cancel
Showing results for 
Search instead for 
Did you mean: 
TTU
Level 7
Report Inappropriate Content
Message 1 of 6

Systems disappears from ePO

Jump to solution

Hello.

I have a few systems that appear and disappear from ePO 4.0 depending on whether or not they are VPN'd in.  If they VPN in, they show up.  Shortly after the VPN connection is terminated though they disappear from the ePO db.  Any ideas on what the heck could be causing this?

1 Solution

Accepted Solutions
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Systems disappears from ePO

Jump to solution

It may also be an issue with ePO not knowing that the machines are using a VPN.

Is this the first time that the machines are connecting to ePO? If so then what may be happening is that each machine is given the same mac address by the VPN, which causes ePO to overwrite the information for one machine with the information from the next one to connect with the same mac address. ePO has a mechanism to deal with this, but it relies on ePO knowing that the mac address in question belongs to a vpn.

What are the first six characters of the mac address that these machines are given by the vpn?

Regards -

Joe

5 Replies

Re: Systems disappears from ePO

Jump to solution

Are you sure this isn't a duplicate GUID problem?  I'd definately check that first as we've seen that cause this type of appear/disappear issue in the past...

Andrew

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Systems disappears from ePO

Jump to solution

It may also be an issue with ePO not knowing that the machines are using a VPN.

Is this the first time that the machines are connecting to ePO? If so then what may be happening is that each machine is given the same mac address by the VPN, which causes ePO to overwrite the information for one machine with the information from the next one to connect with the same mac address. ePO has a mechanism to deal with this, but it relies on ePO knowing that the mac address in question belongs to a vpn.

What are the first six characters of the mac address that these machines are given by the vpn?

Regards -

Joe

TTU
Level 7
Report Inappropriate Content
Message 4 of 6

Re: Systems disappears from ePO

Jump to solution

Joe,

You are correct.  That was the issue.  We figured it out yesterday afternoon.

Here is the text of the email I received from a McAfee SME.  After adding the first 6 of the MAC address as shown below there were not more issues:

Environment

McAfee ePolicy Orchestrator 4.0
McAfee Agent 4.0
McAfee Common Management Agent
Microsoft Windows (all supported versions, see KB51109 )

Problem 1

When a new computer is added to the ePolicy Orchestrator (ePO) tree another computer disappears.

Problem 2

The common factor is that this happens with computers that connect via a Virtual Private Network (VPN).

Cause

This problem will only be encountered when the first connection from a client computer to the ePO server takes place over a VPN connection. If the computers first connection is via a Local Area Network (LAN), the correct Media Access Control (MAC) address is added to the table.
When a computer communicates with the ePO server via VPN, it uses the VPN virtual computer's MAC address and not its own actual MAC address. This VPN MAC address is usually the same for all computers connecting through the VPN.

Solution 1

To fix this issue, create a new entry in the ePO ePOVirtualMacVendor table with the Organization Unique Identifier (OUI) which is part of the VPN MAC address.
Solution 1 - To avoid this issue
When adding a new computer to ePO Server, ensure that the first connection occurs via a LAN and not via VPN.

Solution 2

Solution 2 - To resolve the issue if the computers have already connected via a VPN.
Step 1 - Determine the VPN MAC address to add to the ePO VendorID field
The best way to obtain the VPN MAC address is to identify a computer that has connected to the ePO Server for the first time via VPN and removed the previous computer.
  1. From the client computer, use the agent Status Monitor to Collect and Send Props.
  2. Log on to the ePO Console
  3. Click the Systems tab.
  4. Click the System Tree.
  5. Locate the computer that has connected via VPN.
  6. Double-click on the computer to view its properties
  7. To the right of System Information, click More. This will display the VPN MAC address collected from the client.
  8. Scroll down and locate the MAC Address. Make a note of the first six digits of this MAC address in the next step (Example: 00123F21ECED)
Step 2 - Modify the SQL script to add the computer to the tree.
NOTE: See KB56429 for how to run SQL scripts provided by McAfee Support using OSQL for ePO 3.6.x and ProtectionPilot.
Use the SQL command syntax below to add the computer to the tree:
INSERT INTO ePOVirtualMacVendor (VendorID) values ('######')

Where: ###### is the first 6 digits of the VPN MAC address collected from the client.
Example: For a system with 00123F as the first six digits of the MAC address obtained in Step 1:
INSERT INTO ePOVirtualMacVendor (VendorID) values ('00123F')
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Systems disappears from ePO

Jump to solution

Good news, glad it's fixed

Regards -

Joe

Highlighted
TTU
Level 7
Report Inappropriate Content
Message 6 of 6

Re: Systems disappears from ePO

Jump to solution

This was my initial suspicion.  However, after completely blowing away my GUID and generating a new one I still had the same problem.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community