cancel
Showing results for 
Search instead for 
Did you mean: 
epoquito
Level 7

System State - Inactive (6.0.2, KB recommendations applied)

Hello everybody,

I have a problem initiating the encryption in my testing environment and I have few questions regarding this state:

1) Non-compatible products must be in use (encrypting the HDD) to block encrypting the disk by EEPC, or just their presence (they are just installed) is doing so?

2) I have activated the debug logging on the client, but haven't found anything described in KB. I'll attach a few lines I've found interesting

Would appreciate any recommendations I can test.

Thank you

Policy is set and it is being Enforced, but:

2011-3-1 10:28:20,614 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::init: 79: [0xEE120008] no system policy set

Could be unimportant, but I'm pasting it just to make sure I don't miss anything

2011-3-1 10:30:26,12 WARNING MfeEpeGenEncryptionProviderPlugin ..\..\..\Src\EpeGenActivationHandler.cpp: EPE_gen_activation_handler::send_activate_exception: 570: [0xEE000006] NULL pointer

I have one user assigned to the system, but:

2011-3-1 10:29:36,358 WARNING MfeEpeGenEncryptionProviderPlugin ..\..\..\Src\EpeGenActivationHandler.cpp: EPE_gen_activation_handler::send_activate_exception: 570: User list missing from activate command

2011-3-1 10:29:36,358 WARNING MfeEpeCoreEncryptionPlugin receive_from_service_first_message_of_type(MfeEpeEncryptionServiceClient, class ns1__ESActivateEncryptionAck) wrong message received:

<?xml version="1.0" encoding="UTF-8"?><MfeEpeMessageList xmlnsSmiley FrustratedOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"xmlnsSmiley FrustratedOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:ns1=""xsi:type="ns1:MfeEpeMessageList"><element xsi:type="ns1:ESActivateEncryptionExc"><sendTo xsi:type="ns1:MfeEpeAddress" serviceUUID="5145540F-1BA8-4F52-895D-617839C2869E" serviceName="MfeEpeEncryptionServiceClient"></sendTo><from xsi:type="ns1:MfeEpeAddress" serviceUUID="70e77e64-14e4-467d-8d22-775dc78d7c3b" serviceName="MfeEpeEncryptionService"></from><errorId>-301924336</errorId><message>User list missing from activate command</message></element></MfeEpeMessageList>

0 Kudos
7 Replies
epoquito
Level 7

System State - Inactive (6.0.2, KB recommendations applied)

Testing systems are:

- Windows 7 x64

- Windows XP SP3

Some new pieces of infromation after going through other similar discussions:

- checked my settings against recommendations in "Unofficial Quickstart Guide for McAfee EEPC v6 Patch 1" and everything seems ok

- tried Autoboot policy, didn't help

- tried without firewall and checked the direct ePO -> Agent connection on WakeUp port - went smoothly

Any ideas what to try would be helpful.

ps: I have HP protect tools installed, but don't use them for encryption and the debug log didn't mention anything regarding incompatible product

0 Kudos
SafeBoot
Level 21

System State - Inactive (6.0.2, KB recommendations applied)

I think this indicates that you did not assign any users to the machine? You say you did, but maybe that one user has a problem - maybe they are disabled, or the AD sync could not find them? Maybe assign a group, or a few more and see what happens?

for help reading those pesky logs, I posted a couple of tools a while ago - http://simonhunt.wordpress.com/2010/02/17/livelog-interactive-near-real-time-log-monitor/  and http://simonhunt.wordpress.com/2010/02/17/epe-log-reader-for-mcafee-endpoint-encryption-v6/

The latter is probably the most useful if you have the log saved already.

0 Kudos
epoquito
Level 7

System State - Inactive (6.0.2, KB recommendations applied)

Thank you for the logtools.

I've tried to assign whole OU or group, ran the EEPC LDAP synchro task and made a few ASCIs and reboots on the client, but no result at all. I still have the autoboot policy, therefore I don't expect the assigned users to be that important, but it was worth a try.

