cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Hello.

I have upgraded the ePO server to 5.3.3.

I can't upgrade the Agent Handler to 5.3.2. I managed to upgrade it from 5.3.0 to 5.3.1 to 5.3.2 as I did with the ePO server.

I get the message: Setup was unable to connect to the specified server.

Help me please.

Best Regards

Peter

 

1 Solution

Accepted Solutions
Highlighted

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Reorder the ciphers to have the following at the top:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256

There are several ways to accomplish this task; the quickest and easiest involves using the third-party tool IISCrypto. You can download this tool from www.nartac.com/Products/IISCrypto and execute it without installation on the impacted Handler(s). 

View solution in original post

10 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Is that agent handler in any dmz or firewalled environment?  Refer to KB66797 for required ports.  It appears the agent handler is not able to reach the epo server on all the required ports.  It needs 8443, 8444, 80 and 443 open as a minimum to the epo server and sql port to sql server.  It is either the epo or sql server that it is failing to connect to.  The logs would show better which server it is referring to.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Ok. Which logs should I look at? And where are they?

I'm puzzled because the upgrade to 5.3.2 worked and yes the Agent is in a DMZ.

Best Regards

Peter

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

%temp%\mcafeelogs directory should contain the agent handler logs.  Sometimes firewall rules can get changed without notification to system admins that require specific rules.  You can try to telnet to the epo and sql servers on the required ports to see if the agent handler can get through.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Well. I moved the Agent Handler VM to the same subnet as the ePO server and gave the Agent Handler VM an IP address in that subnets scope and got the same error.

The log AH530-ahsetupdll_EPO-AGENT.log shows at the end of it:

 20180509135526 I #05528 AHSETUP Determine if 'admin' is an ePO Admin
20180509135526 E #05528 MCUPLOAD SecureHttp.cpp(697): Failed to send HTTP request to server epo-01.au.local for command name epo.command.isAdmin on port 8444. (error=12029)
20180509135526 E #05528 MCUPLOAD SecureHttp.cpp(886): Failed to process the secure communication request (error=12029)
20180509135526 E #05528 AHSETUP ahsetup.cpp(257): Received an error from the ePO server. Error=12029

Any Idea?

Best regards

Peter

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

can you telnet to port 8444 from ah to epo?  Rather than posting sensitive info here, email me the orion logs from the epo server and the agent handler install logs.  Zip them up please.

caryn_dinet@mcafee.com

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 11

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

for some reason I can't pull that up.  What does it say?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Reorder the ciphers to have the following at the top:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256

There are several ways to accomplish this task; the quickest and easiest involves using the third-party tool IISCrypto. You can download this tool from www.nartac.com/Products/IISCrypto and execute it without installation on the impacted Handler(s). 

View solution in original post

Re: Cannot upgrade Agent Handler from 5.3.2 to 5.3.3

Jump to solution

Bingo!

Bonga Bonga Party!

Just follow the instructions in https://kc.mcafee.com/corporate/index?page=content&id=KB89858

and apply the order or those cipher suites on the Agent Handler.

Best Regards

Peter

 

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community