cancel
Showing results for 
Search instead for 
Did you mean: 

Agent-Server communication fails after Certificate Migration

Jump to solution

I have a ePolicy Orchestrator 5.10.0 Update 3.

After migrating from 5.3.x to 5.9.1 the Certificate Migration from SHA1, to SHA-256 was initiated but not finished.

Some weeks ago, the ePO has been updated from 5.9.1 to 5.10

On Monday i finished the Certificate Migration to SHA256, because all managed systems should got the new certificate.

After the activation no client was able to communicate with the ePO.

I tried several KB Articles (KB90603, KB90182, KB87017, KB90760, KB90821, KB85808, KB66616) and also opened a SR. But the support told me to process KBA rticles KB87017 and KB90182, which i already did. So i hope, that you guys here can help me.

As described in KB90182 i stopped the ePO Server Service and regenerated the SSL Certificate.

That worked without an error.

After restarting the ePO-Server Service, i checked the "server_servername.log"-File.

There i got the following information:

20190604151419 I #07484 MOD_EPOREPO Database initialization: Starting.
20190604151419 I #07484 NAISIGN Found master install key, decoding
20190604151419 I #07484 MFEFIPS Loading: "C:\PROGRA~2\McAfee\EPOLIC~1", Role = Officer, Mode = Normal
20190604151419 I #07484 MFEFIPS Module Initialized.
20190604151419 I #07484 MFEFIPS MFEFIPS_Status() returned 1
20190604151419 I #07484 MOD_EPOREPO Database initialization: Succeeded.
20190604151419 I #07484 MOD_EPOREPO Master Repository is considered local. No impersonation will be used.
20190604151419 I #01704 NAIMSERV Initializing server...
20190604151419 I #01704 NAIMSERV McAfee ePO 5.10.0.2507
20190604151419 I #01704 NAIMSERV Server name: servername (FQDN)
20190604151419 I #01704 NAIMSERV Platform: Server 6.3
20190604151419 I #01704 NAIMSERV Processors: 2
20190604151419 I #01704 NAIMSERV Architecture: 64-bit
20190604151419 I #01704 NAIMSERV Physical memory: 8191 MB
20190604151419 I #01704 NAIMSERV Database initialization: Starting.
20190604151419 I #01704 NAIMSERV Database initialization: Succeeded.
20190604151419 I #01704 NAIMSERV Policy Manager initialization: Starting.
20190604151419 I #01704 EPODAL Succesfully initialized database access for [SQL-Servername, Port].[DB-Name]
20190604151419 I #01704 NAIMSERV Policy Manager initialization: Succeeded.
20190604151419 I #01704 NAIMSERV Server state at startup: Enabled
20190604151419 I #01704 NAIMSERV Generating temporary Apache user
20190604151419 I #01704 NAIMSERV Checking to see if the ePO server (ePO-FQDN:Port) is available. We will try 12 times.
20190604151421 I #01704 NAIMSERV The Agent Handler successfully connected to the ePO server.
20190604151421 E #01704 NAIMSERV servinit.cpp(606): The server certificate check failed. This means that there is a discrpency between the certificates stored
20190604151421 E #01704 NAIMSERV in the server keystore and the certificates that the agent machines will use. To protect the server from getting
20190604151421 E #01704 NAIMSERV into a worse state we are shutting down the Agent Handler.
20190604151421 I #01704 NAIMSERV Shutting down server...
20190604151421 I #01704 NAIMSERV Releasing File Locks...
20190604151421 I #01704 NAIMSERV Cleaning up temp directory...
20190604151421 I #01704 NAIMSERV ePolicy Orchestrator server stopped.

 

Actually i don't know how to resolve this issue. Do you have any advices?

Thank you in advance 🙂

Labels (2)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Agent-Server communication fails after Certificate Migration

Jump to solution

Please send me your case number in private message.  Do you have a mer from the epo server?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Agent-Server communication fails after Certificate Migration

Jump to solution

Please send me your case number in private message.  Do you have a mer from the epo server?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Re: Agent-Server communication fails after Certificate Migration

Jump to solution

i had a phone call and remote session with Caryn.

because there have been several issues, we decided to rollback/fallback to a backup of ePO AND Database which was some days old.

 

Actually, the ePO works fine again, but the Certificate Migration still has to be finished.

I will try this again hopefully in a few days and will give an update.

 

 

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community