cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Drive Encryption inactive for newly imaged systems

When new systems are imaged we are not able to sync to establish full drive encryption. -We have communication to the endpoints that are not encrypting, no issue there -Managed State is showing Managed -Drive Encryption is showing inactive -These are reimaged systems and has been in ePO previously -Have not had a chance to test on a new fresh image with new hostname A password was recently changed, and we had to roll the password change back due to failures in authentication, and this encryption issue is new since this password issue. Do the agent handler servers need to be rebooted after the password change to the database account for the local registered server? Please advise if there is anything else that can connect this issue so that we can resolve. Thank you.
3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Drive Encryption inactive for newly imaged systems

Check the server logs on the agent handlers.  If passwords change, you have to reset them per kb75333, even if you change it back, as the hash stored in database for it may change.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Drive Encryption inactive for newly imaged systems

I am not finding any of the following error from the KB in the server.log file on any of my agent handlers;

Problem

After you change the credentials used to access the ePO database, the credentials fail to update on the remote ePO Agent Handler.

The Server.log file on the remote Agent Handler displays the following:

  E #3936 COM Error :80040e4d in DAL2_CConnection::GetConnection
E #3936 Meaning = IDispatch error #3149
E #3936& Source = Microsoft OLE DB Provider for SQL Server
E #3936& Description = Login failed for user '<username>'.
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Drive Encryption inactive for newly imaged systems

Encryption process requires the client to send an event to epo, epo to process it, then use ldap for user lookups.  That agent to server communication is done via datachannel communications, which is slightly different than asci process.  Do the server logs show any datachannel communication failures?  There are several reasons for failures on that respect, and with encryption, always make sure under server settings, user policies, that database mirroring is enabled.  That is not sql database mirroring, but caches the ldap user info in database so epo and agent handlers don't have to query ldap for every single system on asci.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community