All,
Does MVISION ePO support embedding McAfee Agent on a gold image as per KB84356 ?
I deployed the McAfee Agent via SmartInstaller then ran the maconfig -enforce -noguid command on the master image to remove the GUID but now each time the system starts up the McAfee Agent Service fails to start. This basically means you cannot embed the agent in a COE/gold image build when used with MVISION ePO at all.
The logs indicate that it's clearing the GUID and I can verify this under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\Agent as the GUID entry is missing.
MA logs indicate the following:
2020-10-27 10:38:42.560 masvc(8644.6944) msgbus.Info: executable <C:\Program Files\McAfee\Agent\masvc.exe> sid = <S-1-5-18>
2020-10-27 10:38:42.575 masvc(8644.6944) msgbus.Info: Generating Agent GUID because no prior GUID exists in the MA database
2020-10-27 10:38:42.591 masvc(8644.6944) maconfigurator.Info: Scanned hardware details: sys_model:VMware Virtual Platform, sys_manfucaturer=VMware, Inc., sys_serial=VMware-42 27 6c 6f ac b5 19 db-12 c3 7d 30 12 6a 78 d9, uuid=6F6C2742-B5AC-DB19-12C3-7D30126A78D9
Logged under SR # 4-21399018221
Any further advice or has anyone come across this issue?
Regards,
Daniel
Solved! Go to Solution.
When you use vdi mode, you don't do the noguid command. Yes, self protection will prevent procdump from running. That probably isn't the right thing to use anyway if service can't start. You might want to use procmon when trying to start services.
What I would like to try first is to remove everything mcafee, reboot, then just install the agent only in vdi mode. The mer did not contain any agent install logs, so it is difficult to know what may have happened during the install. We would want a new mer if it fails, but when running the mer, don't choose all products. In this case, just choose the mcafee agent. All products doesn't collect all necessary data for point products often.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
We need to investigate MA crash issue. Please collect masvc crash dump (procdump -ma -t masvc ), client MER log and attach to SR.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
just to check, did you get any error message when you run #: maconfig -enforce -noguid ?
Hi there,
No error, just expected result from running it on the system. Here is the log extract:
C:\Program Files\McAfee\Agent>maconfig -enforce -noguid
2020-10-29 09:03:21.317 maconfig(9256.10392) maconfig.Info: enforcing noguid.
2020-10-29 09:03:21.476 maconfig(9256.10392) maconfig.Info: enforcing noguid passed
2020-10-29 09:03:21.476 maconfig(9256.10392) maconfig.Info: configuration finished
Let me check your logs. The vdi systems, are they persistent or non-persistent vm's?
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
The VDI are non-persistent. I managed to easily replicate the issue in my lab by installing MA 5.6.6 via SmartInstaller on a 2019 Server and running maconfig -enforce -noguid. Same thing happens, MA service fails to start with exception and GUID is not generated in registry.
On another note, if we install with VDI Mode enabled (SmartInstaller -v) what will happen at next agent upgrade on MVISION ePO instances? I presume we need to set VDI flag via command-line in Advanced Deployment page for subsequent upgrades and ensure that Automatic Upgrade is enabled. Will it honour the command-line parameters defined in the deployment task when new MA versions are pushed to the MVISION ePO cloud tenants?
I cannot collect ProcDump as I get an Access Denied message (even though I'm running it in UAC Admin CMD window. Is MA self-protection preventing anything with ProcDump?
When you use vdi mode, you don't do the noguid command. Yes, self protection will prevent procdump from running. That probably isn't the right thing to use anyway if service can't start. You might want to use procmon when trying to start services.
What I would like to try first is to remove everything mcafee, reboot, then just install the agent only in vdi mode. The mer did not contain any agent install logs, so it is difficult to know what may have happened during the install. We would want a new mer if it fails, but when running the mer, don't choose all products. In this case, just choose the mcafee agent. All products doesn't collect all necessary data for point products often.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Hi, thank you for the reply.
So would you advise we use VDI switch with McAfeeSmartInstall.exe then instead? And then create continuous advanced deployment with /enableVDImode switch and tick the box "Automatically deploy latest version of the products" to ensure that future agent upgrades retain VDI mode operation?
I'll do the above and then submit a new MER after testing just with VDI Mode switch.
Many thanks!
yes
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reinstalling MA in VDI mode without deleting GUID appears to work as the agent service now starts up successfully. I'll get further testing done on this on the VDI implementation to see what impact this has on the rest of the images provisioned from the gold master.
With VDI mode we'd expect machines to deprovision themselves from ePO at shutdown and then reassociate the same GUID used before at startup correct? I also assume that ePO will not treat all systems as the same entry due to duplicate GUIDs present on VDI spun up from the gold image.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA