cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 11 of 17

Re: Deployment failing

Jump to solution

To add more details.

Desktops and Servers with existing ENS installs are updating fine with the newer versions.

Those without, still only install the Agent and not ENS.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 17

Re: Deployment failing

Jump to solution

For those systems, check through this to determine if it is agent or point product failure.

https://community.mcafee.com/t5/ePolicy-Orchestrator-ePO/SOLVED-HOW-TO-TROUBLESHOOT-CLIENT-UPDATE-DE...

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Former Member
Not applicable
Report Inappropriate Content
Message 13 of 17

Re: Deployment failing

Jump to solution

Any ideas if they've been able to find a fix?

I attached the latest logs.

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 14 of 17

Re: Deployment failing

Jump to solution

* Check Windows Defender has to be at a certain LEVEL and DAT before you can deploy ENS

* Check Certificates from OS like "USERTRUST" etc. 

* Check Certificate Revocation open to WAN/Internet from OS

Greetings from Switzerland

 

Former Member
Not applicable
Report Inappropriate Content
Message 15 of 17

Re: Deployment failing

Jump to solution

Thanks.

Defender is up to date.

Would you know of how to check certificates?

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 16 of 17

Re: Deployment failing

Jump to solution

Here we go:

 

How to update your root certificate authorities for McAfee product installation/upgrade success

 

Import the certificates needed to validate the digital signatures before you install or upgrade the products:

  • Install the missing root certificates in the physical Third-Party Trusted Root Certification Authorities store. Specifically, AAA Certificate Services, AddTrust External CA Root, GlobalSign, GlobalSign Root CA, Microsoft Code Verification Root, USERTrust RSA Certification Authority, UTN-USERFirst-Object, Verisign Class 3 Public Primary Certification Authority - G5, and Verisign Universal Root Certification Authority.
  • Install the missing Intermediate Certification Authorities certificates in the physical Intermediate Certification Authorities store. Specifically, AddTrust External CA Root, COMODO RSA Code Signing CA, GlobalSign, GlobalSign CodeSigning CA - G3, GlobalSign CodeSigning CA - SHA256 - G3, GlobalSign Root CA, McAfee Code Signing CA 2, McAfee OV SSL CA 2, USERTrust RSA Certification Authority (2028), and Verisign Class 3 Code Signing 2010 CA.
Option 1: Install the certificates using Active Directory group policy
McAfee recommends that you install the certificates using Active Directory group policy for wide deployment. For information about how to deploy registry changes using group policy, see the Microsoft article at: https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx.

Deploy the registry change for the Computer policy, not the User policy. For example instructions on adding a certificate using group policy, see: KB92948 - How to determine if a system has an updated root certificate.

Option 2: Install the certificates directly on the system
If you have a single system or only a few systems, you can use the following files to install the certificates directly on the system. You can also remotely install them using any appropriate administrative deployment method.

To install the certificates, perform one of the following:
  • Download the file USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.bat.txt in the Attachment section of this article. Rename the file to USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.bat and run it.
    OR
  • Download the file USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.reg.txt in the Attachment section of this article. Rename the file to USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.reg and import it.
  •  
Former Member
Not applicable
Report Inappropriate Content
Message 17 of 17

Re: Deployment failing

Jump to solution

I was able to test systems as well as the one with the issue, and they are all showing NEW_CERT and having the certificate.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community