cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ASCI fails after renaming workstation when "User Based Policy" is assigned to a local account

Server: ePO 4.6.4

Workstation: Dell Latitude E6230, Windows 7 Enterprise SP1

Installed Products:    

McAfee Agent 4.6.0.3122,

Data Loss Prevention 9.2.200.56,

Endpoint Encryption for Files and Folders 4.1.1.150,

McAfee ePO Deep Command Detection Plugin 1.0.0.329,

Product Coverage Reports 4.8.0.887,

VirusScan Enterprise 8.8.0.975.Wrk

After renaming workstation, agent communication fails. The Agent_<workstation_name>.log contains entries similar to the following:

2013-07-14 16:18:01    i    #2288    Agent    Agent communication session started

2013-07-14 16:18:01    i    #2288    Agent    Agent is sending INC PROPS package to ePO server

2013-07-14 16:18:01    i    #2288    Agent    Agent is connecting to ePO server

2013-07-14 16:18:02    I    #2288    imutils    Trying with site: xxx.xxx.xxx.xxx:800

2013-07-14 16:18:02    I    #2288    naInet    HTTP Session initialized

2013-07-14 16:18:02    I    #2288    imsite        Upload from: C:\ProgramData\McAfee\Common Framework\Unpack\pkg00130182778810720000_1107612698.spkg

2013-07-14 16:18:02    I    #2288    imsite        Upload response target: C:\ProgramData\McAfee\Common Framework\Unpack\pkg00130182778817430000_1286549877.spkg

2013-07-14 16:18:10    I    #2288    naInet    failed to receive package..server is busy

2013-07-14 16:18:10    I    #2288    imsite    NaInet library returned code == 12

2013-07-14 16:18:10    I    #2288    naInet    HTTP Session closed

2013-07-14 16:18:10    e    #2288    Agent    Agent failed to communicate with ePO Server

2013-07-14 16:18:10    i    #2288    Agent    Agent communication session closed

2013-07-14 16:18:10    I    #2288    Agent    Agent communication failed, result=-2400

2013-07-14 16:18:10    I    #2288    Agent    Exponential retry in 120 seconds, error=-2400(Unable to connect to ePO Server)

2013-07-14 16:18:10    i    #2288    Agent    Agent will connect to the ePO Server in 2 minutes and 0 seconds.

The corresponding ePO server server.log contains entries similar to following:

20130714161840    X    #04128    EPOLDAP     Connected to LDap session 0x0db3d164

20130714161840    I    #04128    EPOLDAP     Connected to Server 'xxx.xxx.xxx.xxx' resolved from 'xxx.xxx.xxx.xxx'

20130714161841    I    #04128    EPOLDAP     Binding user msk-lo\sql4epo to ldap succeeded

20130714161841    X    #04128    EPOLDAP     LDAP search pages complete, 1 items found for search 'objectClass=*'

20130714161841    X    #04128    EPOLDAP     LDAP search pages complete, 0 items found for search '(servicePrincipalName=LDAP/*/dhmwjx1)'

20130714161841    X    #04128    EPOLDAP     Unbinding from LDap session 0x0db3d164

20130714161841    X    #04128    EPOLDAP     Initialized LDap session 0x0db3d164

20130714161841    X    #04128    EPOLDAP     Connected to LDap session 0x0db3d164

20130714161841    I    #04128    EPOLDAP     Connected to Server 'xxx.xxx.xxx.xxx' resolved from 'xxx.xxx.xxx.xxx'

20130714161841    E    #04128    EPOLDAP     Bind failed, error = Invalid Credentials (49), user DOMAIN\admin_x, server xxx.xxx.xxx.xxx, port 389

20130714161841    X    #04128    EPOLDAP     Unbinding from LDap session 0x0db3d164

20130714161841    X    #04128    EPOLDAP     Failed to get LDAP login information for domain {OLD NAME WOKRSTATION} (2).

20130714161841    E    #04128    NAIMSRV     There was a failure when getting the ldap server.  Failing asci (2)

20130714161841    E    #04128    NAIMSRV     Failed to generate policy for user {OLD NAME WOKRSTATION}\administrator, error 0x80140066

20130714161841    X    #04128    NAIMSRV     Rule Based Policies took 4 seconds (4313 ms) to process

20130714161841    E    #04128    NAIMSRV     Failed to process props response for agent {NEW NAME WOKRSTATION}

20130714161841    E    #04128    NAIMSRV     Failed to process agent request

20130714161841    X    #04128    mod_epo     epo request processed, rc=503, session ID=844686, session time=4328ms

p.s. Just found -

User admin_x - disabled in AD

Message was edited by: konovalovgy on 7/14/13 7:45:45 AM CDT

Agent_<workstation name>_error.log:

2013-07-15 09:24:11.152    E    #2944    Util    Error trace:

2013-07-15 09:24:11.152    E    #2944    Cmalib     [Add CMA to Windows Firewall]->

2013-07-15 09:24:11.152    E    #2944    Util     [CoCreateInstance,{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}]->

2013-07-15 09:24:11.152    E    #2944    Util      error -2147023143: There are no more endpoints available from the endpoint mapper.

2013-07-15 09:24:11.152    E    #2944    Util    Error trace:

2013-07-15 09:24:11.152    E    #2944    Cmalib     [Add CMA to Windows Firewall]->

2013-07-15 09:24:11.152    E    #2944    Util     [CoCreateInstance,{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}]->

2013-07-15 09:24:11.152    E    #2944    Util      error -2147023143: There are no more endpoints available from the endpoint mapper.

2013-07-15 09:24:56.526    e    #3636    Agent    Agent failed to communicate with ePO Server

2013-07-15 09:27:11.999    e    #3636    Agent    Agent failed to communicate with ePO Server

2013-07-15 09:27:17.384    e    #3636    Agent    Agent failed to communicate with ePO Server

2013-07-15 09:30:24.277    E    #7760    Logging    drop 1 [\\.\mailslot\VSECMA-{B1A5B08C-88BC-4B0F-9F6D-E13899F11816}] file not found

2013-07-15 09:32:01.654    e    #3636    Agent    Agent failed to communicate with ePO Server

2013-07-15 09:32:07.067    e    #3636    Agent    Agent failed to communicate with ePO Server

Message was edited by: konovalovgy on 7/15/13 1:06:16 AM CDT
1 Reply
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: ASCI fails after renaming workstation when "User Based Policy" is assigned to a local account

Hi...

This is fixed in MA 4.8 - please see KB78077 for details.

HTH -

Joe

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community