLPe, ENS
ewas
Level 8
Report Inappropriate Content
Message 3 of 4

Re: Odd Question

Hello, thank you for the response.  I haven't moved these systems yet.  Since this last post, I am having occurrences of systems with AutoBoot enabled that are having to have administrative recovery tasks run against them after reboots (Windows Patches). At first I thought that there was a sync issue, but I don't believe that this is the case.  I enabled the allow temporary allow autoboot option in addition to having the overall policy reflect that my systems will be encrypted and function under AutoBoot, but I still having frequent prompts for PBA. I looked into this further and discovered that these appear happen on Dell 7480 and 7490s that are using Samsung SSD (PM781b) drives.  I've updated the BIOS-initially the systems were on BIOS 1.5.1 and they are now on a more current version.  But I also noticed that Secure Boot was disabled on some of these systems that are having PBA prompts after reboots.  Has anyone come across this issue or is there any correlation with having Secure Boot disabled and it working with Drive Encryption?  I know that some of the Windows patches deal with upgrading the Secure Boot features and I am wondering if this could be the case of the PBA prompts in a SSU is applied before a reboot is done. 

sbalamur McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Odd Question

@ewas

Thank you for choosing McAfee Support Community.

So far we haven't encountered such scenario "PBA prompts even after Autoboot is enabled". Can you confirm that Policy name that you can see on "Save machine info log" in endpoint and ePO is same and also check the Autoboot status on the same log.

Was my reply helpful?If you find this post useful, Please give it a Kudos!

Please don't forget to select "Accept as a solution" in my reply and together we can help other members?

Regards
Subramanian B
McAfee Employee
Want to Ask a Question?
Many members like to perform a search first in case other customers have already asked and answered a similar question. However, to ask a question, first select a forum then click on Post a Topic. You must sign in or log in with your existing credentials.

McAfee Service Portal customers please use your existing username and password to log into the community.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community