running epo 5.3.1 with HF1080544 and HF1102635. AV 8.8 on all server. Current branch running Agent 188.8.131.528 without any issues. I've checked in agent 184.108.40.206 into evaluation and deployed that to a few testsystems. I think I need an idiot check / confirmation. I can't get agent 5.0.2 to get in managed state. When I update them through ePo, the agent gets in unmanaged state and will not comunicate to ePo:
C:\Program Files\McAfee\Agent>cmdagent -i
Component: McAfee Agent
InstallLocation: C:\Program Files\McAfee\Agent\
EpoServerList: xxx <-- masked, but absolutely correct
Failed to get value of EpoServerLastUsed
C:\Program Files\McAfee\Agent>cmdagent -c
2015-12-22 10:32:57.357 cmdagent(1116.3060) cmdagent.Info: Agent is running in unmanaged mode. Can not check new policies.
I've tried to uninstall the agent (with /forceuninstall) and redeploy it. Same issue. Installed it from commandline, same issue. I tried to enable the debuglog (loglevel 😎 on the agent but for some reason it doesn't generate a logfile at all (or at least I can't find it where it should be) which is another issue. Now I know 5.0.0 could not communicate without SSL, which was supposedly fixed in 5.0.1. I have SSL enabled and working, port 18443 as shown above is my SSL port. 4.8 agents connect to that just fine. Checking with a browser reveals SSL is in place with the correct selfsigned cert. I've tried redeploying the agent with Access protection and mcshield disabled, to prevent McAfee files being updated by itself (I don't think it would need that but who knows). Still no luck. I've got a few machines in a different subnet, I checked the firewall logs and the agent doesn't even seem to try to connect to the ePo server at all on either port.
I've been staring at this for about 8 hours, but it can't be that difficult. I think I need a pair of fresh eyes. Anyone?
I'm puzzled, but I can at least give you the install log location which is c:\windows\temp\mcafeelogs\
You can try switching the agent to managed mode manually, this will test the ability to communicate:
maconfig -provision -managed -auto -dir "C:\Windows\Temp" -epo ePOServerMachine [-user admin] [password password123]
The directory is a temp directory and the user name and password are ePO ID/pwd
Now that's a new, I didn't know that command, thanks! It gives a hint too:
C:\Program Files\McAfee\Agent>maconfig.exe -provision -managed -auto -dir "c:\temp" -epo <oureposerver>
Enter ePO user name:Admin
Enter ePO user password:
2015-12-23 17:26:15.611 maconfig(5036.864) maconfig.Info: agent provisioning started
2015-12-23 17:26:15.611 maconfig(5036.864) maconfig.Error: Setting up agent keystore failed , moving to unmanaged mode
2015-12-23 17:26:15.774 maconfig(5036.864) maconfig.Info: agent provisioning finished successfully
2015-12-23 17:26:16.211 maconfig(5036.864) maconfig.Info: configuration finished
Anything showing logwise in your %temp% directory that could help ?
Permissions on registry or agent folder, the new access protection in the agent ?
Anything in AP log for VSE or events for hips ?
The installation logs show no errors whatsoever. The maconfig command's temp-dir is empty except for a (generated?) numbered folder, but no files. Access Protection blocking agent setup I haven't checked, as that would be a very stupid thing to block in my oppinion. However, just to be sure I will rollout the agent on a vanilla testmachine without AV installed. I'll let you know. After christmas Merry xmas!
To update; I quit working on this. I couldn't get it to work whatever I did. I reverted to MA4.8 for now and it will stay that for the following months.
Did you check in the new management extension?
Without that your new agents wouldn't be able to talk to ePO, it should be backwards compatible with all previous agents.