cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JohnFGI
Level 7
Report Inappropriate Content
Message 1 of 3

System Tree Not Update and Failed to Sync to AD

Hi! We have recently migrated our on-premise server to Azure (lift and shift). I have joined the server to a domain controller in Azure. I can ping the ePO server from anywhere of our endpoint but the system tree is not updated (last update was September 2021). I have connected it to our SQL and AD servers. Both are running okay and when tested, they are successful.

My question is: how can I sync the AD again? In the logs, it looks like the ePO cannot connect to the database. See the logs below.

 

2022-01-21 15:38:01,205 ERROR [https-jsse-nio-8444-exec-11] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:01,220 ERROR [https-jsse-nio-8444-exec-9] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:01,254 ERROR [https-jsse-nio-8443-exec-4] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:11,297 ERROR [https-jsse-nio-8444-exec-1] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:11,301 ERROR [https-jsse-nio-8444-exec-24] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:11,325 ERROR [https-jsse-nio-8443-exec-8] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:21,365 ERROR [https-jsse-nio-8444-exec-14] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:21,370 ERROR [https-jsse-nio-8444-exec-12] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:21,399 ERROR [https-jsse-nio-8443-exec-19] server.OrionLoginModule - Error occured while updating last logon time in the database
2022-01-21 15:38:24,395 WARN [https-jsse-nio-8443-exec-2] command.SyncNowCommand - a command of type com.mcafee.epo.computermgmt.ui.command.SyncNowCommand should have its resource property set
2022-01-21 15:38:24,784 ERROR [scheduler-TaskQueueEngine-thread-3] command.SyncDomainADCommandOnPrem - SyncDomainADCommand failed, 0 succeeded, 1 failed
2022-01-21 15:38:24,815 ERROR [scheduler-TaskQueueEngine-thread-3] service.ScheduledTaskManagerImpl - execution of task Active Directory/NT Domain Synchronization failed
com.mcafee.orion.core.cmd.CommandException: Error, all sync points failed to synchronize
at com.mcafee.epo.computermgmt.ui.command.SyncDomainADCommandOnPrem.invoke(SyncDomainADCommandOnPrem.java:173)
at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1275)
at com.mcafee.orion.core.cmd.CommandInvoker.invokeCommand(CommandInvoker.java:1000)
at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:969)
at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:946)
at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:434)
at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:380)
at com.mcafee.orion.scheduler.chainable.Chain.invoke(Chain.java:61)
at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1275)
at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runTask(ScheduledTaskManagerImpl.java:1582)
at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runValidatedTaskInvocation(ScheduledTaskManagerImpl.java:1553)
at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runValidatedTaskInvocation(ScheduledTaskManagerImpl.java:1507)
at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.execute(ScheduledTaskManagerImpl.java:1318)
at com.mcafee.orion.task.queue.TaskQueueEngine.runTask(TaskQueueEngine.java:861)
at com.mcafee.orion.task.queue.TaskQueueEngine.runTask(TaskQueueEngine.java:843)
at com.mcafee.orion.task.queue.TaskQueueEngine.lambda$submitTasks$9(TaskQueueEngine.java:813)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

 

 

2 Replies
aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: System Tree Not Update and Failed to Sync to AD

Just so that i understand what has been done, you have migrated the ePO server from an onprem server to an Azure VM, correct?

if that is the scenario then you need to test the connection to your ePO on Azure to your AD onprem (assuming your AD is onprem)

there are some limitations to this as per below Doc:

https://docs.mcafee.com/en/bundle/epolicy-orchestrator-5.10.0-installation-guide/page/GUID-ED0100D4-...

 

If the McAfee ePO server or the Agent Handler can't communicate with remote servers in private networks, then these features will not work.

Distributed repositories such as SuperAgent, FTP, HTTP, and UNC will not work.
Registered server that cannot communicate with the McAfee ePO server will not work.
If McAfee ePO can't reach the SMTP server, the email service doesn't work.

We need to test the connection from the ePO server to that private network (again assuming AD is on your onprem network ), for that you could use telnet, please see the article below and test the connection to your LDAP server on this ports:

LDAP server port 389 TCP port used to retrieve LDAP information from Active Directory servers. Outbound connection from the ePO server or Agent Handler to an LDAP server.
SSL LDAP server port 636 TCP port used to retrieve LDAP information from Active Directory servers. Outbound connection from the ePO server or Agent Handler to an LDAP server.
LDAP with Global Catalog 3268 TCP port used to retrieve LDAP information from Active Directory servers when using Global Catalog. Outbound connection from the ePO server or Agent Handler to an LDAP server.
SSL LDAP with Global Catalog 3269 TCP port used to retrieve LDAP information from Active Directory servers when using Global Catalog and SSL. Outbound connection from the ePO server, or Agent Handler to an LDAP server.



https://kc.mcafee.com/corporate/index?page=content&id=KB66797

Regards

Alejandro

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: System Tree Not Update and Failed to Sync to AD

You would also check the epoapsvr log on the epo server to see any ad sync errors.  Additionally, what does the server task log show?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community