cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nick_B
Level 11
Report Inappropriate Content
Message 1 of 14

SuperAgent Distributed Repository Replication Failing with Error 10060

Dear McAfee Community,

We've just configured a Windows Server to be a SuperAgent Distributed Repository and we can see it listed in the list of Distributed Repos in ePO.

However, when we launched a Full Replication to it, it failed after about 20 seconds with the error - "Failed to connect, error 10060 (A connection attempt failed because the connected party did not properly respond after a period of time..."

The ePO server and the newly-configured Windows Server SADR are in different networks, so this may well be a Firewall issue. In fact the SADR is in Dallas and the ePO server is in Czech Republic!

Does anyone know what ports are required for successful communication to flow between the devices?

8081 is the Agent wake-up communication port (all ports are the standard, or defaults ones).

I look forward to hearing from you!

Thanks,

Nick

13 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

For port details, please look into #: https://kc.mcafee.com/corporate/index?page=content&id=KB66797

For replication, we should be able to resolve SADR machine with FQDN and should be connected to port 8081.

 

Agent wake-up communication port

SuperAgent repository port
8081 TCP port that agents use to receive agent wake-up requests from the McAfee ePO server or Agent Handler.
TCP port that the SuperAgents configured as repositories that are used to receive content from the McAfee ePO server during repository replication, and to serve content to client systems.
Inbound connection from the ePO server/Agent Handler to the McAfee Agent.
Inbound connection from client systems to SuperAgents configured as repositories.
Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 3 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

You might want to try not using replication, but enable lazy caching (don't use both or that can cause failures).  You can also look at the macmnsvc log on the client (sadr) to see what errors there are.  When you were setting this up, did you pre-create any folders on the sadr for the repo directory?  If not, did the directories get created by the agent conversion to SA process?  If you did pre-create any directories, that will cause failures also.  If that is the case, make it not a repo again, then delete all directories referencing that repository location and then push back out the policy to make it a superagent again. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 4 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

Hey Cdinet,

Good to hear from you!

Indeed, there is already a separate policy created but not assigned as yet which enables Lazy Caching (and no replication). The customer however, is hesitant about using this at the moment.

In the policy applied to the SADR device, Lazy Caching is not enabled. Also the folders were not pre-created ahead of time, rather the folder structure creation was left to the process of conversion to a Super Agent.

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

10060 is a connection timeout, so either the right ports aren't open, there is a proxy or firewall blocking it, or other network issues.  If the server never reaches the sadr, you won't see any entries in the macmnsvc log for the connection attempt.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 6 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

Hi,

I've just taken a look at the McAfee Agent SA Policies and am attaching them here for your perusal.

The MA Policy which does not have Lazy Caching enabled is here:

MA Legacy SA Policy.PNGMA SuperAgent Policy (legacy)The snip below is the MA SA Policy which has Lazy Caching enabled.

MA Lazy Caching Policy.PNGMcAfee Agent SA Policy (Lazy Caching)

 Based on the options ticked in the above policy, would it be configured to both replicate and perform lazy caching? Or is it configured correctly?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

As long as the legacy policy is assigned and not the lazy cache one, you are fine to try to replicate.  If they are in different networks, can the epo server resolve the sadr?  Are they in different sub domains?  If so, you might need to add the dns server for sub domain in epo nic properties and also append dns suffix.  The epoapsvr will show you the url it is using - can you telnet to the sadr server from epo on the port it is using?  It sure sounds like a firewall issue to me.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 8 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

Indeed, I was just discussing the likelihood of a firewall issue being the root cause here with one of the chaps.

When the Firewall guy gets in tomorrow, we'll put these questions to him. I know they have dozens of domains and subnets all over the place, not to mention dozens of (mainly CheckPoint) firewalls.

Thanks - will update you as soon as I have more info!

Nick_B
Level 11
Report Inappropriate Content
Message 9 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

Hi,

We couldn't catch the Firewall guy today, he was so ultra-busy 😞

In any event, we tried to replicate to another one of the distributed repositories, we can call it LMOSTAH.

This replication task failed with a couple of different errors in the log - 10053 (an established connection was aborted) and 10054 (existing connection forcibly closed by remote host).

If we click the View Packages button we are met with the message - Site Catalog not found.

Any ideas on this one, sir?

It is believed that the firewall is not a factor in this case. 

Below is a snip taken from the Server task Log just now.

LMOSTAH - Repository Replication Errors.PNGRepository Replication Failures

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 14

Re: SuperAgent Distributed Repository Replication Failing with Error 10060

You would need to look at the macmnsvc log on that sadr for why it rejected the connection.  Match up the time frames in the logs with the replication failures.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community