cancel
Showing results for 
Search instead for 
Did you mean: 
Jack-TD
Level 8
Report Inappropriate Content
Message 1 of 13

McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Hi,

I have recently updated RHEL 6 servers to Agent 5.6.0.702

After the upgrade the command /opt/McAfee/agent/bin/cmdagent fails with error

cmdagent.Error: Failed to get ma info, error code <507>.

When this command is run as root there is no issue.

Has anyone else run into this situation with agent 5.6

 

This is also effecting ePO from communicating with the servers using the Run client command and the wake up agent command

The servers are able to send their events back through to ePO.

Tags (3)
1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 13 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Please open a ticket then with McAfee and set the agent logging to debug, then get an agent mer (with the 5.6 agent).  That mer tool is attached to KB83005.  We need to see what is going on with that agent.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

12 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Moving this to the agent team, so the appropriate group will see this.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 3 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

cmdagent has to be run with root privileges.  If you use an account that has sudo rights and you run it using sudo command, does it still fail? 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Jack-TD
Level 8
Report Inappropriate Content
Message 4 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

It does not fail when run as sudo, however servers which are running RHEL 7 or RHEL 5 do not require root privileged to run cmdagent.

In addition to this when attempting to run the wake up agent task from ePO the effected server responds with "Unexpected HTTP responce code 500 received from the remote computer.

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Most of our KB's or ma product guides list that there are some commands that require root privileges, including deploying an agent. 

As for the error 500 you are getting, is the agent general policy enabled to only accept connections from the epo server?  You might also want to check each of the agent logs for any possible rejection of the wakeup request.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Jack-TD
Level 8
Report Inappropriate Content
Message 6 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

As for the error 500 you are getting, is the agent general policy enabled to only accept connections from the epo server? 

 

I have tested waking up agent with this option disabled and enabled with the same results

 

The following is the log output from the macmnsvc log

 

2019-01-07 23:18:14.287 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50647
2019-01-07 23:18:14.288 (31309.31309) http_server.Info: Agent wakeup call received
2019-01-07 23:18:14.288 (31309.31309) http_server.Info: Agent wakeup call for FULL PROPS received
2019-01-07 23:18:14.288 (31309.31309) msgbus.Warning: Broker information is not available, rc <501>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: local broker look up failed for service <ma.service.logger>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: Failed to start request <ma.service.logger>, so sending the error code to the callback in main thread
2019-01-07 23:18:14.289 (31309.31309) msgbus.Warning: Broker information is not available, rc <501>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: local broker look up failed for service <ma.service.logger>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: Failed to start request <ma.service.logger>, so sending the error code to the callback in main thread
2019-01-07 23:18:14.289 (31309.31309) msgbus.Warning: Broker information is not available, rc <501>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: local broker look up failed for service <ma.service.property>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: Failed to start request <ma.service.property>, so sending the error code to the callback in main thread
2019-01-07 23:18:14.289 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) ma_http_connection_send_stock_response, response(500 Internal Server Error)
2019-01-07 23:18:14.302 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50648
2019-01-07 23:18:14.303 (31309.31309) spipe.Error: Received spipe package size 428 is lesser than the expected size, malformed package.
2019-01-07 23:18:14.303 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) ma_http_connection_send_stock_response, response(500 Internal Server Error)
2019-01-07 23:18:14.311 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50649
2019-01-07 23:18:14.311 (31309.31309) spipe.Error: Received spipe package size 428 is lesser than the expected size, malformed package.
2019-01-07 23:18:14.311 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) ma_http_connection_send_stock_response, response(500 Internal Server Error)
2019-01-07 23:18:14.322 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50650

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

is the macompatsvc service running?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Jack-TD
Level 8
Report Inappropriate Content
Message 8 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution
All three services are running on the box,

service ma status

McAfee agent service is already running.
McAfee common services is already running.
McAfee compat service is already running.
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 13

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Also, this is telling .......Received spipe package size 428 is lesser than the expected size.

Is there a proxy or firewall that might be doing some ssl inspection?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

There is no ssl inspection being performed between the ePO server and the effected host

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community