Another quite interesting warning + error in the log:

2011-3-1 15:37:10,643 WARNING MfeEpeCoreEncryptionPlugin receive_from_service_first_message_of_type(MfeEpeEncryptionServiceClient, class ns1__ESGetSystemInfoRsp) wrong message received:

<?xml version="1.0" encoding="UTF-8"?><MfeEpeMessageList xmlnsSmiley FrustratedOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"xmlnsSmiley FrustratedOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:ns1=""xsi:type="ns1:MfeEpeMessageList"><element xsi:type="ns1:ESActivateEncryptionExc"><sendTo xsi:type="ns1:MfeEpeAddress" serviceUUID="5145540F-1BA8-4F52-895D-617839C2869E" serviceName="MfeEpeEncryptionServiceClient"></sendTo><from xsi:type="ns1:MfeEpeAddress" serviceUUID="70e77e64-14e4-467d-8d22-775dc78d7c3b" serviceName="MfeEpeEncryptionService"></from><errorId>-301989882</errorId><message>[0xEE000006] NULL pointer</message></element></MfeEpeMessageList>

2011-3-1 15:37:10,643 ERROR MfeEpeCoreEncryptionPlugin [0xEE000004] Failed to receive

These codes are described in KB as:

0xEE000006 Invalid parameter encoding.

0xEE000004 Internal agent communications error.

Any further clue?

0 Kudos
SafeBoot
Level 21

Re: System State - Inactive (6.0.2, KB recommendations applied)

are you trying to activate with an agent handler inbetween the client and EPO? The client needs a direct connection, no NAT, No agent handler in the middle etc...

https://kc.mcafee.com/corporate/index?page=content&id=KB68410&actp=search&viewlocale=en_US&searchid=...

Message was edited by: SafeBoot on 3/1/11 10:46:24 AM EST
0 Kudos
epoquito
Level 7

System State - Inactive (6.0.2, KB recommendations applied)

I'm on the same LAN as the ePO server. I've verified direct connection on port 8081 to the agent, works smoothly.

0 Kudos
epoquito
Level 7

Re: System State - Inactive (6.0.2, KB recommendations applied)

Thanks for helping sofar. I've investigated client events and there is a strange one, which I guess could be the reason.

Event ID:30022
Severity:Critical
Product Code:EEADMIN_1000
Error Code :Endpoint Encryption - User Update Error


Message:java.net.ConnectException: Failed to connect to LDAP server controller.domain.com
User:CN=test,CN=Users,DC=domain,DC=com

I would expect such problem on the server (ePO) side, not on the client. Is there a paper on what communication needs to be done on the client? This seems to me, that the Encryption Agent wants to verify something directly on the LDAP server.

I sniffed the traffic to the domain controller and encountered this problem:

DCERPC    Bind_ack: call_id: 2 Unknown result (3), reason: Abstract syntax not supported

Could this be a problem with supported authentication methods on RPC? Im trying to tune it right now and will give additional feedback asap.

Edit: lowering the NTLM restrictions didn't help, that was my only idea. Same issue seems to happen on Windows XP, that should authenticate against Windows 2003 Server (which is my testing OS) without problems.

Message was edited by: epoquito on 3/2/11 3:49:06 AM CST
0 Kudos
epoquito
Level 7

Re: System State - Inactive (6.0.2, KB recommendations applied)

Hi everybody,

issue solved. The RPC call wasn't originating at the EEPC, it is a DLP communication, it was a wrong way.

Problem was in encrypted authentication of ePO to AD. It seems like AD requested client certificate from the ePO and it ended up with some minor problems, that I found in orion.log. After disabling the SSL on the LDAP connection everything works like a charm. Keeping eye on the EEPC client events was a key to the success.

I'm playing with policies, themes, recovery process etc. at the moment and it is a great piece of software. Good job there, guyz, keep it up!

0 Kudos