cancel
Showing results for 
Search instead for 
Did you mean: 
oltimator
Level 7

Endpoint Encryption 6.1 - Inactive - User data is missing?

Hello!

The Issuse:

I can't activate EEPC on this Machine! (see Log-File below)

The EEPC System Status console shows the following while the process begins:

1. event "Get all users" created

2. creating PreeBoot Filesystem

3. sending Keys to ePO

4. sending Keys OK

5. activation aborted.

Whats the Problem here?

Here is a User with Similar Issuse! But no Answer... See Post https://community.mcafee.com/message/190495#190495

Some System Informations:

Following Software: ePO4.6, EEPC 6.1.0.248, EEAgent 1.1.0.248, Agent Version 4.5.0.1852

Windows XP SP3 Workstation

(previous EEPC 6.02 and EEAgent uninstalled).

Installation of EEPC 6.10.248 / EEAgent 1.1.0.248 via Task successfully!

Firewall is off, no HIPS Module.

In ePO: Encryption User assigned to Workstation succesfully!

All necessary Policies and Servertasks (EEPC-LDAP-Sync) created and enforced (Wakeup Agent with execute of all Tasks). No Use of Client Certificates!

The McAfee Agent works with no Errors - (i.E. DAT Files are updated correctly).

I've tried the following Things:

KB68602 - Ensure that the user is entered in the format NTDomain\username.  OK!

KB68410 - Verify all Level Checks OK!

Uninstalled, reboot and reinstalled EEPC on the machine OK!

many greetings and thanks for helping

----------------

Here the XP-Machine Log File MfeEpe.log:

2011-06-16 10:20:20,958 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

2011-06-16 10:20:22,723 INFO    EpoPlugin                            enforcePolicy: new policy store created (session 1308208947).

2011-06-16 10:20:24,301 INFO    EpoPlugin                            enforcePolicy: Waiting for OptIn users before enforcing policy.

2011-06-16 10:20:24,348 INFO    EpoState                             Setting enforcement state to TRUE

2011-06-16 10:20:24,348 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

2011-06-16 10:20:24,348 INFO    EpoPlugin                            policyHandler: handling EnforcePolicy event

2011-06-16 10:20:24,364 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers event

2011-06-16 10:20:24,364 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers response

2011-06-16 10:20:24,364 INFO    EpoPlugin                            userHandler: dispatching GetAllUsers event to AgentHandler

2011-06-16 10:23:25,300 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement already in progress, skipping.

2011-06-16 10:23:25,363 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement already in progress, skipping.

2011-06-16 10:24:27,331 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

2011-06-16 10:25:31,237 INFO    EpoPlugin                            userHandler: handling GetAllUsers response

2011-06-16 10:25:31,565 INFO    MfeEpeCoreEncryptionPlugin           --- Activation Begins ---

2011-06-16 10:25:56,909 INFO    MfeEpeKeyServerService               keyServiceHandler: dispatching DC message (EEADMIN_1000_KSSetMachineKeyCmd, CorrelationID=1308208948).

2011-06-16 10:25:56,987 INFO    MfeEpeKeyServerService               keyServiceHandler: dispatching DC message (EEADMIN_1000_KSSetMachineRecoveryKeyCmd, CorrelationID=1308208949).

2011-06-16 10:26:01,034 INFO    MfeEpeKeyServerService               keyServiceHandler: handling ePO response: KSSetMachineKeyAck

2011-06-16 10:26:01,065 INFO    MfeEpeKeyServerService               keyServiceHandler: handling ePO response: KSSetMachineRecoveryKeyAck

2011-06-16 10:26:01,174 WARNING MfeEpeCoreEncryptionPlugin           receive_from_service_first_message_of_type(MfeEpeEncryptionServiceClient, class ns1__ESActivateEncryptionAck) wrong message received:

<?xml version="1.0" encoding="UTF-8"?><MfeEpeMessageList xmlnsSmiley FrustratedOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"xmlnsSmiley FrustratedOAP-ENC="http://schemas.xmlsoap .org/soap/encoding/"x... xsi:type="ns1:ESActivateEncryptionExc">

  <sendTo xsi:type="ns1:MfeEpeAddress" serviceUUID="5145540F-1BA8-4F52-895D-617839C2869E" serviceName="MfeEpeEncryptionServiceClient"></sendTo>

  <from xsi:type="ns1:MfeEpeAddress" serviceUUID="70e77e64-14e4-467d-8d22-775dc78d7c3b" serviceName="MfeEpeEncryptionService"></from>

