cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 1 of 10

ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

Issue: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repositories ... Have over 15 repositories .... At each location there are 50 - 100 systems ... Policy states only to choose repository that is 3 hops away .... The very first repository listed in the policy should only have 50 - 10 systems; it is reporting close to 800 systems 

Enviroment: ePO 5.9.1 build 251 <> Agent 5.5.0.447 <> Agent extension 5.5.0.291 <> VSE 8.8.0.1982 <> VSE extension 8.8.0.655 & 1.2.0.406

Troubleshooting Steps: recreated the repository based off of "McAfee Default", recreated the sitelist.xml on the ePO server, re-deployed agent and confirmed that repository is 3 hops away via tracert ... all to no avail .... systems still default to the very first repository in the policy - essentially bypassing the "3" hop rule. 

 

Open to any other troubleshooting - TIA

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Labels (4)
9 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

Can you test with the 5.5.1 agent to see if issue still occurs?  There are quite a few fixes in that, some including repository issues.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 3 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

 

 Thanks for the suggestion! Reading through the 5.5.1 release notes I spotted: 

Other Fixes

1212954 McAfee Agent no longer performs repository sorting during local policy enforcement. Repository sorting happens only when there is a new policy or change in policies

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27722/en_US/...

Interesting - would that cause it; the repsitory sorting during local policy enforcement?

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

It might be possible, but if you put the agent in debug mode and make a slight change to the repository policy and push it out, you can see exactly how the agent is sorting the repositories.  Have you tried the tracert from the client to repositories to make sure that the ping time is what you expect?  We have seen sometimes that using subnet distance might be more effective.  Sometimes ping times can vary based on certain times of day with congestion to a server or other issues.  Ping time may not be the most reliable.  You can test that first before upgrading if you want.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 5 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

"...slight change to the repository policy and push it out, you can see exactly how the agent is sorting the repositories...." I've done that, even with a policy update now it doesn't really apply ... eventually it does .... only to revert back at a later time.

 

"...tracert from the client to repositories..." Yes, tracert shows 2 or 3 hops and we use subnet distance of 3 hops 

 

What I find interesting about "...Agent no longer performs repository sorting during local policy enforcement...." is that the first policy sync the system pulls from the correct repository and soon after ... it defaults back to the very 1st repository on the sitelist ... even thou the 1st repository is 20 hops away it still pulls from there ... disregarding what the first policy sync stated which is 2 or 3 hops

 

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

Can you email me all the logs in the c:\programdata\mcafee\agent\logs folder after enabling debug logging and duplicating the issue?

caryn_dinet@mcafee.com

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 7 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

sent - TIA

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

I pressed the me 2 button however what I have seen is a little different.

In stead of choseing the repository based on hops we have use the repositories as per the list.

When the first repository on the list failed, due to a server disk space issue, the agents moved to the second repository on the list as expected.

We have a number of 4.8 and 5.06 and 5.51 agents in the fleet.

When the first repository on the list was fixed and replcated the 4.8 agents promptly returned to it for updates. 

However all of the 5.x machines did not.

Any minor change to the policy that causes it to refresh seems to resolve this and the machines return to the first repository.

I have simplified this statement slightliy as the first on the list is a dynamic UNC path based on the location of the endpoint and all the repositories are updated via a master repository which was the server that had the issue.

What Im wondering is if the local agent does not re-sort the list locally how will they ever return to the first repository by them selves unless we reapply the policy. 

The release notes say "only when there is a new policy or change in policies" is that not a bug rather than a feature......?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

No, it is not a bug, it is the way the agent functions.  If repo 1 is being used and then goes down for some reason, agent moves to repo 2.  It has no knowledge that repo 1 is now back up until a reorder of the sitelist occurs.  You don't want all your systems constantly pinging repositories, so this is behaving as designed.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: ePO 5.9.1 / Agent 5.5.0.447 not using the correct repository

As an update to this issue with subnet distance, this will be fixed in ma 5.6 that is scheduled to be released end of October or early November tentatively.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.