cancel
Showing results for 
Search instead for 
Did you mean: 
fr0st
Level 7

4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Hi,

My environment is ePO 5.0, VSE 8.8 P2 on Windows XP/7 and Mcafee agent 4.8 P1 and some older versions still remaining.

The problem - newly installed agents (both fresh install and upgrade from previous versions) arent updating policies, tasks etc. from ePO server. Agent communication seems fine, the agents are reporting properly and I can see them in the ePO console but no policies are enforced, no tasks, nothing...

Something I've noticed is that the SiteStat.xml and catalog.z files are missing on the problematic agents. The older agents are working fine, but I'm afraid to upgrade them.

Part of the anegt log on a problematic agent:

2013-07-10 11:13:10.202    I    #46584    Agent    Sending the next batch of immediate events

2013-07-10 11:13:10.202    i    #46584    Agent    Agent is looking for events to upload

2013-07-10 11:13:10.202    I    #46584    Agent    Agent did not find any events to upload

2013-07-10 11:14:39.342    i    #46592    Agent    Agent Started Enforcing policies

2013-07-10 11:14:39.342    I    #46592    Agent    Thread time-out occurred

2013-07-10 11:14:39.342    I    #46592    Manage    Enforcing policies

2013-07-10 11:14:39.342    i    #46592    Manage    Enforcing Policies for McAfee Agent

2013-07-10 11:14:39.342    I    #46592    Agent    CePOAgent::EnforcePolicy priority=-2

2013-07-10 11:14:39.342    I    #46592    Agent    Enforcing policies

2013-07-10 11:14:39.342    I    #46592    LstnSvr    Enforcing Policies

2013-07-10 11:14:39.342    I    #46592    Datastore    Did not find setting bEnableRelayService in section AgentListenServer for software ID EPOAGENT3000

2013-07-10 11:14:39.342    I    #46592    Datastore    Did not find setting bEnableP2PService in section AgentListenServer for software ID EPOAGENT3000

2013-07-10 11:14:39.342    I    #46592    Datastore    Did not find setting AgtServiceMgrPort in section AgentListenServer for software ID EPOAGENT3000

2013-07-10 11:14:39.342    I    #46592    LstnSvr    Relay policy is disabled, hence, shutting down the service manager.

2013-07-10 11:14:39.342    I    #46592    LstnSvr    EnforcePolicies--Service Manager stopped.

2013-07-10 11:14:39.342    I    #46592    Logging    Enforcing policies

2013-07-10 11:14:39.342    I    #46592    Manage    Enforcing policies

2013-07-10 11:14:39.352    I    #46592    Datastore    Did not find setting LicenseKey in section EPOAGENT3000META for software ID EPOAGENT3000META

2013-07-10 11:14:39.352    I    #46592    UsrSpCt    Enforcing policies

2013-07-10 11:14:39.362    I    #46592    Sched    >>--CSchedule::EnforcePolicy

2013-07-10 11:14:39.362    I    #46592    Sched    <<--CSchedule::EnforcePolicy

2013-07-10 11:14:39.362    I    #46592    Datastore    Did not find section Telemetry for software ID EPOAGENT3000

2013-07-10 11:14:39.362    I    #46592    Datastore    Did not find section Telemetry for software ID EPOAGENT3000

2013-07-10 11:14:39.362    I    #46592    Datastore    Did not find section Telemetry for software ID EPOAGENT3000

2013-07-10 11:14:39.362    I    #46592    Datastore    Did not find section Telemetry for software ID EPOAGENT3000

2013-07-10 11:14:39.362    I    #46592    Manage    Policy enforcement is currently enabled

2013-07-10 11:14:39.362    I    #46592    Manage    PIP task was not scheduled- PIP Package might not be avilable in repository or PIP deployment was opt out by policies

2013-07-10 11:14:39.362    I    #46592    Manage    Initializing Event Interface

2013-07-10 11:14:39.362    I    #46592    Manage    EpoEventInf Interface: Initialization succeeded.

2013-07-10 11:14:39.362    i    #46592    Manage    Enforcing Policies for EPOAGENT3000META

2013-07-10 11:14:39.372    i    #46592    Manage    Enforcing Policies for EPOAGENT3000

2013-07-10 11:14:39.382    I    #46592    Manage    DeInitializing Event Interface

2013-07-10 11:14:39.382    I    #46592    Manage    EpoEventInf Interface: Deinitialization succeeded.

2013-07-10 11:14:39.382    i    #46592    Agent    Agent finished Enforcing policies

2013-07-10 11:14:39.382    i    #46592    Agent    Next policy enforcement in 5 minutes

2013-07-10 11:18:10.206    I    #46584    Agent    Sending the next batch of immediate events

2013-07-10 11:18:10.206    i    #46584    Agent    Agent is looking for events to upload

2013-07-10 11:18:10.206    I    #46584    Agent    Agent did not find any events to upload

Part of the error log:

2013-07-09 16:36:56.717    E    #2884    ServiceMgr    Error trace:

2013-07-09 16:36:56.727    E    #2884    ServiceMgr      Not persisting SAHU_SERVER stat data. It is either invalid or not running currently

The ePO server log shows no errors.

