Showing results for 
Search instead for 
Did you mean: 
Level 8
Report Inappropriate Content
Message 1 of 5

Cannot update the appliance

Hi everybody,

I have weird problem. We have two Mcafee Web Gateways in load-balancing mode and last Tuesday I tried to update both nodes from 8.1.1 version to 8.1.5. The 2nd node updated without a problem. But 1st (main) node was unable to update due to problems accessing the update files. I checked the logs and noticed when the proxy connected to various mirrors, it added the asc extension to the file it wanted to download. Because of that it couldn't find the file on none of the servers.

Here is a part of the log, where you can see the problem:

[2019-08-27 19:04:37 +0200] Trying Proxy Server: 
[2019-08-27 19:04:37 +0200] update started.
[2019-08-27 19:04:37 +0200] Loaded plugins: changelog, fastestmirror
[2019-08-27 19:04:38 +0200] Loading mirror speeds from cached hostfile
[2019-08-27 19:04:38 +0200] * epel:
[2019-08-27 19:04:38 +0200] * mlos-8-gen_release-base:
[2019-08-27 19:04:38 +0200] * mlos-
[2019-08-27 19:04:38 +0200] * mlos-main-gen_release-base:
[2019-08-27 19:04:38 +0200] [Errno 14] HTTPS Error 404 - Not Found
[2019-08-27 19:04:38 +0200] Trying other mirror.
[2019-08-27 19:04:38 +0200] To address this issue please refer to the product documentation.
[2019-08-27 19:04:38 +0200] [Errno 14] HTTPS Error 404 - Not Found
[2019-08-27 19:04:38 +0200] Trying other mirror.
[2019-08-27 19:04:38 +0200] [Errno 14] HTTPS Error 404 - Not Found
[2019-08-27 19:04:38 +0200] Trying other mirror.
[2019-08-27 19:04:38 +0200] [Errno 14] HTTPS Error 404 - Not Found
[2019-08-27 19:04:39 +0200] Trying other mirror.
[2019-08-27 19:04:39 +0200] [Errno 14] HTTPS Error 404 - Not Found
[2019-08-27 19:04:39 +0200] Trying other mirror.
[2019-08-27 19:04:39 +0200] [Errno 14] HTTPS Error 404 - Not Found

MWG wants to download a file called repomd.xml, but it is not found because it adds an asc axtension to it (that kind of file doesn't exist on any of the mirrors (it only exists without the asc extension))

Anybodo knows a solution to the problem?

Thank you in advance, best regards.

4 Replies
Reliable Contributor AaronT
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: Cannot update the appliance

Did you ever find a resolution to this?
Level 8
Report Inappropriate Content
Message 3 of 5

Re: Cannot update the appliance

I apologize for the late reply.

No I didn't. We set up a new MWG appliance and deleted the old one.

Reliable Contributor AaronT
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Cannot update the appliance

In our /etc/yum.repos.d folder, we renamed "epel.repo" and "epel-testing.repo".  Once we did this we were able to successfully upgrade mwg (in our case 8.2.0 to 8.2.3)

Re: Cannot update the appliance

Generally bring a configuration backup. See KB89323 for total steps.
In case you're upgrading from one major edition to another, ensure to allocate one hour for maintenance. Most upgrades take a bit less than fifteen minutes, though the period of time is dependent on the age of your present installed release as well as the target edition.
​Always reboot the system after the upgrade.
Always have some kind of console access, possibly physical or perhaps by DRAC/RMM on the appliance available. This suggestion is if the reboot takes more than expected (for instance, disk check needs user interaction). Furthermore, in case you have to reimage, you are able to utilize the DRAC/RMM cards to mount an ISO picture remotely.

Upgrades in Management that is central Mode If you're updating in Central Management mode, see KB76905 for the most effective methods for dismantling the bunch.
Breaking up the cluster isn't necessary, but McAfee suggests it when there's a distinction in the key version (for instance, 7.5.x as well as 7.6.x). The reason is simply because the newer version is conscious of properties which aren't obtainable in the older version.
Perform the upgrade by eliminating all appliances individually from the Central Management group before you update then upgrade every device individually.
After you've effectively updated all the appliances of yours, add them to the Central Management bunch.
Dismantling is not vital when there are model differences in the same Maintenance or Feature version.
In order to upgrade the appliance program over the nodes associated with a Central Management setup, you are able to conduct the update process out of the user interface of 1 of the nodes. The node will be the final to be updated.

Improvement with a ProxyHA, Transparent Router, or maybe Transparent Bridge bunch If you've the MWG appliance established to be a ProxyHA, Transparent Router, or maybe Transparent Bridge cluster, you are able to make the nodes as well as or maybe you are able to do the following. Leaving the nodes as well as will interrupt traffic; doing the following has little interruption.

NOTE: This strategy concentrates on taking old nodes from program, upgrading them, after which transitioning brand new nodes into service.
Identify a redundant director node or even scanning node that you would like to update. Have a backup prior to beginning as usual.
Get rid of the port redirects under Configuration, Proxies. By taking out the port redirects, this particular node stops getting visitors from the director.
Upgrade the node
When enhanced, add the port redirects again in ( you removed earlier) and so the node start receiving traffic once again Leave as standalone, or add into upgraded cluster.
Right now that the unwanted director node & scanning nodes are enhanced, you are able to up-grade today's director node.
Adjust the goal to be zero or even lower compared to the redundant director. This brand new benefit transitions visitors from the director node on the redundant director node.
Perform actions 1a - 1d mentioned above.
McAfee recommends you do improvement via the command line while using yum command. This approach gives you much more control and exposure in the process. Make certain you've root a chance to access the command line.
In between these actions, McAfee advises confirming that site visitors is passing normally. By doing this you are able to quickly return to the final step. Step 2a is exactly where you may see a problem in case you do not possess a redundant director.

Upgrades in networks with no Internet access The upgrade procedure uses YUM. Yum is a real time update performed by downloading files from McAfee servers. If your appliances don't obtain these servers, you have to do the advances by reimaging to the essential version and also restoring a backup.

Upgrades in FIPS mode
FIPS mode doesn't let you update. You need to reimage the appliance of yours with the necessary version (and once again, select FIPS during the install), after which regain a backup.
NOTE: FIPS backups can't be restored on non FIPS appliances. view publisher site

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community