cancel
Showing results for 
Search instead for 
Did you mean: 
deko
Level 8
Report Inappropriate Content
Message 1 of 15

McAfee Agent 5.5.1 communication to epo problems

Jump to solution

I have a problem with my ePO 5.10 and Agent 5.5.1

In the masvc_[Client].log I see this errors:

2019-02-13 10:04:07.683 masvc(8760.9352) ahclient.Info: Scheduling spipe connection with "immediate" priority.
2019-02-13 10:04:07.683 masvc(8760.9352) DataChannel.Manager.Info: A { MsgUpload } spipe alert has been raised successfully in ah_client.
2019-02-13 10:04:07.683 masvc(8760.9352) ahclient.Info: Start processing spipe connection request.
2019-02-13 10:04:07.692 masvc(8760.9352) DataChannel.Manager.Info: DataChannel Service decorating SPIPE package for : { MsgUpload }
2019-02-13 10:04:07.693 masvc(8760.9352) DataChannel.Manager.Info: Nächster Stapel von 3 Datenkanalelementen wird gesendet
2019-02-13 10:04:07.700 masvc(8760.9352) ahclient.Info: Agenten-Kommunikationssitzung gestartet
2019-02-13 10:04:07.704 masvc(8760.9352) ahclient.Info: Der Agent stellt eine Verbindung zum ePO-Server her.
2019-02-13 10:04:07.709 masvc(8760.9352) ahclient.Info: Initiating spipe connection to site https://0.0.0.3 :443/spipe/pkg?AgentGuid={3c72a38e-d775-4322-be55-f30481038fcb}&Source=Agent_3.0.0&TenantId=68C6BC73-C03A-4522-8D6A-4EC23A3CEFF2.
2019-02-13 10:04:07.720 masvc(8760.9352) ahclient.Info: connection initiated to site https://0.0.0.3 :443/spipe/pkg?AgentGuid={3c72a38e-d775-4322-be55-f30481038fcb}&Source=Agent_3.0.0&TenantId=68C6BC73-C03A-4522-8D6A-4EC23A3CEFF2.
2019-02-13 10:04:07.761 masvc(8760.9352) crypto.Info: Negotiated Cipher : EDH-RSA-AES256-SHA256
2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.
2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Agent handler reports server busy. response code 503.
2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Spipe connection response received, network return code = 1008, response code 503.
2019-02-13 10:04:07.791 masvc(8760.9352) DataChannel.Manager.Error: Failed to upload DataChannel items - Network<1008>, HTTP Response<503>
2019-02-13 10:04:07.791 masvc(8760.9352) DataChannel.Manager.Error: Fehler beim Hochladen des Pakets auf den ePO-Server.
2019-02-13 10:04:07.798 masvc(8760.9352) ahclient.Info: Agenten-Kommunikationssitzung geschlossen

 

On ePO there are the following errors:

20190213094114 I #00604 NAIMSERV Received [MsgUpload] from CLIENT:{3C72A38E-D775-4322-BE55-F30481038FCB}
20190213094114 E #00604 MCUPLOAD SecureHttp.cpp(984): Failed to send HTTP request. Error=12186 (12186)
20190213094114 E #00604 NAIMSERV server.cpp(558): Failed to send request, err=0x80004005, HTTP status code=0
20190213094114 E #00604 NAIMSERV server.cpp(923): Error sending data channel message to application server
20190213094114 E #00604 MCUPLOAD SecureHttp.cpp(984): Failed to send HTTP request. Error=12186 (12186)
20190213094114 E #00604 NAIMSERV server.cpp(558): Failed to send request, err=0x80004005, HTTP status code=0
20190213094114 E #00604 NAIMSERV server.cpp(923): Error sending data channel message to application server
20190213094114 E #00604 MCUPLOAD SecureHttp.cpp(984): Failed to send HTTP request. Error=12186 (12186)
20190213094114 E #00604 NAIMSERV server.cpp(558): Failed to send request, err=0x80004005, HTTP status code=0
20190213094114 E #00604 NAIMSERV server.cpp(923): Error sending data channel message to application server

 

Can somone help me?

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 11 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

Datachannel communication is failing on the server side.  When did this issue start and what changed?  See KB's 89858, 90016, 90182, and 78425.  You don't have the same exact error code, but that doesn't matter necessarily, it is still a datachannel failure that needs to be resolved.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

14 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

Please look at #: 

https://kc.mcafee.com/corporate/index?page=content&id=KB89858

 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
deko
Level 8
Report Inappropriate Content
Message 3 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

It doesen't works.

Highlighted
deko
Level 8
Report Inappropriate Content
Message 4 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

If I telnet port 8082 it does not work

Port 8081, 80 and 443 works

JoseRR
Level 9
Report Inappropriate Content
Message 5 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

The issue seems to be in the server side: (Agent handler reports busy)

2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.
2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Agent handler reports server busy. response code 503.

Source: https://kc.mcafee.com/corporate/index?page=content&id=KB90603&actp=null&viewlocale=en_US&showDraft=f...

