cancel
Showing results for 
Search instead for 
Did you mean: 
zarberg
Level 10
Report Inappropriate Content
Message 1 of 7

Agent not communicating

Jump to solution

This past weekend I upgraded my organization's ePO server from 4.6.4 to 5.0.1, and now I have an workstation coming up with the dredded "Agent failed to communicate with ePO Server" message and it's driving me crazy. I've already taken tons of troubleshooting steps to no avail.

Things I've done so far:

  1. Re-installed the agent
  2. Cleared out the sequence count
  3. Stopped/re-started the McAfee services on the server

Which log files do you need for me to post to tell me how silly I am because it's a simple problem? (Also, where are said log files located?)

1 Solution

Accepted Solutions
zarberg
Level 10
Report Inappropriate Content
Message 7 of 7

Re: Agent not communicating

Jump to solution

Turns out it was the number of LDAP servers we had before the upgrade. Level 2 tech remoted in, edited some SQL tables related to the LDAP servers directly and any users associated with servers that were removed and things started processing again.

6 Replies
zarberg
Level 10
Report Inappropriate Content
Message 2 of 7

Re: Agent not communicating

Jump to solution

Here's an agent log file and the server.log (plus backup because it just rolled over)

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 7

Re: Agent not communicating

Jump to solution

Are you using remote agent handlers, and which agent version are you using on this machine?

What appears to be happening is that there is a user-based policy assigned to this machine, but the LDAP server for the domain is not reachable, meaning the UBP cannot be determined. The relevant chunk of the server log is:

20131016101030    I    #08344    NAIMSERV    Calculating policies for user eschq\usgsupport

20131016101030    E    #08344    NAIMSERV    UserRuleAssignments.cpp(1365): Failed to connect to the LDAP server 2

20131016101030    E    #08344    NAIMSERV    UserRuleAssignments.cpp(1407): There was an error looking up 'belongs to' based OU data.

20131016101030    E    #08344    NAIMSERV    UserRuleAssignments.cpp(1165): Failed to get the object IDs from the policy rules.  Some of the rules appear to be invalid.

20131016101030    E    #08344    NAIMSERV    UserRuleAssignments.cpp(733): Failed to look up and cache distinguished names.

20131016101030    E    #08344    NAIMSERV    UserRuleAssignments.cpp(990): Failed to get the GUID to DN map object.  This is needed to evaluate the User Based Policy rules.

20131016101030    E    #08344    NAIMSERV    policy.cpp(988): Failed to generate policy for user eschq\usgsupport, error 0x80004005

check that the registered LDAP server for this domain (eschq) is available - from the server log it looks like this is affecting more than just this one machine.

HTH -

Joe

zarberg
Level 10
Report Inappropriate Content
Message 4 of 7

Re: Agent not communicating

Jump to solution

Been working with McAfee support the past few days, looks like a "minor" bug in 5.0.1 and my organization being ripe for having that big bite us is the problem - you were on the right path, though. It stems from multiple LDAP servers not being supported correctly in 5.0.1 and the ePO server having 3 LDAP servers before the upgrade this past weekend.

It's been escallated.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Agent not communicating

Jump to solution

Ah, OK - sounds good.

Do you have an SR number for the case? I'd like to keep an eye on it for my own information...

Thanks -

Joe

zarberg
Level 10
Report Inappropriate Content
Message 6 of 7

Re: Agent not communicating

Jump to solution

4-3985557233

zarberg
Level 10
Report Inappropriate Content
Message 7 of 7

Re: Agent not communicating

Jump to solution

Turns out it was the number of LDAP servers we had before the upgrade. Level 2 tech remoted in, edited some SQL tables related to the LDAP servers directly and any users associated with servers that were removed and things started processing again.