Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 3

NAC Scan failed script error benchmark

Hi evreybody !

I use McAfee NAC 3.2 ( with EPO 4.5 (patch 3).

The implementation of our ePO server consists of two separate clusters, one for the application server and the other for the database, for a total of four separate servers that are actually four virtual machines vmare.

Earlier this month we began the deploy nac windows client about 2000 targets, which have the agent 4.5-4.6 and virusscan 8.8-8.7.

Installation from consoles (EPO deployment tasks) is successful and the NAC client scans occur regularly, while in epo console with various queries we analyze the state of health restored by NAC. The initial helath policy, audit-only mode, provides through four distinct benchmarks, control of virus signatures, version v, the state of the access scanner and the presence of the ms KB958644.

All is right.
We then proceeded to install the client in other nac 3000 target and we realized that these machines even if the client has installed nac (pa 5.2 agent as early as 2000), does not really work, and scanning does not return any results (on target -->show nac status --> The requested systems do not have a Network Access Control status), or new clients are detected in any of the queries for the nac, nac summary for example.
Instead, if the target filter system in the root directory of the tree epo, the client nac is present in more than 5000 targets.

In the log paagent.log the Program Files \ McAfee \ MNAC scanner \ Engine \ windows client of any nac not working with the error appears

2011-Jan-14 12:25:24 XCCDFProcessor INFO: Call to
2011-Jan-14 12:25:24 INFO AuditEngine: ContentDatabase:: open ()
2011-Jan-14 12:25:24 AuditEngine ERROR: 3 Error Preparing statements created: no such table: Benchmark
2011-Jan-14 12:25:24 INFO XCCDFProcessor: Error getting benchmarks for-9E06-4A05-C5B8FD84 B35F-062A6FFCBC55

The recognition of this error mcafee kb stating to do the Update Engine McAfee Content Audit to the most recent release for the Both Policy Auditor Server and Agents.
We performed this update on the server (Audit Engine Content 1071 and Findings Content 1007 ) and some clients, but the situation does not change and the NAC will not correctly scanned.

We tried, without success, to reinstall the client nac, epo agent, we tried to redo the benchmarks in various modes and the initial health policy too, but the 3000 NAC client does not function while the first 2000 work well.

I noticed that the log of Scanner_out.log Program Files \ McAfee \ MNAC scanner any more windows client not working with NAC appears at the beginning this' error:

12-28-11 14:30:02,110 [3748] DEBUG Scanner <> - Reloading configuration for Scanner Service.
12-28-11 14:30:02,141 [3748] WARN Scanner.ServerCom <> - SSLKeysException while loading keys from keystore: Failure reading keystore:: Could not find object or property.
12-28-11 14:30:02,563 [3748] DEBUG Scanner.ServerCom <> - Loading DLL agent utility
12-28-11 14:30:02,906 [3748] Scanner.ServerCom ERROR <> - Unable to query key value for Agent: Can not find the file specified.
12-28-11 14:30:02,906 [3748] WARN Scanner.ServerCom <> - Unable to generate cert request headers to authenticate. Cert request will be attemped later.

and then

12-28-11 14:30:17,843 [3188] INFO Scanner.ScanEngine <> - **** Completed PAStartScan ...
12-28-11 14:30:17,843 [3188] Scanner.ScanEngine ERROR <> - PAStartScan returned error: 5: Scan Has Been Canceled calculated previously.
12-28-11 14:30:17,843 [3188] DEBUG Scanner.ScannerComm.Enforcement <> - Complete remediation called: 0
12-28-11 14:30:17,843 [3188] DEBUG Scanner.ScannerComm.Enforcement <> - Called NAPSHA_remediation, rpending: 0
12-28-11 14:30:17,843 [3188] DEBUG Scanner.ScanEngine <> - results: Scan Results -
Id: -1
Health Level: 0
Next Scan: 2011-12-29T14: 30:17.000 +01:00

What can you do?

Happy new year to evreybody


2 Replies
Level 7
Report Inappropriate Content
Message 2 of 3

Re: NAC Scan failed script error benchmark


happy New Year to all

I will add that in 3000 nac faulty clients, in the path C:\Program Files\McAfee\MNAC Scanner\Engine is only the folder "scheme", while in the NAC client that

work well, there are other folders with a weird name like that 406DD054-B769-4978-A840-2515598D1A49299 (that correspond to the benchmark I think).

I think for some reason the client nac since its installation has not received the benchmarks by which to operate, but I do not understand what the underlying


Best regard

Level 7
Report Inappropriate Content
Message 3 of 3

Re: NAC Scan failed script error benchmark


well I think I understand why the client nac 3.2.0 does not work.

I think this sw is not compatible with ePO agents 4.6 (but is compatible with previous versions 4.0 and 4.5).

I did some tests on.
I installed the client nac 3.2.0 on a machine that has the epo agent 4.6, but the NAC client does not work at all (even if the installation is successful). If you install the client nac 3.2.0 on a machine that has the epo agent 4.5, the NAC works correctly (and it seems to continue to work even if you upgrade in the same machine the epo agent to version 4.6).
To confirm this, McAfee has released version 3.2.1 of the NAC, which I tested in a virtual environment, finding the proper functioning of the NAC client on a system with epo agent 4.6.

Unfortunately any documents of his kb, nor any product manual, or release notes, mcafee declares the incompatibility between the

epo agent 4.6 and nac client 3.2.0.

Also in the readme file nec 3.2.1 says "The McAfee Network Access Control ® patch release 3.2.1 is compatible with ePolicy Orchestrator 4.6 on all platforms."

Best regard

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community