cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee FRP Requesting a non existing Key

Jump to solution

Hi,

it seems like I deleted an McAfee FRP key which was still assigned to a policy or ad user/group, now everytime the server task "FRP: Process Key Assignments" shows fail when I try to assign any key to an ad user/group. The audit log says "Requesting a non exisitng Key GUID:xxxxx". We cannot assign keys anymore..

How can I solve this problem?

Thanks in advance.

2 Solutions

Accepted Solutions
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: McAfee FRP Requesting a non existing Key

Jump to solution

Hi robinmeyer,

I spoke with the FRP team about this for you.

They are unsure how you managed to get to this condition and ask that you give them a call so they can review and advise on next steps for you.

please do have ePO MERs (minimum) ready to share with them and to that they explained there maybe be a need to set up some debug logging to aid in the review.
(They will discuss this with you at that time)

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: McAfee FRP Requesting a non existing Key

Jump to solution

Hi,

I figured it out by myself! I have done the following:

I created another temp FRP key in ePO, then changed in the SQL Database in table "dbo.EEFFKeys" the column "GUID" of the temp created key to the GUID that was shown in the audit log, in hope there was no error anymore since it is there and not missing. This error was gone! However, the server task still failed, now the audit log showed the original GUID missing from the recently created temp key. So I came to the conclusion, that I needed to create a key without the ePO webinterface, to fetch up the missing GUID, so it must be done within SQL directly.

Solution: The following SQL statement inserts a FRP key directly into the database (change values as described!):

 

INSERT INTO dbo.EEFFKeys (Name, GUID, Binary_Sequence, Description, Algorithm, KeyState, CreateDate, KeyType, Version, AdminLevel, TopSecret, StateChange) VALUES ('ENTER_SOME_NAME_FOR_TEMP_KEY', 'ENTER_MISSING_GUID_FROM_AUDIT_LOG', CONVERT(varbinary,'<Binary Data>'), 'Test', 'SB12', 'True', '2019-02-18 09:39:41.267', 1, 'THIS_DATA_WAS_JUST_COPIED_FROM_ANOTHER_KEY', 6, 'False', 0)

 

After that, you can see the inserted key in ePO. Now try to run the server task again, it should run with no errors and will do all assingments for all other keys again! Audit log also says that.

Cleaning up: Remove every assingment of the temp key(s) (it should be assinged somewhere, not important, just remove the assingment), then disable the key(s) and then delete them. Now they should be clean out of the SQL database and the server task should still run without errors! You're done.

I think this should be marked as solution.

 

 

2 Replies
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: McAfee FRP Requesting a non existing Key

Jump to solution

Hi robinmeyer,

I spoke with the FRP team about this for you.

They are unsure how you managed to get to this condition and ask that you give them a call so they can review and advise on next steps for you.

please do have ePO MERs (minimum) ready to share with them and to that they explained there maybe be a need to set up some debug logging to aid in the review.
(They will discuss this with you at that time)

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: McAfee FRP Requesting a non existing Key

Jump to solution

Hi,

I figured it out by myself! I have done the following:

I created another temp FRP key in ePO, then changed in the SQL Database in table "dbo.EEFFKeys" the column "GUID" of the temp created key to the GUID that was shown in the audit log, in hope there was no error anymore since it is there and not missing. This error was gone! However, the server task still failed, now the audit log showed the original GUID missing from the recently created temp key. So I came to the conclusion, that I needed to create a key without the ePO webinterface, to fetch up the missing GUID, so it must be done within SQL directly.

Solution: The following SQL statement inserts a FRP key directly into the database (change values as described!):

 

INSERT INTO dbo.EEFFKeys (Name, GUID, Binary_Sequence, Description, Algorithm, KeyState, CreateDate, KeyType, Version, AdminLevel, TopSecret, StateChange) VALUES ('ENTER_SOME_NAME_FOR_TEMP_KEY', 'ENTER_MISSING_GUID_FROM_AUDIT_LOG', CONVERT(varbinary,'<Binary Data>'), 'Test', 'SB12', 'True', '2019-02-18 09:39:41.267', 1, 'THIS_DATA_WAS_JUST_COPIED_FROM_ANOTHER_KEY', 6, 'False', 0)

 

After that, you can see the inserted key in ePO. Now try to run the server task again, it should run with no errors and will do all assingments for all other keys again! Audit log also says that.

Cleaning up: Remove every assingment of the temp key(s) (it should be assinged somewhere, not important, just remove the assingment), then disable the key(s) and then delete them. Now they should be clean out of the SQL database and the server task should still run without errors! You're done.

I think this should be marked as solution.

 

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator