cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Agent 5.0.2 Not Communicating

Just rebuilt the ePO server due to lost SQL DB. ePO 5.3.1 on server 2012 R2. We have a remote location that is not making contact with the ePO server. From this remote location, i can reach http://DNS address:81 and https://DS name:7443 (i get a you do not have permission to access /). This agent cannot send events or collect props. The agent does have the correct DNS name and ip address. Outbound traffic is allowed through the firewall. Other remote McAfee agents ARE contacting the ePO server (some 4.8 and some 5.0.x). How do i go about finding more detailed logs on where it is failing? On the client, c:\programdata\mcafee\agent\agentevents\upload xml files have the correct info in them. My packet monitor on our firewall shows 7443 traffic from that ip making it to the ePO server, nothing dropped. Windows firewall on the ePO server is off.


So i just looked at the agent version on those that are contacting the ePO and they are ALL 4.8.0.1500. No 5.0.2 agents are contacting the ePO server. How do i check the 5.0.2 agent on the server to see if something is missing or incorrect?


I installed the 5.0.2 agent on a laptop that is on the same domain as the ePO server. This agent will NOT process the VSE deployment task and will not send events to the ePO server

System Information 

Computer Name: TEK-LAP

  

McAfee Agent 

Version number: 5.0.2.132

Status: Managed

SuperAgent: Peer to Peer

Last security update check: Unknown

Last agent-to-server communication: Unknown

Agent to Server Communication Interval (every): 1 hour

Policy Enforcement Interval (every): 1 hour

Agent ID: {ab971fcc-58f5-4840-aaa0-7c19beef40ff}

ePO Server/Agent Handler 

DNS Name: av.domain.tld

IP Address: 69.110.174.178

Port Number: 7443


Could this be a master key issue? My master key shows the old server that we migrated from:

Capture.PNG

Should it show the current server, eposrv?

2 Replies

Re: McAfee Agent 5.0.2 Not Communicating

Found this is the masvc log:

Agent communication session started

2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Agent is connecting to ePO server

2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Initiating spipe connection to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759-4321-A44E-D1A4288223D2.

2015-10-30 18:02:00.850 masvc(2420.5924) ahclient.Info: connection initiated  to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759-4321-A44E-D1A4288223D2.

2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.

2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Agent handler reports server busy. response code 503.

Found this on the server side apache log:

2015-10-30 02:16:11,545 INFO  [scheduler-TaskQueueEngine-thread-2] command.SnapshotServerCmd  - Successfully saved server snapshot to the database

2015-10-30 02:16:43,922 ERROR [scheduler-TaskQueueEngine-thread-3] services.DownloadService  - SQL Exception trying to update products strings.

java.sql.SQLException: Violation of PRIMARY KEY constraint 'PK_EPOSoftwareCatalogStrings'. Cannot insert duplicate key in object 'dbo.EPOSoftwareCatalogStrings'. The duplicate key value is (1, label, 1033).

  at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:373)

  at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2985)

  at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2418)

  at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(TdsCore.java:668)

  at net.sourceforge.jtds.jdbc.JtdsStatement.processResults(JtdsStatement.java:614)

  at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL(JtdsStatement.java:573)

  at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.execute(JtdsPreparedStatement.java:787)

  at sun.reflect.GeneratedMethodAccessor654.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:497)

  at com.mcafee.orion.core.db.sqlserver.JtdsStatementRetryInvocationHandler.invoke(JtdsStatementRetryInvocationHandler.java:87)

  at com.sun.proxy.$Proxy21.execute(Unknown Source)

  at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)

  at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)

  at com.mcafee.epo.softwaremanager.dao.ProductStringsDAO.update(ProductStringsDAO.java:81)

  at com.mcafee.epo.softwaremanager.services.DownloadService.validateAndStoreProductStrings(DownloadService.java:1507)

  at com.mcafee.epo.softwaremanager.services.DownloadService.DownloadProductStrings(DownloadService.java:1338)

  at com.mcafee.epo.softwaremanager.command.DownloadSoftwareCatalogCmd.invoke(DownloadSoftwareCatalogCmd.java:140)

  at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1312)

  at com.mcafee.orion.core.cmd.CommandInvoker.invokeCommand(CommandInvoker.java:1037)

  at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1006)

  at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:983)

  at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:437)

  at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:474)

  at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:383)

  at com.mcafee.orion.scheduler.chainable.Chain.invoke(Chain.java:64)

  at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1312)

  at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runTask(ScheduledTaskManagerImpl.java:1556)

  at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runValidatedTaskInvocation(ScheduledTaskManagerImpl.java:1527)

  at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runValidatedTaskInvocation(ScheduledTaskManagerImpl.java:1481)

  at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.execute(ScheduledTaskManagerImpl.java:1292)

  at com.mcafee.orion.task.queue.TaskQueueEngine.runTask(TaskQueueEngine.java:913)

  at com.mcafee.orion.task.queue.TaskQueueEngine.runTask(TaskQueueEngine.java:895)

  at com.mcafee.orion.task.queue.TaskQueueEngine.access$1000(TaskQueueEngine.java:50)

  at com.mcafee.orion.task.queue.TaskQueueEngine$3.run(TaskQueueEngine.java:864)

  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

  at java.util.concurrent.FutureTask.run(FutureTask.java:266)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

  at java.lang.Thread.run(Thread.java:745)

rgc
Level 11
Report Inappropriate Content
Message 3 of 3

Re: McAfee Agent 5.0.2 Not Communicating

Hi Carnold,

As per your inputs, I understand the EPO is configured with Public IP or you have RAH configured with public Ip: 69.110.174.178

As per the Agent logs: It is trying with DNS name as "IP"

2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Agent is connecting to ePO server

2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Initiating spipe connection to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759 -4321-A44E-D1A4288223D2.

2015-10-30 18:02:00.850 masvc(2420.5924) ahclient.Info: connection initiated  to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759 -4321-A44E-D1A4288223D2.

2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.

2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Agent handler reports server busy. response code 503.

Additionally: Error 503 is DNS errors, looks like host name resolution is failing.

Hence, I suggest to remove host name for the public IP configured and try to redeploy the agent and see the logs, is trying to reach IP: 69.110.174.178


Even after the issue persist, share the logs to see more detailed info

Hope this helps,

Regards,

RGC