cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 5.3 and Microsoft DirectAccess

I've recently deployed Microsoft DirectAccess (Server 2012 R2 and all Win 8.1 clients) and was under the impression that since the ePO agent uses the FQDN of the ePO server to communicate back to that server that agent communication should work over DirectAccess without Manage Out setup.  I have ePO 5.3 deployed and this does not seem to be the case.  In the Agent Monitor I typically see "Agent is connecting to ePO server" followed by "Agent failed to communicate with ePO Server" a few minutes later.  I have verified that while this is happening I'm able to connect to the ePO server web interface.  What am I missing here?  Is "Manage Out" required?

8 Replies

Re: ePO 5.3 and Microsoft DirectAccess

From what I can tell, as we have the exact same issue, the McAfee agent first attempts to connect via the IPv4 address in ServerSiteList.xml - which obviously won't work via DirectAccess.

We have 'Manage Out' enabled, and it works great for everything EXCEPT ePO/McAfee Agent.  ePO can send a wake-up to the DirectAccess clients, but they cannot communicate back, due to the IP4 requirement.

I don't know if there are any workarounds, but I'm going to be opening an incident with McAfee/Intel Support

Re: ePO 5.3 and Microsoft DirectAccess

UPDATE:  I'm having fun with McAfee support.  They seem to think this is a TCP port issue, which it most definitely is NOT.  I've responded to them to attempt to explain the issue again.  Hopefully this will get escalated to someone who understands how the agent actually communicates and how this is an issue with DirectAccess and IPv6 systems.

it-afd
Level 7
Report Inappropriate Content
Message 4 of 9

Re: ePO 5.3 and Microsoft DirectAccess

Got the same problem. As you can see in this trace, it use IPv4 address

McA.png


Re: ePO 5.3 and Microsoft DirectAccess

Hi,

we have the same problem. Did anyone get a solution for this?

Regards

Daniel

Re: ePO 5.3 and Microsoft DirectAccess

I've got an incident open with support.  They initially responded with "open a product enhancement request", at which point I brought this to our McAfee partner and our McAfee rep directly.

I just received a confirmation that they're working on a patch for the agent and it should be available soon.

Highlighted
JayMan
Level 10
Report Inappropriate Content
Message 7 of 9

Re: ePO 5.3 and Microsoft DirectAccess


Good to know... We've been using DirectAccess for quite some time & haven't had these issues with McAfee Agent 4.8 (to ePO 5.1.1). Will have to make sure this is fixed before we upgrade.

Re: ePO 5.3 and Microsoft DirectAccess

I'm just about to dig into troubleshooting this myself.  Has there been an update on this issue?

Re: ePO 5.3 and Microsoft DirectAccess

Actually... YES!  Sorry for not updating here.  McAfee support issued a hotfix, HF1108716.  This brought the agent version up to 5.0.2.285.

They have since released additional patches for the agent, but we haven't yet tested if those patches include this fix.  I would expect that they do.

UPDATE: The release notes for 5.0.2.333 seem to indicate this is fixed in that RTW patch.  We have confirmed this with our testing.

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26386/en_US/...

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community