In thread https://community.mcafee.com/message/328004#328004 I tried to get my external agents to connect to my ePo which locates in my DMZ.
At first everything seemed to be perfect. Agents are communication and all. Internal agents are getting new policies, applying tasks, BUT today I was
told that some people are not getting new policies.
Turned out that while agents have no problems connecting to ePo, they won't get any packages from there. Agent log says that policy has been downloaded,
but no policiess are enforced. Successfully connecting to ePo server is about all that works. I have 80, 443, 8081 ports opened on server side.
It shows no errors. Connects to ePo, receives no packages, enforces default policies and closes communication.
Is there some port that is used for package deliveries ? Or what else could be wrong ?
Policies and tasks are delivered as part of a normal agent / server communication, so if the machines cn communicate with ePO, they should be receiving policies. I would check that the machines have the policy assigned that you expect them to, and that there are no policy assignment rules that could be overriding this.
Are policies for all products affected, or just a subset?
In ePo, when I view policies assigned to PC, it shows Agent policies which I have assigned to an OU.
Where on client side can I check which policies have been assigned ?
At first it seems that client gets agent policy, but not tasks assigned to OU ?
For some odd reason, it started to work. External clients are gettings tasks aswell now. Why ? Unfortunetaly no clue.Message was edited by: ramil on 4/17/14 2:13:17 PM EEST
Unfortunately at the client end you can only confirm the policy applied by observing the effects - so if you have a policy that sets a specific agent-to-server communication interval, you can apply this policy and then check in the agent monitor that it's been applied. The actual policy files themselves on the client machines are encrypted and only Support can read them. (It's one of the first things that is done when it appears that policies are not applying.)
Try making a simple change to a policy assigned to a machine, and then apply the policy and check on the client that it's applied. If it is, then at least we know that policies are being enforced correctly.