cancel
Showing results for 
Search instead for 
Did you mean: 

Where is "Security Keys?"

Jump to solution

Fresh install of a slip-streamed ePO installation provided by a U.S. government organization.

MFS Build:McAfee Foundation Services

5.9.1 (Build 240)

 

Host OS is MS Windows Server 2012 R2

 

User login is an admin account, Login Status is "Enabled",  Authentication is "MFS", permission sets is "User is an administrator."

 

Trying to walk through the configure document.  The doc specifies creating new Security Keys at:

Menu -> Configuration -> Server Settings -> Security Keys

Edit and no keys should exist for "Agent-server communication keys"

 

But I don't see Security Keys as a selection.  Where is it?  Is there a problem with the install or is the documentation wrong, is there missing permissions for the user?

 

The options I see are:

Active Directory Groups

Active Directory User Logon

Certificate-based Authentication

Dashboards

Disaster Recovery

Email Server

Logon Message

Printing and Exporting

Scheduler Tasks

Server Certificate

User Session

 

Thank you,

Kirk

1 Solution

Accepted Solutions

Re: Where is "Security Keys?"

Jump to solution

Solved. ...maybe

So the KB article helped point out something to me.  The file db.properties referenced in the registry key is in the old 8.3 file name length convention.  When I checked the registry key for 8.3 file length compliance, it was set to 2, which did not necessarily guarantee 8.3 compliance.  I reset the key to 0, which forces compliance for all all new files, then ran DISA's copy script again, and, for good measure, manually moved out and back the contents of [install_path]\McAfee\ePolicy Orchestrator\Server\conf\orion\   This ensured all files in that directory have an 8.3 version of the file name.  Restarted, logged in, and now "Menu -> Configuration -> Server Settings -> Security Keys" is now visible, along with a number of other options as well.

 

Interestingly, when I changed the registry key [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\DBPropsFile] to comport with the 255 file name length convention, it failed to affect a change.

 

Now I get to see what next frustrating hurdle DISA has created for me.  This should have been a 1-day install-&-config.  It's taken over a week now.  Thanks DISA...

 

(ref: https://support.microsoft.com/en-us/help/121007/how-to-disable-8-3-file-name-creation-on-ntfs-partit... )

 

18 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 19

Re: Where is "Security Keys?"

Jump to solution

Are you able to see Security key options when you login with default Admin user? (Menu->Configuration->server settings->security keys.

 

Security_keys.PNG

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?

Re: Where is "Security Keys?"

Jump to solution

No, I cannot see "Security Keys" when I log in as the default admin and go to Menu -> Configuration -> Server Settings.

ePO-ServerSettings.png

 

Re: Where is "Security Keys?"

Jump to solution

The default admin user: "admin"

ePO-admin.png

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 19

Re: Where is "Security Keys?"

Jump to solution

At the top of your screen, you see "McAfee Foundation Services".  That indicates that tomcat is not fully loaded, so either you haven't waited long enough for it to load, or there are some issues with the install.  The orion log would show failures, as well as the stderr.log - that log should show a "server startup in xxxxx ms message.  What do you mean by "slip-streamed install"?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Where is "Security Keys?"

Jump to solution

Tomcat: Thanks.  I'll look into it to see if I can find anything.  I don't recall seeing Tomcat in the Windows Services list at all.

Slipstream: This application is provided by DISA.  The boot ISO provides both Win 2012 and ePO as part of a unified install, available only to government agencies.  It is constructed using Microsoft Distribution Toolkit.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 19

Re: Where is "Security Keys?"

Jump to solution

Sorry, I should have been more specific.  The tomcat process is the McAfee epolicy orchestrator application server service.  The orion log is located here (default path - yours may be different):

c:\program files (x86)\mcafee\epolicy orchestrator\server\logs

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 19

Re: Where is "Security Keys?"

Jump to solution

Here is also a little more info on how you might see mfs instead of the fully loaded epo console.  When tomcat starts up, it loads all the core and point product extensions, which can take a few minutes.  If any of them fail to load, it can either shut down the service (killing service due to mismatched extensions or some similar message), or it can just not fully load them all.  The orion log will definitely tell issues with loading them.  If they haven't finished loading, you will see that mfs screen with a partially loaded console menu items and dashboards may show invalid till things finish loading.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Where is "Security Keys?"

Jump to solution

The first few lines of the log file show a load error.  Java it looks like?  But it looks like the files it is looking for are actually there.

First few lines of the log file:

2019-05-06 10:59:24,751 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.1.251\webapp/WEB-INF/lib/epojni java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

2019-05-06 10:59:24,810 WARN [main] jni.LoadJniInitTask - Unable to load native library:D:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\extensions\installed\EPOCore\5.9.1.251\webapp/WEB-INF/lib/DownloadJNI java.lang.UnsatisfiedLinkError Orion_OnLoad returned an error.

2019-05-06 10:59:25,140 ERROR [main] plugin.PluginManager - Initialization of plugin EPOCore failed.
java.lang.UnsatisfiedLinkError: com.mcafee.epo.core.ServerNative.getFipsModeNative()I
at com.mcafee.epo.core.ServerNative.getFipsModeNative(Native Method)
at com.mcafee.epo.core.ServerNative.getFipsMode(ServerNative.java:212)
at com.mcafee.epo.core.EPOCorePlugin.updateFipsMode(EPOCorePlugin.java:205)
at com.mcafee.epo.core.EPOCorePlugin.updateServerInfo(EPOCorePlugin.java:143)
at com.mcafee.epo.core.EPOCorePlugin.doInit(EPOCorePlugin.java:238)
at com.mcafee.orion.core.plugin.PluginImpl.init(PluginImpl.java:145)
at com.mcafee.orion.core.plugin.WebappPlugin.init(WebappPlugin.java:117)
at com.mcafee.orion.core.plugin.PluginManager.initPlugin(PluginManager.java:795)
at com.mcafee.orion.core.plugin.PluginManager.initPlugin(PluginManager.java:740)
at com.mcafee.orion.core.plugin.PluginManager.init(PluginManager.java:376)
at com.mcafee.orion.core.OrionCore.afterStart(OrionCore.java:835)
at com.mcafee.orion.core.server.OrionLifecycleListener.lifecycleEvent(OrionLifecycleListener.java:108)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:155)
at org.apache.catalina.startup.Catalina.start(Catalina.java:694)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:428)

 

epo-java.png

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 19

Re: Where is "Security Keys?"

Jump to solution

Check this kb:

https://kc.mcafee.com/corporate/index?page=content&id=KB76582

If that doesn't apply, then go into the console to registered servers, then edit the local epo server and validate that everything in there matches what is in core/config.  If servername has been changed, or anything like that after the install of your build, then go to server settings, server certificate and regenerate the self-signed cert.  Once you do that, then follow KB90760 to regenerate the cert and see if that helps any.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community