cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

I have users who travel most of the time and I have to take the opportunity when I can to push updates to them when they are VPNed into our network. Sometimes it works as expected but other times the agent task will click through very quickly and show completed successful (not failed), yet no change has been affected on the client system. Any ideas what is going on and what I can do to prevent this??

ePO version 5.9.1, clients all have agent version 5.6.3 on Windows 10 Pro

Thank you

Michael
1 Solution

Accepted Solutions
Highlighted

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

Sorry to take so long to get back to this. It appears this was an issue with the agent. Since updating to Agent 5.6.5.195 (and now the current .236) I haven't had any issues. Systems that would persistently NOT upgrade but returned a result that the deploy task had completed successfully updated properly after installing the newer agent. 

Michael

View solution in original post

12 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 13

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

Hello @meanoldmanning ,

There are few things that needs to be looked into:

1. Don't use Run client task now. 

2. Use modify task on single system or apply the client update task on my organization to run at specific time.  If not make the task as run immediately and then do a wake up agent for all the systems to communicate to EPO and then they will receive the client update task.

3. within McAfee agent repository policy you can mention if one repository is not reachable it should go to internet i.e "McAfee HTTP" to fetch the updates.

4. If above all is configured and still the update is failing then we would require masvc and mcscript logs to identify the error message for update failure.

you can also refer to @cdinet  post to troubleshoot the update issue at  "https://community.mcafee.com/t5/ePolicy-Orchestrator/HOW-TO-TROUBLESHOOT-CLIENT-UPDATE-DEPLOYMENT-FA..."

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Yash T
Highlighted

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

I guess I need to clarify, I'm not trying to run a DAT or AMCORE update, but rather for example update the ENS package version from say, Platform 10.7.0.1285 to the current version 10.7.0.1481. It's when I attempt to do that on a small number of the systems connected over VPN that I see issues. The majority of the systems connected via VPN are able to receive the packages via 'run client task now', but on a few the task zips through really quickly and shows a result that it completed successfully when it actually has not.

Michael
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 13

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

Did you check McScript_error log under <programdata>mcafee/agent/logs.

 

 

Highlighted

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

Not to sound snarky, but if I had access to the client I wouldn't be having this problem. Is there logging on the server side that might suggest what the issue is?

I'll see if the user can allow me remote access for a little while this morning to check the log. 

Michael
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 13

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

You really do not have to take RDP access of the client machine. There is something called "single system troubleshooting" option in EPO console which will allow you to collect Agent related logs from console.

Select the Target machine-->Actions-->Agent-->single system troubleshooting.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

 

Highlighted

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

Ah! Cool! I'll give that a try

Michael
Highlighted

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

I ran through the logs on one of the systems and admittedly am not sure what to look for. I don't see anything obvious in error during the time frame when I encountered issues deploying the ENS version update. It actually seems to show the update succeeds. 

Curiously I deployed the same update to a system over VPN yesterday and 2 out of the 4 items updated but eventually I got a event 10 (after about 25 minutes) which I think suggests the task timed out? I was able to send a new task to the system that only updated the remaining items (Firewall and Web Control) and that succeeded.

Michael
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 13

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

Go through the article for troubleshooting updates/deployments, it will help show you what to look for.

For deployments (new installs), you would look at the mcscript_deploy log.  What you would look for is whether the client was able to download the installer or not and if so, did it execute the setup for it.

For updates, such as installing a patch or content, the mcscript.log is the one to look at.  You would look for the same thing.  

If it is not able to download the content, then you would see it failing to get files from the server.  If it does download the files and run setup, then you would look at the windows\temp\mcafeelogs directory for the install logs for whatever you pushed for what any errors are.  

You might also look to see if it just says completed after downloading and running the detection script for the product.  Perhaps it is already installed, but just not reporting it to epo yet.  

It is best to use a scheduled task for most deployments and updates, as run client task now should be used sparingly and for one-off needs.  Run client task now keeps a datachannel connection open until it receives a response back for the completion or failure status from the agent, and for some tasks, that could take a while.  With too many of those, it can run into datachannel communication failures, server busy, etc.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 13

Re: Run agent task to update ENS fails over VPN, but only sometimes

Jump to solution

You can check the server log on the epo server or agent handler also that the client is trying to talk to in order to see if the server can reach the client over vpn.  A run client task now relies on a wakeup call being sent that tells the client to come check in for any tasks, etc.  See KB58818 - some of those wakeups may not be received.  However, if you have dxl brokers, the wakeup would be sent over dxl, which gets around that.  If that is the case, dxl might not be connected to the broker on the client, which would explain why it sometimes works and sometimes not.  The safest way is to set up a temporary client task for run immediately, but if wakeups aren't working over vpn, then that requires you to wait for client to check in on its own.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community