cancel
Showing results for 
Search instead for 
Did you mean: 
rgijsen
Level 7

Agent 5.0.2.132 unable to get managed and other issues

Hi,

running epo 5.3.1 with HF1080544 and HF1102635. AV 8.8 on all server. Current branch running Agent 4.8.0.1938 without any issues. I've checked in agent 5.0.2.132 into evaluation and deployed that to a few testsystems. I think I need an idiot check / confirmation. I can't get agent 5.0.2 to get in managed state. When I update them through ePo, the agent gets in unmanaged state and will not comunicate to ePo:

C:\Program Files\McAfee\Agent>cmdagent -i

Component: McAfee Agent

AgentMode: 0

Version: 5.0.2.132

GUID: N/A

TenantId: N/A

LogLocation: C:\ProgramData\McAfee\Agent\logs

InstallLocation: C:\Program Files\McAfee\Agent\

CryptoMode: 0

DataLocation: C:\ProgramData\McAfee\Agent\

EpoServerList: xxx <-- masked, but absolutely correct

EpoPortList: 18443

Failed to get value of EpoServerLastUsed

LastASCTime: N/A

LastPolicyUpdateTime: 0

EpoVersion: N/A

C:\Program Files\McAfee\Agent>cmdagent -c

2015-12-22 10:32:57.357 cmdagent(1116.3060) cmdagent.Info: Agent is running in unmanaged mode. Can not check new policies.

I've tried to uninstall the agent (with /forceuninstall) and redeploy it. Same issue. Installed it from commandline, same issue. I tried to enable the debuglog (loglevel 8) on the agent but for some reason it doesn't generate a logfile at all (or at least I can't find it where it should be) which is another issue. Now I know 5.0.0 could not communicate without SSL, which was supposedly fixed in 5.0.1. I have SSL enabled and working, port 18443 as shown above is my SSL port. 4.8 agents connect to that just fine. Checking with a browser reveals SSL is in place with the correct selfsigned cert. I've tried redeploying the agent with Access protection and mcshield disabled, to prevent McAfee files being updated by itself (I don't think it would need that but who knows). Still no luck. I've got a few machines in a different subnet, I checked the firewall logs and the agent doesn't even seem to try to connect to the ePo server at all on either port.

I've been staring at this for about 8 hours, but it can't be that difficult. I think I need a pair of fresh eyes. Anyone?

0 Kudos
17 Replies
andrep1
Level 14

Re: Agent 5.0.2.132 unable to get managed and other issues

I'm puzzled, but I can at least give you the install log location which is c:\windows\temp\mcafeelogs\

You can try switching the agent to managed mode manually, this will test the ability to communicate:

maconfig -provision -managed -auto -dir "C:\Windows\Temp" -epo ePOServerMachine [-user admin] [password password123]

The directory is a temp directory and the user name and password are ePO ID/pwd

0 Kudos
rgijsen
Level 7

Re: Agent 5.0.2.132 unable to get managed and other issues

Now that's a new, I didn't know that command, thanks! It gives a hint too:

C:\Program Files\McAfee\Agent>maconfig.exe -provision -managed -auto -dir "c:\temp" -epo <oureposerver>

Enter ePO user name:Admin

Enter ePO user password:

2015-12-23 17:26:15.611 maconfig(5036.864) maconfig.Info: agent provisioning started

2015-12-23 17:26:15.611 maconfig(5036.864) maconfig.Error: Setting up agent keystore failed , moving to unmanaged mode

2015-12-23 17:26:15.774 maconfig(5036.864) maconfig.Info: agent provisioning finished successfully

2015-12-23 17:26:16.211 maconfig(5036.864) maconfig.Info: configuration finished

C:\Program Files\McAfee\Agent>

So setting up agent keystore failed. One step closer but I still don't have a clue I'm running this as admin. I see another user having this issue at , but no answer there yet.

0 Kudos
andrep1
Level 14

Re: Agent 5.0.2.132 unable to get managed and other issues

Anything showing logwise in your %temp% directory that could help ?

Permissions on registry or agent folder, the new access protection in the agent ?

Anything in AP log for VSE or events for hips ?

0 Kudos
rgijsen
Level 7

Re: Agent 5.0.2.132 unable to get managed and other issues

The installation logs show no errors whatsoever. The maconfig command's temp-dir is empty except for a (generated?) numbered folder, but no files. Access Protection blocking agent setup I haven't checked, as that would be a very stupid thing to block in my oppinion. However, just to be sure I will rollout the agent on a vanilla testmachine without AV installed. I'll let you know. After christmas Merry xmas!

0 Kudos
rgijsen
Level 7

Re: Agent 5.0.2.132 unable to get managed and other issues

To update; I quit working on this. I couldn't get it to work whatever I did. I reverted to MA4.8 for now and it will stay that for the following months.

0 Kudos
Don_Martin
Level 11

Re: Agent 5.0.2.132 unable to get managed and other issues

Hello,

I'm just curious: You did check in the ePO Agent Key Updater into the Master Repsoitory (v5.0.2.132)?

0 Kudos
rgijsen
Level 7

Re: Agent 5.0.2.132 unable to get managed and other issues

Yes sure, I've checked in ePO Agent Key Updater (RTW) 5.0.2.132 and the agent itself.

0 Kudos
pierce
Level 13

Re: Agent 5.0.2.132 unable to get managed and other issues

Did you check in the new management extension?

Without that your new agents wouldn't be able to talk to ePO, it should be backwards compatible with all previous agents.

0 Kudos
rgijsen
Level 7

Re: Agent 5.0.2.132 unable to get managed and other issues

Now that's a good question. I'll check it and if not test it and report. Thanks for that suggestion!

0 Kudos