cancel
Showing results for 
Search instead for 
Did you mean: 

RE: Event Reporting issue

Nope running on a physical machine.

Fingers crossed McAfee fix this one.

RE: Event Reporting issue

I did some more research on this.

I found this thread http://forums.mcafeehelp.com/showthread.php?p=512946

I have changed the event parser server to use a service account instead of "Local System". I will see what happens and let you know.

RE: Event Reporting issue

Any News if this worked ??

RE: Event Reporting issue

Sorry I have been busy at work and to be flat honest forgot to post. I made the changed the account to use a service account, and the reporting is working. Now I do want to mention that our SQL is on a cluster, it shouldn't matter, but I want to throw that out there.


Again I am sorry for the delay.

RE: Event Reporting issue

dgorden

Thanks for that i think we can mark this as a solution.
d0x
Level 7
Report Inappropriate Content
Message 26 of 28

Hmm

So the solution is:

making the McAfee ePolicy Orchestrator 4.0.0 Event Parser service run under the same (domain) user account that ePO also uses to connect to the database.

Really thought it was the NOC fault. Thought they had firewalled some port they shouldn't. Reading through the client logs I see that they can connect to the server in port 80 and the start gathering the events. Then I get the message that they send the events to the server and it says the server did not reply. And they terminate the connection.

But now I noticed that the events have stopped since the day I applied the patch 4.0.2...

"It appears that the Event Parser service doesn't have the right permissions to connect to the remote database, when running in the Local System Account."

Does seem like a pretty big thing to go unnoticed in quality control. :mad:

Still I don't see what they changed that caused this. Now they need added privileges or was it something in the installer?

RE: Hmm

If we want ePO to use sql authentication, then this fix is still fine right(use service account in the eventp****r)? I mean I do not see the connection on why the NT account for eventp****r service and ePO DB connection has to be the same.



Highlighted

ePO 4.0 Known Issues - Other

ePO 4.0 Known Issues - Other
https://kc.mcafee.com/corporate/index?page=content&id=KB51321

- During normal operations you may receive an Apache error (ID 3299) noting the disabled use of AcceptEx. This is not an actual error, and should be regarded as informational.
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community