  <errorId>-301662202</errorId>

  <message>[0xEE050006] Following exceptions were raised when processing user list&#xA;class EPE_user_incosistent_policy_exception: [0xEE050004] User data is missing [F8F3F93FECF9C9459B210F535A54F0F6]: Code :3993305092</message>

</element></MfeEpeMessageList>

2011-06-16 10:26:01,190 WARNING MfeEpeGenEncryptionProviderPlugin    ..\..\..\Src\EpeGenActivationHandler.cpp: EPE_gen_activation_handler::send_activate_exception: 698: [0xEE050006] Following exceptions were raised when processing user list

class EPE_user_incosistent_policy_exception: [0xEE050004] User data is missing [F8F3F93FECF9C9459B210F535A54F0F6]: Code :3993305092

2011-06-16 10:26:01,190 ERROR   EpoPlugin                            userHandler: failed to process batched user data response: [0xEE050006] [0xEE050006] Following exceptions were raised when processing user list

class EPE_user_incosistent_policy_exception: [0xEE050004] User data is missing [F8F3F93FECF9C9459B210F535A54F0F6]: Code :3993305092

2011-06-16 10:26:01,190 INFO    EpoState                             Setting enforcement state to FALSE

2011-06-16 10:26:01,237 INFO    EpoPlugin                            userHandler: handling GetAllUsers response

2011-06-16 10:26:01,237 ERROR   EpoPlugin                            userHandler: failed to process batched user data response: [0xEE000006] No policy store

2011-06-16 10:26:01,252 INFO    EpoState                             Setting enforcement state to FALSE 

Nachricht geändert durch oltimator on 20.06.11 07:35:00 CDT

Nachricht geändert durch oltimator on 20.06.11 08:27:59 CDT
0 Kudos
4 Replies
SCtbe
Level 12

Re: Endpoint Encryption 6.1 - Inactive - User data is missing?

How about policy assignment rules? Have you configured them?

0 Kudos
oltimator
Level 7

Re: Endpoint Encryption 6.1 - Inactive - User data is missing?

Hi SCtbe,

yes, because other machines (in the ame OU for the same encryption users/groups) activate EEPC and encrypt the HD with no problems!

I wouldn't like to install the machine new, because it's a metrological Device installed and this must be installed by the manufacturer

What i do not understand, the old version of ePO (4.5) and EEPC 6.02 had previosly worked well.

I have this problem since installed EEPC6.1 under ePO4.6 - but i can't go back to ePO4.5.

But strange are these two Error Messages:

EPE_user_incosistent_policy_exception: [0xEE050004] User data is missing <-- Users are assigned to this machine!!

userHandler: failed to process batched user data response: [0xEE000006] No policy store <-- Other machines obviously find the policy Store well!!

Thanks for your reply and greetings

Nachricht geändert durch oltimator on 21.06.11 01:01:38 CDT
0 Kudos
whgibbo
Level 12

Re: Endpoint Encryption 6.1 - Inactive - User data is missing?

Hi,

It looks like the machine hasn't received all the user data, for this particular user.  The error message 0xEE050004 should have an ID on on the end of it, this is the user having the problem.

You maybe able to get around this in one of the following ways:

  1. On a different 6.1 client, try logging in as this user (and possibly change the password).  Then ensure that the this machine syncs up with ePO.  Then sync down to the client having the problem.
  2. Remove the user from all machines and re-add it.  I know this is not idea, but will resolve the problem.

Have you raised this with McAfee support, if so do you have a case number ?

0 Kudos
oltimator
Level 7

Re: Endpoint Encryption 6.1 - Inactive - User data is missing?

Hi whgibbo,

i have identified the user becuse of its ID.

...The error message 0xEE050004 should have an ID on on the end of it, this is the user having the problem...

First Step: Change Password - Reactivating EEPC. But no success.

Then added this user to an other machine. The result: Error adding User!

I can't resync this User with any machine!

Break, lets Think...

OK, i erased the User. (in AD)

Wait 10 minutes for AD Domaincontrollers Sync.

Recreated it (in AD).

Wait 10 minutes for AD Domaincontrollers Sync.

Run EEPC-LDAP-Task in ePO.

Now adding the User to the descripted machine.

Run Wake Agent...

And! Yeahhh! It works! The User in Acrive Directory has a problem. EEPC was guiltless!

Thanks for the Tip - Problem solved

0 Kudos