cancel
Showing results for 
Search instead for 
Did you mean: 

Remote Agent Handler Issues and Ports.txt File

Jump to solution

Hello Everyone,

We have a remote agent handler set up in our DMZ, and recently, it stopped working as an AH. I am trying to troubleshoot the issue and get it working again. At the point it stopped working, a firewall change was occurring, and I immediately thought this might be the issue. However, my firewall admin assured me it isn't, so I am troubleshooting from the perspective that perhaps the install or configuration got messed up because of the lack of connectivity. I can say that computers outside of the network can see the AH, and the AH is communicating to ePO as a client, just not as an AH. I know that the McAfee Agent uses a different port than the AH most likely, but just mentioning it.

I have already done a reboot of the server. I did notice that the two services have interesting behavior. The Event Parser service is not running. When I attempt to start it, it starts and then immediately stops and gives a message indicating that some services are made to run this way or something similar. It seems like the ePO Server process has some issues stopping and starting, taking quite a while. There was a service hang message after the reboot, but it eventually started. I also noticed an error in the Windows Application Logs, but according to McAfee this error is not really an error? https://kc.mcafee.com/corporate/index?page=content&id=KB82260&ePO0814

Lastly, at C:\McAfee, I found a ports.txt file. This file has a ton of entries pertaining to the ports. It has a heading stating "Active Connections", and it has quite a few items that are concerning. Of particular interest are entries related to Java. In the document, there are a great number of entries such as this:

[java.exe]

  TCP    127.0.0.1Smiley TongueortNumber       ServerName:AdjacentPortNumber  ESTABLISHED     1320

In all cases, the port numbers listed in both are adjacent to each other, and there are dozens and dozens of entries. When I log into the server, I am prompted regarding a java update. While there are other ports and services listed, I find it alarming that there are so many listed for Java.

Has anyone had any experience this issue? Any suggestions would be greatly appreciated. I have looked at logs, but there are so many, and they present so much information, I am not sure what I am looking at. I am verging on attempting a reinstall of the AH package, but figured I would ask here first.

1 Solution

Accepted Solutions

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

For Agent Handler below points need to correct to make Agent Handle available for clients.

1. All required ports should be opened from Network firewall end.

2. Navigate to ePO console Manu > Configuration > Agent Handlers > Handle Status and select the Agent Handle number where agent Handler should be communicated to ePO console on regular basis by checking last communication, If not than issue with connectivity.

3. db.properties files should be same on ePO server and Agent Handler.

4. Important > Agent to server secure port and port 80/81 should be added to agent handler firewall inbound policy locally to accept the connections from clients.

If above points are correct and still you are facing issue with Agent Handler than I'll suggest to raise a case with McAfee to get better results.

6 Replies

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

Hello, Scott Sadlocha,

Please can you give more details about Operating system, EPO versions?

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

Sorry about that. We are running ePO 4.6.6. The OS on the ePO server and the RAH is Windows Server 2008 R2 Standard.

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

For Agent Handler below points need to correct to make Agent Handle available for clients.

1. All required ports should be opened from Network firewall end.

2. Navigate to ePO console Manu > Configuration > Agent Handlers > Handle Status and select the Agent Handle number where agent Handler should be communicated to ePO console on regular basis by checking last communication, If not than issue with connectivity.

3. db.properties files should be same on ePO server and Agent Handler.

4. Important > Agent to server secure port and port 80/81 should be added to agent handler firewall inbound policy locally to accept the connections from clients.

If above points are correct and still you are facing issue with Agent Handler than I'll suggest to raise a case with McAfee to get better results.

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

thanks for the information. The last communication shows the time when the firewall maintenance occurred, and that led me to believe it was that device. But the db.properties item you mentioned sounds like something else I was thinking it might be. I am going to locate the file and check it. For your item number 4, where are you referring to? You mention locallly, so I am thinking on the Agent Handler itself? Thanks again.

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

Yes, Item number 4 related to Agent Handler it self, some time we missed to add there ports on locally windows firewall rule, this required only if windows firewall is on other wise its not required.

Re: Remote Agent Handler Issues and Ports.txt File

Jump to solution

I figured this out. There was a hosts file on the RAH server in the DMZ. It had entries using a transport address to the DB server. Once we updated those addresses to reflect changes made on the firewall, everything starting communicating again. I am going to mark your answer as the correct, because it was looking at the db.properties file and working with it that clued me in on the hosts file. Thanks for the help.