cancel
Showing results for 
Search instead for 
Did you mean: 
tassha
Level 9
Report Inappropriate Content
Message 1 of 8

SADR is not pulling updates from the EPO Server suddenly

I have a SADR configured to pull updates from the Master ePO. It was working just fine until a couple days ago. Suddenly it stopped pulling current DAT files from the ePO server. My clients suddenly stopped getting its updates from the SADR.

The error I see in mcscript.log is:

Downloading file from http://SADR:591/software/sitestat.xml to C:\WINDOWS\TEMP\Sitestat.xml failed.

Downloading file from http://SADR:591/software/sitestat.xml to C:\WINDOWS\TEMP\Sitestat.xml

network URL(http://SADR:591/software/sitestat.xml to C:\WINDOWS\TEMP\Sitestat.xml ) request submitting

network URL(http://SADR:591/software/sitestat.xml to C:\WINDOWS\TEMP\Sitestat.xml ) request, failed with curl error 0, Response 403, Connect code 0,

Then the log does this a couple more times until you see:

Repository ePOSA_SADR is not usable for the current update session.

As I said this is all happening suddenly. It was working just fine then it wasn't. The SADR is still listed in the Agent Policy and is listed on the top of the list to be used first. The SADR itself (the server the super agent is on) has the current DAT; all other clients that receive updates from the SADR DO NOT have the current DAT. This tells me the SADR can talk to the ePO still.

I am at a loss. I've read multiple KBs like this one McAfee Corporate KB - Unable to find a valid repository (when downloading SiteStat.xml) KB54474.

I am using Lazy Caching.

HELP!

7 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: SADR is not pulling updates from the EPO Server suddenly

What kind of failures do you see in the agent logs on the sadr?  Can you post the 3 agent logs please from that sadr - masvc, macompatsvc and macmnsvc logs?

Has anything changed on that system at all?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

tassha
Level 9
Report Inappropriate Content
Message 3 of 8

Re: SADR is not pulling updates from the EPO Server suddenly

Hey thank you for responding! I am at a loss.

Unfortunately I am unable to save logs to this forum as they reside on a different network.

So the Super Agent is installed on a VM Server. The server itself has the current DAT installed for that network, being December 31, 2017. However the Last DAT file located in the D:\Agent\Mcafee drive is from the 29th. I take this to mean the server itself is still capable of talking to the Master ePO (which I don't control and is located geographically hundreds of miles away) but it is not updating the database for the SADR which means my clients are also running an old version of the DAT (29 December) because it doesn't have a more current option to pull from.

I've heard deleting the entire contents of the McAfee directory on the D Drive can help although I dont see how seeing as how it isnt pulling from the ePO.

As far as I am aware nothing on the server changed.

Thanks again for the help! I need it. No idea is a bad one!

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: SADR is not pulling updates from the EPO Server suddenly

If you are using lazy caching, the agent is supposed to pull the files from epo and populate its directory.  Don't use replication if lazy caching is enabled, that causes failures.  Make sure you are using one or the other.

Assuming you are only using lazy caching, then it is apparent that the agent is not able to pull data from the epo server.  You need to look at the agent logs for those failures.  I believe that would show in the macmnsvc log, but you can check them all.  If lazy caching is failing, disable it in the policy and try replication to see if that succeeds.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

tassha
Level 9
Report Inappropriate Content
Message 5 of 8

Re: SADR is not pulling updates from the EPO Server suddenly

Yeah as I said I have no control over the server and it's policies. I think the issue is within the Server being used as the SADR itself since it previously worked, the policy didn't change, and now it doesn't. I will say one odd thing is now I cant open the sitestat.xml file on that server. I get a permissions error which is new. The "Everyone" group has read permissions to that whole directory too.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: SADR is not pulling updates from the EPO Server suddenly

What I would suggest then, is send it a policy to make it not a superagent again.  If you can't, please get an epo admin that can.  Then delete that entire directory that the repo points too, even the root of it.  Then make the agent a superagent again, but be sure not to recreate the folder ahead of time.  The superagent conversion will create that.  Then try again and see if it works.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: SADR is not pulling updates from the EPO Server suddenly

Thank you fall for the support.  It took some time and some digging but I believe I have found what is causing this issue.

Apparently, there were a lot of open connections building up on the SADR, and so when the agent attempts to pull from the repository it can't accept the connection so a 403 error is returned.

After performing a netstat -a I could see a lot of servers with closed_wait connections.  I stopped the McAfee Agent services on the repository and restarted them.  The connections closed and my test agent was able to use the repository.

Now I just have to find out what is causing the connections to stay open, but that is another issue.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: SADR is not pulling updates from the EPO Server suddenly

That can happen if there are too many clients trying to update at once from the server, network latency that causes the file downloads to take longer, etc.  One thing you can look at is the repository utilization report in epo.  If they aren't being utilized as you expect, there are some things you can look at.

1.  How are the repository policies configured - make sure the clients have access to what they are enabled to use.

2.  If you are using replication instead of lazy caching for your repositories, your schedule should follow this rotation - epo pull from McAfee, replication occurs after pull is finished, then clients update after replication is complete and before the next pull.  That ensures sites are always up to date sites.  However, it is more efficient to use lazy caching instead of replication.  Then the repositories should always be up to date sites, as they would pull content from epo as needed.  This is much more efficient.

3.  Task scheduling - make sure deployments and updates don't happen too frequently and that there is randomization enabled in the schedule to spread out the traffic.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community