cancel
Showing results for 
Search instead for 
Did you mean: 
JoseRR
Level 9
Report Inappropriate Content
Message 1 of 12

Failed to connect to the Software Catalog server

Jump to solution

Download Software Product List (Failed to download the products list due to ("Failed to connect to the Software Catalog server.")

It was working fine, just stopped downloading the Product list

Proxy is present:

  • Proxy user checked, is not locked
  • epo.mcafee.com and s-download.mcafee.com added to proxy (WebSense)

From EpoApSvr.log

 

20190610125525 X #00752 DOWNLOAD_JNI DownloadManager.cpp(99): Loading Proxy information.
20190610125525 X #00752 EPODAL ePOData_Connection.cpp(671): Logging in using eposa user
20190610125525 X #00752 DOWNLOAD_JNI DownloadManager.cpp(822): Initialized the work queue with 4 threads.
20190610125525 X #00752 DOWNLOAD_JNI include\naWQ.cpp(372): Added work queue item 413120, cookie=2a5c9560, Param1=98fa32a0, Param2=0, QueueLength=1
20190610125525 X #07284 DOWNLOAD_JNI include\naWQ.cpp(421): Queue 000000002B49DE20 Get work queue item 413120, cookie=2a5c9560, Param1=98fa32a0, Param2=0, QueueLength=0
20190610125525 X #07284 DOWNLOAD_JNI include\naWQ.cpp(498): Queue 000000002B49DE20 Calling WQItem callback function...
20190610125525 I #07284 DOWNLOAD_JNI Downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.
20190610125525 I #07284 MCUPLOAD Connecting to server epo.mcafee.com through proxy server 10.20.2.204:8080.
20190610125626 E #07284 MCUPLOAD SecureHttp.cpp(1487): Unexpected HTTP status 504
20190610125626 I #07284 DOWNLOAD_JNI Finished downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp (0 bytes).
20190610125626 X #07284 DOWNLOAD_JNI DownloadManager.cpp(698): Failed downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.

ePO was upgraded from 5.3.3. to 5.9.1 and KB87017 (Migration from SHA-1 to SHA-2 certificates is required after upgrading to ePolicy Orchestrator 5.9) was not followed.

Could this be the culprit?

 

 

 

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 11 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

I would need to see the whole wireshark capture, but here is something to look at.  In the screenshot, the source responding is a cisco device, which is most likely your firewall or proxy.  You don't know the other side of it, where the proxy or firewall is connecting to epo.mcafee.com.  It may be passing its own certificate, etc.  There is more to it than just what you showed.  They need to check the proxy/firewall logs to ensure that even though traffic may be allowed, there is no ssl inspection that might be blocking the certificate exchange.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

11 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

20190610125525 I #07284 DOWNLOAD_JNI Downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.
20190610125525 I #07284 MCUPLOAD Connecting to server epo.mcafee.com through proxy server 10.20.2.204:8080.
20190610125626 E #07284 MCUPLOAD SecureHttp.cpp(1487): Unexpected HTTP status 504
20190610125626 I #07284 DOWNLOAD_JNI Finished downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp (0 bytes).
20190610125626 X #07284 DOWNLOAD_JNI DownloadManager.cpp(698): Failed downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.

 

Status 504 is a gateway timeout.  It is not getting through the proxy.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
JoseRR
Level 9
Report Inappropriate Content
Message 3 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

Thanks cdinet

It is a timeout error, yes but what else is needed to allow it through apart from the exclusions to *.mcafee.com.

Is there some kind of certificate handshake between ePO and the proxy?

Form your experience, do you think not doing  Migration from SHA-1 to SHA-2 certificates after ePO upgrade could be involved?

From the Certificate Manager under root certificate, I can read: "Regenerates the root certificate and product certificates signed by the root certificate...

It is doing it now but will take days, there are 3000 machines not all of them online every day.

Thanks

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

The sha migration has nothing to do with epo going out to the mcafee sites - that is only for agent-server communication. 

You might want to look at your proxy settings in epo server settings - is this account a Windows account that has rights to authenticate through the proxy?

"logging in using eposa user"

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 5 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

Thanks cdinet for confirming about the sha

eposa is a SQL user and the user configured on the porxy settings is just a WIndows account.

Why would it be trying to use a SQL user to establish proxy authentication?

http://epo.mcafee.com/productcompatibilitylist.xml opens fine from ePO server, exclusions are added to the proxy. Wha am I missing?

 

 

 

 

 

JoseRR
Level 9
Report Inappropriate Content
Message 6 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

Thanks cdinet for confirming about the sha

eposa is a SQL user and the user configured on the porxy settings is just a WIndows account.

Why would it be trying to use a SQL user to establish proxy authentication?

epo.mcafee.com/productcompatibilitylist.xml opens fine from ePO server, exclusions are added to the proxy. Wha am I missing?

 

 

 

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

I would go to server settings and validate that the proxy settings are set up correctly, including user account.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 8 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

HI, I'm still having this problem at this customer. I ran a WIreshark and I can see that the communication through the proxy is fine.

After running the server task, response from epo.mcafee.com reaches ePO server, through proxy, it exchanges the certificates, ( Server hello done message), it returns a 407 Proxy Authorization required and after that it establishes the connection. to URI:epo.mcafee.com:443

Proxy Ip: x.x.2.204 - Source
ePO IP: x.x.2.9 - Destination

Any ideas what else could be making the server task to fail please?

WireShark.PNG

 

 

 

 

 

 

 

 

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

407 Proxy Authorization required - you need to use a Windows account that will authenticate through the proxy. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 10 of 12

Re: Failed to connect to the Software Catalog server

Jump to solution

Thanks for your reply cdinet.

Right after the 407 proxy Proxy Authorization required , the connection is established. Doesn't that mean that the authentication was succesful?

 

 

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community