cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DDPCT
Level 8
Report Inappropriate Content
Message 1 of 11
‎10-28-2020 03:30 AM

MVISION ePO and McAfee Agent on VDI

Jump to solution

All,

Does MVISION ePO support embedding McAfee Agent on a gold image as per KB84356 ?

I deployed the McAfee Agent via SmartInstaller then ran the maconfig -enforce -noguid command on the master image to remove the GUID but now each time the system starts up the McAfee Agent Service fails to start.  This basically means you cannot embed the agent in a COE/gold image build when used with MVISION ePO at all.

The logs indicate that it's clearing the GUID and I can verify this under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\Agent as the GUID entry is missing.

maservice.png

services.png

MA logs indicate the following:

2020-10-27 10:38:42.560 masvc(8644.6944) msgbus.Info: executable <C:\Program Files\McAfee\Agent\masvc.exe> sid = <S-1-5-18>
2020-10-27 10:38:42.575 masvc(8644.6944) msgbus.Info: Generating Agent GUID because no prior GUID exists in the MA database
2020-10-27 10:38:42.591 masvc(8644.6944) maconfigurator.Info: Scanned hardware details: sys_model:VMware Virtual Platform, sys_manfucaturer=VMware, Inc., sys_serial=VMware-42 27 6c 6f ac b5 19 db-12 c3 7d 30 12 6a 78 d9, uuid=6F6C2742-B5AC-DB19-12C3-7D30126A78D9

Logged under SR # 4-21399018221

Any further advice or has anyone come across this issue?

Regards,

Daniel

0 Kudos
Reply
1 Solution

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11
‎10-29-2020 05:26 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

When you use vdi mode, you don't do the noguid command.  Yes, self protection will prevent procdump from running.  That probably isn't the right thing to use anyway if service can't start.  You might want to use procmon when trying to start services.

What I would like to try first is to remove everything mcafee, reboot, then just install the agent only in vdi mode.  The mer did not contain any agent install logs, so it is difficult to know what may have happened during the install.  We would want a new mer if it fails, but when running the mer, don't choose all products.  In this case, just choose the mcafee agent.  All products doesn't collect all necessary data for point products often.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
10 Replies
Hem
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11
‎10-28-2020 08:47 PM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

We need to investigate MA crash issue. Please collect masvc crash dump (procdump -ma -t masvc ), client MER log and attach to SR.

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Hem
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 11
‎10-28-2020 08:48 PM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

just to check, did you get any error message when you run #: maconfig -enforce -noguid ?

0 Kudos
Reply
DDPCT
Level 8
Report Inappropriate Content
Message 4 of 11
‎10-29-2020 02:03 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

Hi there,

No error, just expected result from running it on the system.  Here is the log extract:

C:\Program Files\McAfee\Agent>maconfig -enforce -noguid
2020-10-29 09:03:21.317 maconfig(9256.10392) maconfig.Info: enforcing noguid.
2020-10-29 09:03:21.476 maconfig(9256.10392) maconfig.Info: enforcing noguid passed
2020-10-29 09:03:21.476 maconfig(9256.10392) maconfig.Info: configuration finished

 

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 11
‎10-29-2020 04:57 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

Let me check your logs.  The vdi systems, are they persistent or non-persistent vm's?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
DDPCT
Level 8
Report Inappropriate Content
Message 6 of 11
‎10-29-2020 05:02 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

The VDI are non-persistent.  I managed to easily replicate the issue in my lab by installing MA 5.6.6 via SmartInstaller on a 2019 Server and running maconfig -enforce -noguid.  Same thing happens, MA service fails to start with exception and GUID is not generated in registry.

On another note, if we install with VDI Mode enabled (SmartInstaller -v) what will happen at next agent upgrade on MVISION ePO instances?  I presume we need to set VDI flag via command-line in Advanced Deployment page for subsequent upgrades and ensure that Automatic Upgrade is enabled.  Will it honour the command-line parameters defined in the deployment task when new MA versions are pushed to the MVISION ePO cloud tenants?

I cannot collect ProcDump as I get an Access Denied message (even though I'm running it in UAC Admin CMD window.  Is MA self-protection preventing anything with ProcDump?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11
‎10-29-2020 05:26 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

When you use vdi mode, you don't do the noguid command.  Yes, self protection will prevent procdump from running.  That probably isn't the right thing to use anyway if service can't start.  You might want to use procmon when trying to start services.

What I would like to try first is to remove everything mcafee, reboot, then just install the agent only in vdi mode.  The mer did not contain any agent install logs, so it is difficult to know what may have happened during the install.  We would want a new mer if it fails, but when running the mer, don't choose all products.  In this case, just choose the mcafee agent.  All products doesn't collect all necessary data for point products often.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
DDPCT
Level 8
Report Inappropriate Content
Message 8 of 11
‎10-29-2020 05:33 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

Hi, thank you for the reply.

So would you advise we use VDI switch with McAfeeSmartInstall.exe then instead? And then create continuous advanced deployment with /enableVDImode switch and tick the box "Automatically deploy latest version of the products" to ensure that future agent upgrades retain VDI mode operation?

I'll do the above and then submit a new MER after testing just with VDI Mode switch.

 

Many thanks!

 

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11
‎10-29-2020 05:36 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

yes

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reply
DDPCT
Level 8
Report Inappropriate Content
Message 10 of 11
‎10-29-2020 06:55 AM

Re: MVISION ePO and McAfee Agent on VDI

Jump to solution

Reinstalling MA in VDI mode without deleting GUID appears to work as the agent service now starts up successfully.  I'll get further testing done on this on the VDI implementation to see what impact this has on the rest of the images provisioned from the gold master.

With VDI mode we'd expect machines to deprovision themselves from ePO at shutdown and then reassociate the same GUID used before at startup correct?  I also assume that ePO will not treat all systems as the same entry due to duplicate GUIDs present on VDI spun up from the gold image.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC