cancel
Showing results for 
Search instead for 
Did you mean: 

Clarification - Agent Handler in the DMZ

I was hoping to ask for clarification on something please.

I am running EPO 5.9.1 and I setup a new Agent Handler server in our DMZ. I enabled the correct firewall rules to allow me to install the Agent Handler software and successfully connect to my internal SQL server and EPO server.

I configured the new Agent Handler server correctly within the EPO console. I validated that both my primary AH server and the new DMZ AH server is referenced in the local McAfee Agent configuration on my test laptops.

With my VPN offline, I validated that my laptop can communicate to the EPO server. Policy communication is occurring and workstation information is updated in EPO.

I assumed that If I manually ran the “Update Security” option from the agent, that my laptop would connect to the Agent Handler in the DMZ and receive AMCore updates. This did not display in the McAfee Agent Status Monitor.

What did display is after a 30 second pause, my laptop reached out to McAfee’s HTTP site.

During a second test, I watched the McAfee Agent Status Monitor and noticed that communication occurred to the EPO server and policy update occurred followed by a successful update of my AMCore files.

I am trying to determine if the AMCore content came from my internal repository server via my DMZ Agent Handler or from McAfee’s HTTP site.

Is there a log file that would show if workstations that are off the network are getting AMCore updates when they communicate to the DMZ Agent Handler server?

Why would I not see this within the McAfee Agent Status Monitor when I run the “Update Security” option manually?

Thank you

Glenn

7 Replies
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Clarification - Agent Handler in the DMZ

Hello,

The log you need to verify is McScript.log file on the testing machines. You can refer to below article for setting it additionally:

https://kc.mcafee.com/corporate/index?page=content&id=KB85549

There is an option to revie it remotely:

https://kc.mcafee.com/corporate/index?page=content&id=KB83694

I think that AMcore update task is processed via Update task and that is why you do not see it in the Agent Monitor. Usually it displays repository connection for Deployment tasks.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino

Re: Clarification - Agent Handler in the DMZ

Thank you for your reply. I am working with McAfee Support since this might be a slightly bigger issue than originally expected. We are making progress, but this not yet resolved. Regards.
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Clarification - Agent Handler in the DMZ

Great, let us know once they help you resolve it or if you have additional questions.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Clarification - Agent Handler in the DMZ

The mcscript log will show you what repository it tried first and why it may have failed to get updates from it and went to the McAfee site instead.  That is located in c:\programdata\mcafee\agent\logs.

Check also the server log on the agent handler in the dmz.  Agent communication may be fine, but there are certain ports that need to be open for the agent handler to be able to pull content from the epo master repository so it can deliver it to the clients.  Check kb66797 for all the ports required.  The server log would show any failures getting the content or delivering content to clients.  You can also validate by looking at the db\repocache folder contents on the agent handler where it is installed to see if it is getting populated or not. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: Clarification - Agent Handler in the DMZ

Thanks for the additional information.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 7 of 8

Re: Clarification - Agent Handler in the DMZ

If you have the Agent icon in the system tray; right click > about > confirm ePO/AH IP/Published IP are correct. Review Handler Assignment Rules > confirming order: ePO and then AH. Then for giggles review McAfee Agent > Repository > select; by ping or subnet ... I use the dashboard widget for Repositories and Percentage Utilization within X Hours; helps in troubleshooting access / polices. 

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

Re: Clarification - Agent Handler in the DMZ

Thanks for the additional information.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community