Solution

Issues and Solutions - MA fails to connect to the AH with HTTP 503, server is busy.

HTTP 503 is an especially interesting error condition, as it indicates a server-side problem. The Agents connection is reaching the handler (or, sometimes, another device along the network path) and being rejected.

The McAfee Agent reports this server-side refusal on the client as an HTTP 503, or “server is busy” scenario. An actual 'server is busy' or 'max connections' state is not the only potential source of these messages:

Symptom  - masvc_MAClient.log shows the error:
 
masvc(4392.624) ahclient.Info: Network library rc = <1008>, Agent Handler reports response code <503>.
masvc(4392.624) ahclient.Info: Agent Handler reports server busy. Response code 503.
 
 
It can also be a host name with more than 128 characters,altough unlikely
Failed to send events to ePO server (McAfee Agent installs, but fails to connect to the ePolicy Orchestrator server)
 
 
On the other hand, is this a virtual machine?
 
Communication May Be Rejected by ePO Server because of Sequence Number Conflict
for Re-provisioned VM
If the Synchronizer administrator re-provisions a user VM with a backup, communication to the ePO
server may fail when a McAfee agent contacts the server because of a lower sequence number than the
one expected by the ePO server.
This scenario occurs when:
1. A backup is taken from the client computer, storing the last sequence number used to
communicate with the ePO server, for example sequence number 10.
2. After the backup, the client continues to run and contact the ePO server before the VM is
stopped and re-provisioned. During this period of execution, the sequence number continues to
increase and by the time the VM was stopped, it may have increased to, say, sequence number
15.
3. The virtual machine is re-provisioned, and restored from the last backup, which contained an
outdated sequence number. In our example, the VM would continue to use sequence number
10.
In the preceding scenario, the ePO server expects a sequence number 16, and the client sends a
sequence number 11. As a result, the ePO server rejects the client communication request because of
an in valid, or duplicate, sequence number.
Note: For additional information, refer to the McAfee Knowledge Center.
To resolve this issue, disable sequence error checking on the ePO server:
1. Locate the file “C:\Program Files(x86)\McAfee\ePolicy Orchestrator\DB\server.ini”.
2. Edit the file by adding “ConnectionsRequireValidSequenceNumber=0” under the [Server]
section.
3. Re-start the” McAfee ePolicy Orchestrator 5.x.x Application Server” service.
Conducting these steps allows re-provisioned clients to communicate with the ePO server.
deko
Level 8
Report Inappropriate Content
Message 6 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

@JoseRR wrote:

The issue seems to be in the server side: (Agent handler reports busy)

2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.
2019-02-13 10:04:07.790 masvc(8760.9352) ahclient.Info: Agent handler reports server busy. response code 503.

Source: https://kc.mcafee.com/corporate/index?page=content&id=KB90603&actp=null&viewlocale=en_US&showDraft=f...

Solution

Issues and Solutions - MA fails to connect to the AH with HTTP 503, server is busy.

HTTP 503 is an especially interesting error condition, as it indicates a server-side problem. The Agents connection is reaching the handler (or, sometimes, another device along the network path) and being rejected.

The McAfee Agent reports this server-side refusal on the client as an HTTP 503, or “server is busy” scenario. An actual 'server is busy' or 'max connections' state is not the only potential source of these messages:

Symptom  - masvc_MAClient.log shows the error:
 
masvc(4392.624) ahclient.Info: Network library rc = <1008>, Agent Handler reports response code <503>.
masvc(4392.624) ahclient.Info: Agent Handler reports server busy. Response code 503.
 
 
It can also be a host name with more than 128 characters,altough unlikely
Failed to send events to ePO server (McAfee Agent installs, but fails to connect to the ePolicy Orchestrator server)
 
 
On the other hand, is this a virtual machine?
 
Communication May Be Rejected by ePO Server because of Sequence Number Conflict
for Re-provisioned VM
If the Synchronizer administrator re-provisions a user VM with a backup, communication to the ePO
server may fail when a McAfee agent contacts the server because of a lower sequence number than the
one expected by the ePO server.
This scenario occurs when:
1. A backup is taken from the client computer, storing the last sequence number used to
communicate with the ePO server, for example sequence number 10.
2. After the backup, the client continues to run and contact the ePO server before the VM is
stopped and re-provisioned. During this period of execution, the sequence number continues to
increase and by the time the VM was stopped, it may have increased to, say, sequence number
15.
3. The virtual machine is re-provisioned, and restored from the last backup, which contained an
outdated sequence number. In our example, the VM would continue to use sequence number
10.
In the preceding scenario, the ePO server expects a sequence number 16, and the client sends a
sequence number 11. As a result, the ePO server rejects the client communication request because of
an in valid, or duplicate, sequence number.
Note: For additional information, refer to the McAfee Knowledge Center.
To resolve this issue, disable sequence error checking on the ePO server:
1. Locate the file “C:\Program Files(x86)\McAfee\ePolicy Orchestrator\DB\server.ini”.
2. Edit the file by adding “ConnectionsRequireValidSequenceNumber=0” under the [Server]
section.
3. Re-start the” McAfee ePolicy Orchestrator 5.x.x Application Server” service.
Conducting these steps allows re-provisioned clients to communicate with the ePO server.

