cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 18

Repository policies issues

Hello,

I have more than 90 policies for McAfee Agent repository due to a large infra.

Sometime, for a reason i don't understand, the repository inside a policy goes to enable to disable.

Repository are all superagent, 92 in total.

 

Since checking every policy to check if there is at least 1 repo is taking me a long time, do you guys have a solution to get rapidely every repo enable per policy ?

 

Thanks you.

17 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 18

Re: Repository policies issues

We would first want to see why they go to disabled.  One thing to check in the repository policy, do you have automatically allow clients to access newly added repositories enabled?

Another thing to check is that when one goes to disabled, check the audit log to see if perhaps that system was deleted and re-added to the system tree for some reason.

As for bulk enabling them all, no, we don't have anything to do that.  That would require also doing that to every policy, so if you have that option in the policy disabled (unchecked), then you might want to enable it to avoid this issue.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 18

Re: Repository policies issues

Thanks for you response.

This option is not allowed, since we want to control where the client are updating.
So in every policy, they should have 2/3 repository and for example, client in china are not allowed to go to France to update.
Or clients in NY CITY are not allowed to update to LA.

So this option is disable and we cannot enable it.

Yes I have check the audit log.. but there is only the part where SYSTEM remove the SA from every policies for unknown reason...



"Excluding repository 'ePOSA_SERVER' in policy 'Repository_Policy_CITYNAME'."
User Name: system
Priority: Low
Success Succeeded
Start Time :18/11/2019 à 15:10:20
Completion Time 18/11/2019 à 15:10:20

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 18

Re: Repository policies issues

Please open an SR for this issue, as there have been some defects on it, but no solution that I see yet.  Here is the data we need.

 - MER from ePO
 - MER from one SuperAgent which experienced the issue
 - Audit log export covering the same day when the repository was excluded from the policy. 

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 18

Re: Repository policies issues

Ok thanks, so will we try to understand what happen, there is nowhere I can retrieve what SA is enable in what policy ?

Like a SQL request in db or filter in XML using notepad++?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 18

Re: Repository policies issues

You can run this - select * from eporepository where enabled = 0

I don't know, however, if that will reflect that state in every policy or not.  It is something to check first.  Other than that, I know of no other query that will get what you want out of all the policies.

You can possibly export your repository policies and search for disabledsitenum section and it will list all the disabled sites on a specific policy.  However, you would need to know what should and should not be disabled for that policy to know if it is right or not.  You can't bulk edit policies either in the xml, then re-import them.  You probably could technically, but we don't support that.  That would actually be more trouble than just editing each policy manually.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 18

Re: Repository policies issues

Ok thanks I will check that.

But for now is only for information, I want to be sure that every policy have at least 1 repo.
I will not edit directly in XML but if this can show me which one is not compliant then I can fix it quickly in ePO.

I will open a case though.
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 18

Re: Repository policies issues

Sounds like a plan 🙂

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 18

Re: Repository policies issues

The SQL query seem not show the not used one.

I have created the SR, I have send it to you if you want to check the MER for curiosity.
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 18

Re: Repository policies issues

At the time this occurred in audit log, the agent shows these errors that weren't there previously.

2019-12-12 11:16:47.569 macmnsvc(1496.1612) http_server.Info: ma_http_repository_handler_t(0000000001B0D5D0) processing repository file </Software/SiteStat.xml> request
2019-12-12 11:16:47.569 macmnsvc(1496.1612) http_server.Error: ma_http_repository_handler_t(0000000001B0D5D0) failed to process repository file <\Software> request, rc <2303>

After you enable the repository, are clients able to get updates from it?  Do you still see these type errors, or does a restart of agent services (or reboot) clear those out?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community