cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 1 of 10

Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Used KB71078 and KB67060 to migrate a Win2003 ePO server (4.6) to Win2008 R2.

New ePO server has new netbios name and new IP (which is why I partly used KB67060 since KB71078 does not cover changing the ePO servername.)

Everything works A-1 except for one little thing that is more of an annoyance than a problem.

Upon startup of the ePO services, I get the following errors in the SERVER.LOG:

20120416112149          I          #04992          NAISIGN           RSA BSAFE Crypto-C Micro Edition FIPS 140-2 Module 3.0.0.1

20120416112153          I          #04992          NAIMSRV           Initializing server...

20120416112153          I          #04992          NAIMSRV           Database initialization: Starting.

20120416112153          I          #04992          EPODAL            Microsoft SQL Server 2005 - 9.00.5254.00 (Intel X86)

20120416112153          I          #04992          EPODAL                      Dec 18 2010 23:05:34

20120416112153          I          #04992          EPODAL                      Copyright (c) 1988-2005 Microsoft Corporation

20120416112153          I          #04992          EPODAL                      Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

20120416112153          I          #04992          NAIMSRV           Database initialization: Succeeded.

20120416112153          I          #04992          NAIMSRV           Policy Manager initialization: Starting.

20120416112154          I          #04992          NAIMSRV           Policy Manager initialization: Succeeded.

20120416112154          I          #04992          NAIMSRV           Server state at startup: Enabled

20120416112154          I          #04992          NAIMSRV           Checking to see if the ePO server is available.  We will try 12 times.

20120416112156          E          #04992          MCUPLOAD          Failed to send http request

20120416112156          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112208          E          #04992          MCUPLOAD          Failed to send http request

20120416112208          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112220          E          #04992          MCUPLOAD          Failed to send http request

20120416112220          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112233          E          #04992          MCUPLOAD          Failed to send http request

20120416112233          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112245          E          #04992          MCUPLOAD          Failed to send http request

20120416112245          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112257          E          #04992          MCUPLOAD          Failed to send http request

20120416112257          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112310          E          #04992          MCUPLOAD          Failed to send http request

20120416112310          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112322          E          #04992          MCUPLOAD          Failed to send http request

20120416112322          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

20120416112358          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=401)

20120416112909          E          #04992          MCUPLOAD          Failed to receive http response

20120416112909          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=2)

20120416113342          I          #04992          NAIMSRV           The Agent Handler successfully connected to the ePO server.

20120416113342          I          #04992          MCUPLOAD          Successfully disabled CA trust options.

20120416113343          I          #04992          MCUPLOAD          Successfully disabled CA trust options.

20120416113343          I          #04992          NAIMSRV           Unloading server private keys

20120416113343          I          #04992          NAIMSRV           ePolicy Orchestrator server started.

20120416113343          I          #04992          mod_eporepo          Database initialization: Starting.

20120416113343          I          #04992          mod_eporepo          Database initialization: Succeeded.

As you can see, the server does not respond for the first 10-12 minutes upon startup, generating the "Failed to process the secure communication request" error.

If I try opening the console in a browser during these 10-12 minutes upon startup, I get the McAfee logo with the "please wait" twirling icon. Then after 10-12 minutes everything works fine.

I am not using any agent handlers, and I get the same errors on 3 servers I have migrated so far, 2 of these servers have a very limited amount of agents connecting to them (less than 100).

I looked through the KB articles and the community answers but still cannot find an answer to this annoyance.

Any help appreciated!

1 Solution

Accepted Solutions
McAfee Employee spamidi
McAfee Employee
Report Inappropriate Content
Message 7 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Good to know that the situation improved. I think the original problem of the 12029 errors having to do with Datachannel communication went away.

For the remaining errors, the error=2 points to proxy communication attempt -

Do you have any proxy defined in your IE connection settings?  Please check if you have the option to 'bypass proxy for local connections' option checked. If not, please check it. Also, enable debug level 8 log and see if it retuns more detail. If all else fails, we may need to capture a wireshark trace at the time of service startup to see what is going on.

9 Replies
Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Forgot to mention, These logs come from a server using SQL2005. I also get the very same behavior with another one using SQL2008R2.

McAfee Employee spamidi
McAfee Employee
Report Inappropriate Content
Message 3 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Please post these two files from the ePolicy Orchestrator\Server\Conf\Catalina\localhost folder:

dcredirect.xml

DataChannel.xml

Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 4 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Sailendra:

DataChannel.xml:

<Context docBase="E:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Extensions/installed/DataChannel/4.6.0.1029/webapp"

privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>

dcRedirect.xml:

<Context docBase="E:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Extensions/installed/DataChannel/4.5.0.753/webapp-redirect"

privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>

I'm guessing the problem I'm having has something to do with both files not pointing to the same version of the DataChannel extention?