Yes, its a virtual machine. Two weeks ago my colleague make a sysprep on the machine. I added the “ConnectionsRequireValidSequenceNumber=0”, but the problem remains. The length of the PC descritpion or name is not the problem.

wouterr
Level 11
Report Inappropriate Content
Message 7 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

We have simmilar issue on our agenthandlers.

For us root cause is an issue on the host-firewall of these servers (ENS10.6.0 Firewall or the HIPS 8.0 P11 firewall). which at some point in time causes the server to start rejecting inbound connections untill the server is rebooted.

This issue is within syscore version 15.8 and is confirmed fixed in syscore 18.10 (=ENS10.6.1 or next patch of HIPS)

 

deko
Level 8
Report Inappropriate Content
Message 8 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

@wouterr wrote:

We have simmilar issue on our agenthandlers.

For us root cause is an issue on the host-firewall of these servers (ENS10.6.0 Firewall or the HIPS 8.0 P11 firewall). which at some point in time causes the server to start rejecting inbound connections untill the server is rebooted.

This issue is within syscore version 15.8 and is confirmed fixed in syscore 18.10 (=ENS10.6.1 or next patch of HIPS)

 


Okay, we have no ENS Firewall or HIPS.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

We would need to see server logs for same time frame that the agent tries to connect, with the corresponding agent logs.  I would not post them here, as they will contain sensitive information about systems that you should not make public. 

Check the server log for the communication attempt - what errors do you get?  Invalid sequence error or other?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

deko
Level 8
Report Inappropriate Content
Message 10 of 15

Re: McAfee Agent 5.5.1 communication to epo problems

Jump to solution

Server:
20190213155630 E #06196 MCUPLOAD SecureHttp.cpp(984): Failed to send HTTP request. Error=12186 (12186)
20190213155630 E #06196 NAIMSERV server.cpp(558): Failed to send request, err=0x80004005, HTTP status code=0
20190213155630 E #06196 NAIMSERV server.cpp(923): Error sending data channel message to application server
20190213155630 I #06196 NAIMSERV Processed [MsgUpload] from *CLIENT*
20190213155630 E #06196 NAIMSERV AgentServerCommHandler.cpp(656): Failed to process agent request
20190213155630 I #06196 MOD_EPO epo request processed, rc=503, session ID=558, session time=31ms


Client:
2019-02-13 15:56:30.170 masvc(2144.2064) ahclient.Info: Scheduling spipe connection with "immediate" priority.
2019-02-13 15:56:30.171 masvc(2144.2064) DataChannel.Manager.Info: A { MsgUpload } spipe alert has been raised successfully in ah_client.
2019-02-13 15:56:30.171 masvc(2144.2064) ahclient.Info: Start processing spipe connection request.
2019-02-13 15:56:30.187 masvc(2144.2064) DataChannel.Manager.Info: DataChannel Service decorating SPIPE package for : { MsgUpload }
2019-02-13 15:56:30.188 masvc(2144.2064) DataChannel.Manager.Info: Nächster Stapel von 5 Datenkanalelementen wird gesendet
2019-02-13 15:56:30.195 masvc(2144.2064) ahclient.Info: Agenten-Kommunikationssitzung gestartet
2019-02-13 15:56:30.201 masvc(2144.2064) ahclient.Info: Der Agent stellt eine Verbindung zum ePO-Server her.
2019-02-13 15:56:30.208 masvc(2144.2064) ahclient.Info: Initiating spipe connection to site https://x.x.x.x:443/xxx
2019-02-13 15:56:30.211 masvc(2144.2064) ahclient.Info: connection initiated to site https://x.x.x.x:443/xxx
2019-02-13 15:56:30.261 masvc(2144.2064) crypto.Info: Negotiated Cipher : EDH-RSA-AES256-SHA256
2019-02-13 15:56:30.302 masvc(2144.2064) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.
2019-02-13 15:56:30.303 masvc(2144.2064) ahclient.Info: Agent handler reports server busy. response code 503.
2019-02-13 15:56:30.303 masvc(2144.2064) ahclient.Info: Spipe connection response received, network return code = 1008, response code 503.
2019-02-13 15:56:30.303 masvc(2144.2064) DataChannel.Manager.Error: Failed to upload DataChannel items - Network<1008>, HTTP Response<503>
2019-02-13 15:56:30.303 masvc(2144.2064) DataChannel.Manager.Error: Fehler beim Hochladen des Pakets auf den ePO-Server.
2019-02-13 15:56:30.316 masvc(2144.2064) ahclient.Info: Agenten-Kommunikationssitzung geschlossen
2019-02-13 15:56:30.323 masvc(2144.2064) ioservice.Info: IO service received the message.

 

I dont know if that might help:

I capture the traffic flow with Wireshark. The client and Server establish successfull an encrypted TLS connection and sends encrypted data. Some pakets later the Server close the TLS-Connection.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community