Hi all, I have encountered a issue with logging in to Mcafee ePolicy 5.1.0 after deployment of Petya ransomware patches. However, I have uninstalled the patches for Petya ransomware and still unable to access the login page. The Mcafee application server service started and stopped running after around 1mins. I have also extracted the server logs and Event Parser logs. Please help !
Both logs are full of this:
|20170629150739||W||#03216||EPODAL||Login for MOTION\administrator failed. Building profile and retrying.|
|20170629150739||E||#03216||PONTUTIL||Failed to create local ePO User Group, push agent aborted! System error code 1379|
|20170629150739||E||#03216||EPODAL||ePOData_Connection.cpp(298): Failed to logon the domain user MOTION\administrator to connect to database.|
ePOData_Connection.cpp(368): Error 0x80070002 returned from credentials callback. Database NOT available
Database errors all over the place, and failed logins for MOTION\administrator. First, are you really running ePO services under your domain "administrator" account? You should really be running ePO under a separate service account with appropriate permissions (primarily, local admin on the ePO server).
Second, and more importantly to your question, is your database running? If so, did your administrator account credentials change?
Yes, it's running under administrator account. Account credentials was changed in May. However, it was not affected then. I've tried to navigate to core-config but shows the same page. Doesn't shows mcafee epolicy at all.
The service starting and then stopping after a minute or two is typically indicative of the database being offline. If this machine hasn't been rebooted in a while then services would have kept running even with bad credentials, so your DB credentials might have been impacted too in whatever change was done previously.