cancel
Showing results for 
Search instead for 
Did you mean: 
JoseRR
Level 9
Report Inappropriate Content
Message 1 of 12

Failed to connect to the Software Catalog server

Download Software Product List (Failed to download the products list due to ("Failed to connect to the Software Catalog server.")

It was working fine, just stopped downloading the Product list

Proxy is present:

  • Proxy user checked, is not locked
  • epo.mcafee.com and s-download.mcafee.com added to proxy (WebSense)

From EpoApSvr.log

 

20190610125525 X #00752 DOWNLOAD_JNI DownloadManager.cpp(99): Loading Proxy information.
20190610125525 X #00752 EPODAL ePOData_Connection.cpp(671): Logging in using eposa user
20190610125525 X #00752 DOWNLOAD_JNI DownloadManager.cpp(822): Initialized the work queue with 4 threads.
20190610125525 X #00752 DOWNLOAD_JNI include\naWQ.cpp(372): Added work queue item 413120, cookie=2a5c9560, Param1=98fa32a0, Param2=0, QueueLength=1
20190610125525 X #07284 DOWNLOAD_JNI include\naWQ.cpp(421): Queue 000000002B49DE20 Get work queue item 413120, cookie=2a5c9560, Param1=98fa32a0, Param2=0, QueueLength=0
20190610125525 X #07284 DOWNLOAD_JNI include\naWQ.cpp(498): Queue 000000002B49DE20 Calling WQItem callback function...
20190610125525 I #07284 DOWNLOAD_JNI Downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.
20190610125525 I #07284 MCUPLOAD Connecting to server epo.mcafee.com through proxy server 10.20.2.204:8080.
20190610125626 E #07284 MCUPLOAD SecureHttp.cpp(1487): Unexpected HTTP status 504
20190610125626 I #07284 DOWNLOAD_JNI Finished downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp (0 bytes).
20190610125626 X #07284 DOWNLOAD_JNI DownloadManager.cpp(698): Failed downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.

ePO was upgraded from 5.3.3. to 5.9.1 and KB87017 (Migration from SHA-1 to SHA-2 certificates is required after upgrading to ePolicy Orchestrator 5.9) was not followed.

Could this be the culprit?

 

 

 

11 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Failed to connect to the Software Catalog server

20190610125525 I #07284 DOWNLOAD_JNI Downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.
20190610125525 I #07284 MCUPLOAD Connecting to server epo.mcafee.com through proxy server 10.20.2.204:8080.
20190610125626 E #07284 MCUPLOAD SecureHttp.cpp(1487): Unexpected HTTP status 504
20190610125626 I #07284 DOWNLOAD_JNI Finished downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp (0 bytes).
20190610125626 X #07284 DOWNLOAD_JNI DownloadManager.cpp(698): Failed downloading file: V:\PROGRA~1\McAfee\EPOLIC~1\DB\ProductCompatibilityList.xml.tmp.

 

Status 504 is a gateway timeout.  It is not getting through the proxy.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 3 of 12

Re: Failed to connect to the Software Catalog server

Thanks cdinet

It is a timeout error, yes but what else is needed to allow it through apart from the exclusions to *.mcafee.com.

Is there some kind of certificate handshake between ePO and the proxy?

Form your experience, do you think not doing  Migration from SHA-1 to SHA-2 certificates after ePO upgrade could be involved?

From the Certificate Manager under root certificate, I can read: "Regenerates the root certificate and product certificates signed by the root certificate...

It is doing it now but will take days, there are 3000 machines not all of them online every day.

Thanks

 

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Failed to connect to the Software Catalog server

The sha migration has nothing to do with epo going out to the mcafee sites - that is only for agent-server communication. 

You might want to look at your proxy settings in epo server settings - is this account a Windows account that has rights to authenticate through the proxy?

"logging in using eposa user"

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 5 of 12

Re: Failed to connect to the Software Catalog server

Thanks cdinet for confirming about the sha

eposa is a SQL user and the user configured on the porxy settings is just a WIndows account.

Why would it be trying to use a SQL user to establish proxy authentication?

http://epo.mcafee.com/productcompatibilitylist.xml opens fine from ePO server, exclusions are added to the proxy. Wha am I missing?

 

 

 

 

 

JoseRR
Level 9
Report Inappropriate Content
Message 6 of 12

Re: Failed to connect to the Software Catalog server

Thanks cdinet for confirming about the sha

eposa is a SQL user and the user configured on the porxy settings is just a WIndows account.

Why would it be trying to use a SQL user to establish proxy authentication?

epo.mcafee.com/productcompatibilitylist.xml opens fine from ePO server, exclusions are added to the proxy. Wha am I missing?

 

 

 

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Failed to connect to the Software Catalog server

I would go to server settings and validate that the proxy settings are set up correctly, including user account.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 8 of 12

Re: Failed to connect to the Software Catalog server

HI, I'm still having this problem at this customer. I ran a WIreshark and I can see that the communication through the proxy is fine.

After running the server task, response from epo.mcafee.com reaches ePO server, through proxy, it exchanges the certificates, ( Server hello done message), it returns a 407 Proxy Authorization required and after that it establishes the connection. to URI:epo.mcafee.com:443

Proxy Ip: x.x.2.204 - Source
ePO IP: x.x.2.9 - Destination

Any ideas what else could be making the server task to fail please?

WireShark.PNG

 

 

 

 

 

 

 

 

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Failed to connect to the Software Catalog server

407 Proxy Authorization required - you need to use a Windows account that will authenticate through the proxy. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JoseRR
Level 9
Report Inappropriate Content
Message 10 of 12

Re: Failed to connect to the Software Catalog server

Thanks for your reply cdinet.

Right after the 407 proxy Proxy Authorization required , the connection is established. Doesn't that mean that the authentication was succesful?

 

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator