cancel
Showing results for 
Search instead for 
Did you mean: 

EPO 4.0 Events are empty

We have a new McAfee ePO 4.0 server but ever since we have migrated from the old server to the new server, the new server has not picked  up any new events since the migration. This also means that the Malware Detection History graph in the Dashboard is always empty. I have checked and re-checked settings and all the agents have been re-deployed to point to new server, but no events are ever recorded. Any ideas?

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: EPO 4.0 Events are empty

Before anything else, check that the event parser service is running on the new server: then check the eventparser.log file for any errors.

HTH -

Joe

Re: EPO 4.0 Events are empty

I checked the event log in c$\Program Files\Mcafee\ePolicy Orchestrator\DB\Logs and I am getting some errors here:

20110624124020 I #3280 McUpload Successfully disabled CA trust options.

20110624124020 I #3344 McUpload Successfully disabled CA trust options.

20110624124030 E #3068 EventParser EventParser:Smiley TongueluginCache - Second-chance CoCreateInstance failed, hr=0x80040154

20110624124030 E #3068 EventParser BLL Extension not found for XML element TaskStatusEvent

20110624124030 I #3068 EventParser Notification event file C:\PROGRA~1\McAfee\EPOLIC~1\DB\Events\z000df0f1516-e4d2-4e98-860a-99b11b4211af.PKG.xml succeeded

20110624124030 I #3068 EventParser Success: Extract and process 201106241200087550000116C.xml from C:\PROGRA~1\McAfee\EPOLIC~1\DB\Events\z000df0f1516-e4d2-4e98-860a-99b11b4211af.PKG

20110624124030 I #3224 McUpload Successfully disabled CA trust options.

20110624124045 E #3080 EventParser EventParser:Smiley TongueluginCache - Second-chance CoCreateInstance failed, hr=0x80040154

20110624124045 E #3080 EventParser BLL Extension not found for XML element TaskStatusEvent

20110624124045 I #3080 EventParser Notification event file C:\PROGRA~1\McAfee\EPOLIC~1\DB\Events\z000267b17b7-3261-47ac-8a3d-6228be856c0f.PKG.xml succeeded

20110624124045 I #3080 EventParser Success: Extract and process 2011062412000942100000E60.xml from C:\PROGRA~1\McAfee\EPOLIC~1\DB\Events\z000267b17b7-3261-47ac-8a3d-6228be856c0f.PKG

20110624124045 I #3344 McUpload Successfully disabled CA trust options.

Any ideas?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: EPO 4.0 Events are empty

This bit here:

20110624124030 E #3068 EventParser BLL Extension not found for XML element TaskStatusEvent

usually means that one or more reporting extensions are missing. You say you migrated from one server to another - can you explain a bit more about how this was done?

Additionally, get hold of the latest extensions for the latest version of virusscan that you're using, and check them in - make sure you check in both the management and reporting extension. (So for example if you're running a mix of VSE 8.5 and 8.7, download the latest VSE 8.7 package and check in the extensions.)

HTH -

Joe

Re: EPO 4.0 Events are empty

In ePO 4 you have to check in the entire application as a ZIP file, just doing the ZIP files inside them does not work - it says it cannot find the pkgcatalog.z file, so doing the entire package should include all the extensions as well.

So I have managed to check in VirusScan 8.7 Patch 3 and VirusScan 8.8 packages which are the latest we are using. I will leave it a few days to see if it will pick up new events in the database.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: EPO 4.0 Events are empty

Ah - this may be where the problem  is   I'm talking about the extensions, rather than the product package.  Extensions are what let ePO control a product and handle its events, whereas the package is what gets deployed out to the client machines.

If you extract the package, you'll get the two extension zips. In ePO, if you go to configuration / extensions, you should be able to install them.  Once this is done, ePO should be able to handle events from VSE again.

HTH -

Joe