cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 7

ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

As subject states, our admins decided to go crazy modifying stuff without checking compatibility with our McAfee ePO applications, so I've spent the entire day trying to fix it with my team.

TLS 1.0 and 1.1 were disabled on the SQL server, so we could not connect to it. After I had the admins fix that in Group Policy, we were able to test successfully from /core/config.

Then though, we saw the errors below in our Orion logs:

2020-12-03 16:07:20,498 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\webapp/WEB-INF/lib/epojni java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

2020-12-03 16:08:23,571 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\webapp/WEB-INF/lib/DownloadJNI java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

and verified that those files "epojni" and "DownloadJNI" were not there.

After some Google searching and reading McAfee KB's, I found that ePO uses SQL Native Client to issue commands to the SQL database, like pulling licensing information. Then I noticed that apparently an admin had uninstalled SQL Native Client, so I reinstalled it.

I need to know one thing - Where do I get the epojni and DownloadJNI files for that folder?

Thanks,

George

1 Solution

Accepted Solutions
Level 9
Report Inappropriate Content
Message 6 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

Hey cdinet,

What made me think there was a problem with it was the logs telling me it is unable to load the libraries, because it is looking for files that do not exist, per my OP.

2020-12-03 16:07:20,498 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\webapp/WEB-INF/lib/epojni java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

2020-12-03 16:08:23,571 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\webapp/WEB-INF/lib/DownloadJNI java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

After doing some deep analysis in the event logs though, the last thing that happened before the server crashed on the 2nd was something Microsoft LAPS (Local Administrator Password Solution) attempted and was blocked by McAfee, then the server must have segfaulted because the next thing in the event logs is the server coming back up saying it rebooted unexpectedly. Here is the event from McAfee:

Blocked by access protection rule. Access to object C:\Program Files\LAPS\CSE\AdmPwd.dll was blocked by rule Anti-virus Maximum Protection:Prevent svchost executing non-Windows executables.
 
We were considering rebuilding the application server on a new server (since it appeared to be corrupt), and then connecting it to the DB.
 
Then our sysadmins re-enabled TLS 1.0 and 1.1 on the ePO App server, and rebooted them, and suddenly everything is working again.
 
So, lesson learned - JRE saying it cannot access a local custom library is somehow because TLS 1.0 and 1.1 has been disabled on the server. Can you verify that this would cause this error?
 
Thanks,
George

View solution in original post

6 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

Hello @SypsG 

Thanks for your post.

Based on the error posted by you we have couple of KB Articles which you should look:

https://kc.mcafee.com/corporate/index?page=content&id=KB79963&locale=en_US

https://kc.mcafee.com/corporate/index?page=content&id=KB79963&locale=en_US

If you have the test lab available try copy pasting the files but before that please make sure you are having the ePO Server and ePO Database backed up with the help of https://kc.mcafee.com/corporate/index?page=content&id=KB66616

I would recommend you to open a Service Request with McAfee Support Team to get this checked and verified.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other member.

Level 9
Report Inappropriate Content
Message 3 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

Thanks,

Re: https://kc.mcafee.com/corporate/index?page=content&id=KB79963&locale=en_US

We are using local SQL account, so the above is not relevant.

Re: https://kc.mcafee.com/corporate/index?page=content&id=KB79963&locale=en_US

That is the same link as the first one. Perhaps you meant to share a different one.

Re: Opening a service request - We do not have time to open a service request and hope for weeks that we get a response to the ticket being opened, because this is a Critical enterprise-wide outage. Also, the support engineers at McAfee Enterprise support only support LogMeInRescue, which is not allowed by our security policy.

I'm in the middle of building a test system to see if the files are there on the new system.

In the meantime, I welcome any and all other suggestions.

