cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Re: Unable to view agent logs, not connected to ePO

Will do, thanks for the help.  I'll post here when/if we get this fixed.

Highlighted
Level 10
Report Inappropriate Content
Message 12 of 17

Re: Unable to view agent logs, not connected to ePO

I've been seeing a lot of this even with McAfee agent version 5.6.2.209 and Single System Troubleshooting. Sometimes this works, sometime it does not. 

It shows that agent is connected to ePO as last communication is of recent date and time.

Is there anything that we can do get this working again? 

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 17

Re: Unable to view agent logs, not connected to ePO

Are there any errors in the server or agent logs around it?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 10
Report Inappropriate Content
Message 14 of 17

Re: Unable to view agent logs, not connected to ePO

cdinet, 

I do not have access to the user's device's agent logs but here's what I'm seeing in the external agent handler server's DB -> Logs -> server_<external Agent Handler server>:

20200324161638 E #00768 NAIMSERV naSPIPE.cpp(338): Failed to connect to <user's device private IP>:8801, network error was 10060
20200324161638 E #00768 NAIMSERV AgentWakeup.cpp(206): Server failed to wake up <user's device private IP>, detailed error = -999
20200324161638 I #06284 NAIMSERV Agent SPIPE property User1 specified Font Driver Host\UMFD-0 missing policy version, assuming 0

This particular user is not connected to the firm's network or VPN but I would have presumed that the external agent handler would take care of this scenario. The devices connected to the ePO server itself or internal agent handler, we are not seeing this issue.

Tried to do a wake-up call on the agent and I'm getting this:

3/24/20 4:01:10 PM
Waking up agent <user's device> through Agent Handler <external Agent Handler>
3/24/20 4:01:10 PM
Waking up agent <user's device>.fios-router.home using DNS name
3/24/20 4:01:10 PM
Unable to resolve address of remote system
3/24/20 4:01:10 PM
Waking up agent <user's device> using NetBIOS
3/24/20 4:01:10 PM
Unable to resolve address of remote system
3/24/20 4:01:10 PM
Waking up agent at IP address <user's device private IP>
3/24/20 4:01:10 PM
Unknown error contacting agent
3/24/20 4:01:10 PM
Wakeup agent failed
3/24/20 4:04:05 PM
Waking up agent <user's device>.fios-router.home using DNS name
3/24/20 4:04:05 PM
Unable to resolve address of remote system
3/24/20 4:04:05 PM
Waking up agent <user's device> using NetBIOS
3/24/20 4:04:05 PM
Unable to resolve address of remote system
3/24/20 4:04:05 PM
Waking up agent at IP address <user's device private IP>
3/24/20 4:04:05 PM
Unknown error contacting agent
3/24/20 4:04:05 PM

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 15 of 17

Re: Unable to view agent logs, not connected to ePO

Refer to kb58818 for wakeups failing to clients on vpn (that may not be your case exactly).  An external client without vpn working from a home or other type network is going to have a private IP address and even if their ISP nats it to a public IP, a private IP is not externally routable and a natted IP can't be reached by epo.  The only way wakeups would work (which would most likely also include getting agent logs) is if you have a dxl broker set up and the clients are connected to the broker.  

You also might want to ensure that the agent policy setting to accept connections only from epo server is also disabled to test.

Ultimately, from the log, it seems to be the non-routable private IP that is just not reachable.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 10
Report Inappropriate Content
Message 16 of 17

Re: Unable to view agent logs, not connected to ePO

Interesting. Thought our external agent handler, which actually resides in the DMZ and is configured with a public IP, should be able to handle this scenario. So, we would still need to configure a DXL broker, too?

But yes, you are correct. The fact for this particular user, his private IP not going to be able to talk to the public IP makes sense. 

Thank you.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 17 of 17

Re: Unable to view agent logs, not connected to ePO

I can't honestly say that a dxl broker would resolve the single system troubleshooting scenario without testing it (I don't have a way to test currently), but it would help with wakeups and run client task now that also relies on wakeups.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community