The DataChannel extention installed on all servers with this issue is 4.6.0.1029

Thanks.

Highlighted
McAfee Employee spamidi
McAfee Employee
Report Inappropriate Content
Message 5 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

malware-alerts wrote:

I'm guessing the problem I'm having has something to do with both files not pointing to the same version of the DataChannel extention?

The DataChannel extention installed on all servers with this issue is 4.6.0.1029


Yes.

Stop the ePO services.

Edit the dcRedirect.xml to reflect the 4.6.0.1029 version like so:

dcRedirect.xml:

<Context docBase="E:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Extensions/installed/DataChannel/4.6.0.1029/webapp-redirect"

privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>

Start the ePO services and check if the messages go away.

Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 6 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Sailendra,

Made the change, I still get the same error upon startup but it doesn't take as long to be able to login to the ePO console (4 minutes compared to 10-12 before):

20120418143908          I          #05676          NAISIGN           RSA BSAFE Crypto-C Micro Edition FIPS 140-2 Module 3.0.0.1

20120418143909          I          #05676          NAIMSRV           Initializing server...

20120418143909          I          #05676          NAIMSRV           Database initialization: Starting.

20120418143910          I          #05676          EPODAL            Microsoft SQL Server 2005 - 9.00.5254.00 (Intel X86)

20120418143910          I          #05676          EPODAL                      Dec 18 2010 23:05:34

20120418143910          I          #05676          EPODAL                      Copyright (c) 1988-2005 Microsoft Corporation

20120418143910          I          #05676          EPODAL                      Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

20120418143910          I          #05676          NAIMSRV           Database initialization: Succeeded.

20120418143910          I          #05676          NAIMSRV           Policy Manager initialization: Starting.

20120418143911          I          #05676          NAIMSRV           Policy Manager initialization: Succeeded.

20120418143911          I          #05676          NAIMSRV           Server state at startup: Enabled

20120418143911          I          #05676          NAIMSRV           Checking to see if the ePO server is available.  We will try 12 times.

20120418143930          E          #05676          MCUPLOAD          Failed to process the secure communication request (error=401)

20120418144440          E          #05676          MCUPLOAD          Failed to receive http response

20120418144440          E          #05676          MCUPLOAD          Failed to process the secure communication request (error=2)

20120418144856          I          #05676          NAIMSRV           The Agent Handler successfully connected to the ePO server.

20120418144856          I          #05676          MCUPLOAD          Successfully disabled CA trust options.

20120418144856          I          #05676          MCUPLOAD          Successfully disabled CA trust options.

20120418144857          I          #05676          NAIMSRV           Unloading server private keys

20120418144857          I          #05676          NAIMSRV           ePolicy Orchestrator server started.

20120418144857          I          #05676          mod_eporepo          Database initialization: Starting.

20120418144857          I          #05676          mod_eporepo          Database initialization: Succeeded.

McAfee Employee spamidi
McAfee Employee
Report Inappropriate Content
Message 7 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Good to know that the situation improved. I think the original problem of the 12029 errors having to do with Datachannel communication went away.

For the remaining errors, the error=2 points to proxy communication attempt -

Do you have any proxy defined in your IE connection settings?  Please check if you have the option to 'bypass proxy for local connections' option checked. If not, please check it. Also, enable debug level 8 log and see if it retuns more detail. If all else fails, we may need to capture a wireshark trace at the time of service startup to see what is going on.

Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 8 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Sailendra,

Indeed the ePO servers go through a proxy in order to get to the intetrnet. This can sometimes be problematic when the servers try to synch with HTTP or FTP to McAfee servers.

At this point I'll simply get a bypass rule in place to let the ePO servers connect directly to the internet without going through the proxy, this will most probably get rid of any communication issues on startup.

Thanks for your help!

dmease729
Level 11
Report Inappropriate Content
Message 9 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

Hi,

As per https://community.mcafee.com/message/240928, I am looking to upgrade from 4.0 to 4.6 on a new server with new name and IP - would it be possible for you to provide a quick summary of the order of the steps you carried out, and which ones you specifically used from KB67060?  I assume that the relevant steps were 9,13, 16-18 and 20 from what I can see (the other steps look to be cluster specific).  Also, were these steps carried out after the DB restore in KB71078?

cheers,

Reliable Contributor greatscott
Reliable Contributor
Report Inappropriate Content
Message 10 of 10

Re: Failed to process the secure communication request (error=12029) after ePO migration

Jump to solution

we get kind of a situation like this, where upon startup, the RSD sensors are checking communicating and the server is inaccessable for about 10-15 mins. we can see this in the orion log.

Message was edited by: greatscott on 4/17/12 7:33:32 AM CDT
ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.