Thanks,

George

Level 9
Report Inappropriate Content
Message 4 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

Can someone at McAfee (or anyone else with a working ePO server) look at a working 5.9 server and let me know if the contents of this directory are the same on your working server as they are on my broken server? I would like to know if the jTDS connection is looking for the wrong files (epojni and DownloadJNI), or if the files are missing from my server for some reason:

D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\web
app\WEB-INF\lib>dir
Volume in drive D is ePO
Volume Serial Number is E483-170A

Directory of D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore
\5.9.0.732\webapp\WEB-INF\lib

12/03/2020 04:32 PM <DIR> .
12/03/2020 04:32 PM <DIR> ..
04/18/2017 09:07 AM 415,704 DownloadJNI64.dll
04/18/2017 09:07 AM 1,284 DownloadJNI64.dll.sig
04/18/2017 09:07 AM 14,733 EPOCore-tags.jar
04/18/2017 09:07 AM 1,284 EPOCore-tags.jar.sig
04/18/2017 09:07 AM 1,401,534 EPOCore.jar
04/18/2017 09:07 AM 1,284 EPOCore.jar.sig
04/18/2017 09:07 AM 1,028,056 epojni64.dll
04/18/2017 09:07 AM 1,284 epojni64.dll.sig
04/18/2017 09:07 AM 7,233 epoprops.xsd
04/18/2017 09:07 AM 338,392 RuleEngJNI64.dll
04/18/2017 09:07 AM 1,284 RuleEngJNI64.dll.sig
04/18/2017 09:07 AM 3,109 sensitive.xsd
12 File(s) 3,215,181 bytes
2 Dir(s) 96,501,465,088 bytes free

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

I don't have one to compare, but here is how you can compare and even replace any existing files.  

Go to \Program Files (x86)\McAfee\ePolicy Orchestrator\Installer\ePO\extension-packages and open the epost.zip file.  You will see the epocore extension file there.  The contents of that (match the version in extension.properties file with what you have - it should match your .732 version).  The contents of that file are what should be in your installed location.  

But first of all, what makes you think there is an issue with that extension?  Did you reinstall the native client on the app server?  That is a required component.  I would bet that is your issue and not related to the extension, but without knowing for sure, it is a guess.  I would first of all make sure that the native sql client is reinstalled.

By the way, support also has access to webex, so you can insist on using webex instead of LogMeIn.  We also have access to Microsoft teams meetings.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Level 9
Report Inappropriate Content
Message 6 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

Hey cdinet,

What made me think there was a problem with it was the logs telling me it is unable to load the libraries, because it is looking for files that do not exist, per my OP.

2020-12-03 16:07:20,498 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\webapp/WEB-INF/lib/epojni java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

2020-12-03 16:08:23,571 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.0.732\webapp/WEB-INF/lib/DownloadJNI java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

After doing some deep analysis in the event logs though, the last thing that happened before the server crashed on the 2nd was something Microsoft LAPS (Local Administrator Password Solution) attempted and was blocked by McAfee, then the server must have segfaulted because the next thing in the event logs is the server coming back up saying it rebooted unexpectedly. Here is the event from McAfee:

Blocked by access protection rule. Access to object C:\Program Files\LAPS\CSE\AdmPwd.dll was blocked by rule Anti-virus Maximum Protection:Prevent svchost executing non-Windows executables.
 
We were considering rebuilding the application server on a new server (since it appeared to be corrupt), and then connecting it to the DB.
 
Then our sysadmins re-enabled TLS 1.0 and 1.1 on the ePO App server, and rebooted them, and suddenly everything is working again.
 
So, lesson learned - JRE saying it cannot access a local custom library is somehow because TLS 1.0 and 1.1 has been disabled on the server. Can you verify that this would cause this error?
 
Thanks,
George

View solution in original post

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: ePO 5.9.0 admins disabled TLS 1.1 on SQL and uninstalled SQL Native Client on App server

Jump to solution

One thing to keep in mind that most of the orion log and even install/upgrade errors you see appear to be java related.  They really aren't java specific, but tomcat is java based, so everything relies on it.  That includes database connectivity and most other functions.  We use a jdbc connection to the database, which is java related.  So disregard "java" related errors as any relation to java itself, but look beyond that to what else is going on.

Yes, a disconnect to database can throw a jre or java error.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community