cancel
Showing results for 
Search instead for 
Did you mean: 
whgibbo
Level 12

Re: Encyption users disappearing and "Unknown user" at pre-boot

Hi,
Thanks for responding.. 
Could you please clarify if you the following scheduled task ‘Inactive Agent Cleanup Task’  is enabled?

If so, could you please provide the settings.

If the machine is deleted from ePO:

  • Then any users assignments specifically assigned to the machine will be removed.
  • If the user is not used by any other machine or branch in ePO, then any user data will also been removed.

Thanks

0 Kudos
jsiergiej
Level 9

Re: Encyption users disappearing and "Unknown user" at pre-boot

The task is not enabled and its status is "Task has never run".

0 Kudos
whgibbo
Level 12

Re: Encyption users disappearing and "Unknown user" at pre-boot

Ok, that rules that one out...

What is the frequency that the users are being removed from the machine ?

Could you please send me your orion.log file in a private message and I will have a look at it for you.  I may now see anything, as the orion.log files are rolled over.

Have you opened a support ticket for this issue, if so could you please send that to me in a private message as well..

0 Kudos
jsiergiej
Level 9

Re: Encyption users disappearing and "Unknown user" at pre-boot

The users are removed at random.  Like I said, I had this occur 3 times over the past month to 3 separate users (1 time per user).  So its not an everyday thing and is not affecting the same user, at least not yet.

Where is the orion log located?

Message was edited by: jsiergiej on 5/26/11 7:27:00 AM CDT
0 Kudos
whgibbo
Level 12

Re: Encyption users disappearing and "Unknown user" at pre-boot

Hi,

The orion.log is on the ser ver under <ePO installed folder>\server\logs.

Sorry one more question..  The users that are being removed, were they added as part of a LDAP OU/GROUP with recursion ?

Thanks

0 Kudos
whgibbo
Level 12

Re: Encyption users disappearing and "Unknown user" at pre-boot

Hi jsiergiej,

Did you manage to resolve you problem ?

Many thanks

0 Kudos
rmnetops
Level 7

Re: Encyption users disappearing and "Unknown user" at pre-boot

Glad to know we are not crazy. We have seen this too.

Message was edited by: rmnetops on 8/10/11 2:46:51 PM CDT
0 Kudos
rmnetops
Level 7

Re: Encyption users disappearing and "Unknown user" at pre-boot

We think we have this issue figured out, at least in our environment. It is related to the laptop computer object in EPO having the same MAC address as another laptop, because the agent at one time was installed while connected to the VPN (where clients may share the same MAC address). It will keep clobbering the user assignment on an EPO machine object, creating this problem.

Environment

McAfee Agent 4.6 (I added this because the tech did say it's an issue in 4.6 as well)

McAfee Agent 4.5

McAfee Agent 4.0
McAfee ePolicy Orchestrator 4.x

For details of all supported operating systems, see KB51109.

Problem

When a new computer is added to the ePolicy Orchestrator (ePO) tree another computer disappears.

The common factor is that this happens with computers that connect via a Virtual Private Network (VPN).

Cause

This problem will be encountered only when the first connection from a client computer to the ePO server takes place over a VPN connection. If the computer's first connection is via a Local Area Network (LAN), the correct Media Access Control (MAC) address is added to the table.

When a computer communicates with the ePO server via VPN, it uses the VPN virtual computer's MAC address and not its own actual MAC address. This VPN MAC address is usually the same for all computers connecting through the VPN.

This issue is not restricted only to VPN clients. Anything that could cause multiple computers to report the same MAC could cause this problem. For example, if you clone a virtual machine and do not reset the MAC address, both computers would report the same MAC address to ePO.

Solution 1

To avoid this issue, when adding a new computer to ePO Server, ensure that the first connection occurs via a LAN and not via VPN.

Solution 2

To resolve the issue if the computers have already connected via a VPN, create a new entry in the ePOVirtualMacVendor table with the Organization Unique Identifier (OUI) which is part of the VPN MAC address.

Step 1 - Determine the VPN MAC address to add to the ePO VendorID field.

The best way to obtain the VPN MAC address is to identify a computer that has connected to the ePO Server for the first time via VPN and removed the previous computer.

  1. From the client computer, use the agent Status Monitor to Collect and Send Props.
  2. Log on to the ePO console.
  3. Click Systems.
  4. Click the System Tree.
  5. Locate the computer that has connected via VPN.
  6. Double-click on the computer to view its properties.
  7. To the right of System Information, click More. This displays the VPN MAC address collected from the client.
  8. Scroll down and locate the MAC Address. Make a note of the first six digits of this MAC address in the next step. (Example: 00123F21ECED)

If you are unable to identify a computer using the virtual MAC, you can author a report to identify the computers:

  1. Log on to the ePO 4.x console.
  2. Click Menu, Reporting, Queries.
  3. Click New Query.
  4. Click System Management, Managed Systems and click Next.
  5. Select Single Group Summary Table for Display Results As.
  6. In the Labels Are: drop down, select MAC Address under Computer Properties and click Next.
  7. Click Managed State under Managed Systems, select Equals from Comparison drop-down and select Managed from Value drop-down.
  8. Click Run.

You should have a list of MAC addresses with a count of the number of systems reporting that MAC address. Ideally it would be a 1-to-1 ratio. If you have more than 1 system sharing the same MAC address, then that is probably your issue.


Step 2
- Modify the SQL script to add the computer to the tree.

NOTE: See KB56429 for how to run SQL scripts provided by McAfee Support using OSQL for ePO.

Use the SQL command syntax below to add the computer to the tree:

INSERT INTO ePOVirtualMacVendor (VendorID) values ('######')
Where: ###### is the first 6 digits of the VPN MAC address collected from the client.

Example: For a system with 00123F as the first six digits of the MAC address obtained in Step 1:

INSERT INTO ePOVirtualMacVendor (VendorID) values ('00123F')

Previous Document ID

615809

on 8/10/11 2:50:44 PM CDT

Message was edited by: rmnetops on 9/9/11 1:39:16 PM CDT
0 Kudos