Message was edited by: fr0st on 7/10/13 4:15:24 AM CDT
0 Kudos
1 Solution

Accepted Solutions
Tristan
Level 15

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Could this be related to the issue that was in an SNS message i got the other day

-- ========================================

ePolicy Orchestrator (ePO) 5.0 servers installed with valid license key stop sending policies and tasks to agents after 90 days. 

This issue occurs only with ePO 5.0.0.1160 and will be resolved in ePO 5.0.1. A hotfix and additional information are available in KnowledgeBase article KB78686.

This article is available only to registered users. To view it, log into the McAfee ServicePortal at http://mysupport.mcafee.com and search for the article ID.

-- ===================================

Although i tried to veiw it with my service portal login but it's not there

14 Replies
rackroyd
Level 16

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Hard to say from that alone, the snippet shows the locally cached policies seem to be enforced but does not include the time when the agent talks to the ePO server.

I found three prior instances of similar behaviour where all seemed ok but nothing actually got enforced in the product(s) managed.

(1) was resolved by redeploying the agent a second time.

(2) was down to an excessive number of locally defined HIPs product rules. Removing them resolved things.

(3) was down to the Windows service pack version in the registry containing non-standard characters (for some reason).

     For that you'd check:

     HKLM\system\CurrentControlSet\control\windows   
     HKLM\system\controlset001\control\windows
     HKLM\system\controlset002\control\windows
     HKLM\software\Microsoft\Windows NT\CurrentVersion

     Value: CSDVersion

Largely guesswork for the above, you might be better opening a support case with McAfee to have it fully inspected.

0 Kudos
Tristan
Level 15

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Could this be related to the issue that was in an SNS message i got the other day

-- ========================================

ePolicy Orchestrator (ePO) 5.0 servers installed with valid license key stop sending policies and tasks to agents after 90 days. 

This issue occurs only with ePO 5.0.0.1160 and will be resolved in ePO 5.0.1. A hotfix and additional information are available in KnowledgeBase article KB78686.

This article is available only to registered users. To view it, log into the McAfee ServicePortal at http://mysupport.mcafee.com and search for the article ID.

-- ===================================

Although i tried to veiw it with my service portal login but it's not there

fr0st
Level 7

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

That's exactly the problem Tristan, thank you.

I've managed to find the KB78686 - here's the link https://kc.mcafee.com/corporate/index?page=content&id=KB78686&actp=search&viewlocale=en_US&searchid=...

The solution (other than to wait for new version of ePO) is to change one registry key:

To verify that you require this hotfix, on the ePO 5.0.0.1160 server with a valid license (not evaluation), check the value of the following registry key.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\NaiLite]
@=""

"Data"=hex:00

If the key does not contain the value '00' as shown, apply the registry key fix, or upgrade to ePO 5.0.1 or later.

Changgint the registry key and restarting ePO services fixed everything.

0 Kudos
alphoenix
Level 7

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Where did you find this article ?

I followed the link above for the article KB78686, but I get a "article not found"...

Do you have a link to directly download the hotfix ?

ePO 5.0.1 isn't available till now, isn't it ?

0 Kudos
rackroyd
Level 16

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Hm, seems it's been classified as a 'registered' article, so you'd need to log in to acess it.

This means i can't post it here i'm afraid, nor can I post a link on a public forum - sorry.

ePO 5.0.1 is not available yet.

i suggest you contact McAfee support, as I said before.

0 Kudos
aloubert
Level 7

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

I need to login where ?

On the ServicePortal ?

That's what I did...

But I found the article nowhere into the knowledge base, neither in the ePO section, nor in the McAfee Agent section...

It's somewhere a shame such problems are "classified" !

This could simply completely "block" ePO, and there are protections to download corrections to YOUR bugs ???

We have paid to buy the software and that's still not sufficient to obtain hotfixes ? Unbelievable !

0 Kudos
Tristan
Level 15

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

I don't see the 'classified' issue as a problem. Like i said i got the notification from an SNS notice so it's not as if it's top secret.

I managed to find the article in the end via my ServicePortal login but must admit it wasn't easy.

As long as you've got a valid grant number then access to the fix via the website or calling support isn't an issue.

0 Kudos
fr0st
Level 7

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

Yes, you need to login to the service portal and search for ePolicy Orchestrator (ePO) 5.0 servers installed with valid license key stop sending policies and tasks to agents after 90 days

Anyway, aloubert, I've posted the solution in my previous post - make the registry change on the ePO server and restart the services. I don't care if the hotfix is classified since every new version of McAfee software is breaking more things than fixing old issues... On top of this we (or our companies) are paying for this software.

0 Kudos
rackroyd
Level 16

Re: 4.8 P1 Agents not updating from ePO 5.0

Jump to solution

'Registered' just means it's an article only visible to customers with a current McAfee grant id, it's not 'classified' in the sense it's secret.

This is a public forum, ergo as an employee I cannot post it directly here, or I would. That's all !

0 Kudos