cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers

I manage an ePO server in my office and have recently deployed a new ePO server in a separate office that is 1500 miles away.  Both ePO servers are in separate domains and manage systems only in their respective domains.

I have turned on Rogue System Detection and find that the the managed systems for each ePO server are being reported as Rogues in the other ePO server.

I found the option under Configuration --> Server Settings --> ePO Servers and added the other ePO server using the name, fully qualified domain name and even tried the IP, but nothing seems to work.  The Agents in one domain can't seem to report to the ePO server in the other domain that they exist and this system is managed by another ePO server.

Has any one worked with RSD this way?  Any advice on how to get the foriegn agent to talk to the server?

Any help would be appreciated.

Thanks,

Patrick

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers

Go to Configuration --> Server Settings --> Rogue System Matching and in the Alternative McAfee Agent Ports section, put the agent wakeup port of the other server. This will help identify the systems of the other server as "Alien" instead of "Rogue".

Re: ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers

Greg,

Thanks for answering.  I did as you suggested and found no difference.  The ePO servers do not recognize that there are Agents installed if they are installed by the foreign server and systems are still reporting as rogues.

There was one other thing I did try and that was to modify the Agent wake-up communication port and the Agent broadcast communication port on one server because they were the same on both servers.  I waited 24 hours to see if there was any difference, and there was not.  Is there something I need to do to cause the servers to re-examine the rogues now that the alternate port has been added?

For reference here are the ports:

                                                                      Server 1               Server 2

Agent-to-server communication port:                    80                         8888

Agent-to-server communication secure port:         Enabled 443          Enabled 443

Agent wake-up communication port:                    8083                     8081

Agent broadcast communication port:                  8084                     8083

Console-to-application server comm port:             8443                    8443

Client-to-server authentication comm port:            8444                     8444

Any other thoughts?

Thanks,

Patrick

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers

Try enabling the "RSD: Query New Rogue Detection" Automatic Response.

For the machines that are listed as rogue, if you "Query Agent", does that help?