cancel
Showing results for 
Search instead for 
Did you mean: 

ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

I am a deployment lead at an Enterprise organization. The ePO administrator is having difficulties installing agents across the enterprise which she blamed on computers having duplicate names and IP addresses (re-imaged computers showing up in the network with two names and two different IP addresses through the ePO server). Also she claims she cannot push the Agent and then the AV ans AS installs. It runs on a schedule of 2:30 pm for the agent and 3:30 pm for the AV cllient and then 4:00pm for the AS module.

We were deploying workstations bare without any antivrus or antispyware but the delay was exposing our workstations for an extraordinary amount of time which may have led to some of them being infected by viruses. So as the main lead I thought it would not hurt to pre-deploy VirusScan 8.7i onto the image (with no agent installed). She says that this practice of pre-installing VirusScan causes her not to be able to 'see' the computers and deploy the ePO agent. The facts are  is that she can deploy the agent on some of the machines but not others (same exact image).  I don't think that the ePO server should be thwarted by VirusScan already being deployed.Can anyone tell me the facts?

ePO server 4.0

epO agent 4.0.0.1494

VirusScan 8.7i Patch 3 (8.7.0.570)

Antispy Module 8.7.0.129

Windows XP workstations

Windows 7 workstations

Windows Server 2003

Windows Server 2008

4 Replies
Mal09
Level 12
Report Inappropriate Content
Message 2 of 5

Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

First issue (having problems deploying to machines with same name/ip) could be correct. Depends on a lot of things and the way EPO is set up in the organisation.

I don't believe the second issue (pushing ASE/VSE instantly) is actually an issue. The EPO Admin should be able to get computers to get the software at any stage.

Third issue (VSE already installed affecting CMA install from EPO) is not correct. CMA will install regardless of VSE or ASE already on the machine. However, it can cause some issues with features being enabled that the Admin specifically doesn't want installed (eg Email scanners etc).

Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

What would some the things that would cause workstations to show duplicate IP/Host Names in the EPO server?

Also how does the ePO administrator push the Agent/VSE/ASE instantly to a workstation or a group of workstations(lab)?

ittech
Level 13
Report Inappropriate Content
Message 4 of 5

Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

I totally agree with Mal09.

We pre-install VSE 8.7i and AntiSpyware before deploying an agent in my environment. We have an AD domain and our ePO syncs with that everynight and an agent is deployed to any unmanaged system. It works well.

The duplicate PCs/IPs could be a result of the ePO actively searching for PCs combined with Syncing if you have that in place.

Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

johnbtech wrote:

I am a deployment lead at an Enterprise organization. The ePO administrator is having difficulties installing agents across the enterprise which she blamed on computers having duplicate names and IP addresses (re-imaged computers showing up in the network with two names and two different IP addresses through the ePO server). Also she claims she cannot push the Agent and then the AV ans AS installs. It runs on a schedule of 2:30 pm for the agent and 3:30 pm for the AV cllient and then 4:00pm for the AS module

Hi John,

Well, this problem has been discussed in several places here at these forums.

I think the problem is related to AgentGUID and MacAddress within the image getting cloned and thereby not Unique. ePO gets confused and creates the problems you specified.

The solution can be handled best during the imaging process. Just before creating the image, delete the AgentGUID and MacAddress registry entries (listed below). Immediately create the image without rebooting or any further ePO ASCI. When the image is cloned to the new PC, these registry entries are constructed uniquely.

Alternatively, you could delete these registry entries after the cloning process, but before access to the ePO server is initiated.

See this thread for details: https://community.mcafee.com/message/140545#140545

Below, I have used this batch file to handle the process of deleting these entries. The script is designed to be used with either technique as you desire (pre or post image deployment).


DeleteAgentGUID-MacAddress.Bat:

@echo off
title  McAfee AgentGUID and MacAddress Removal Tool - by Ron Metzger
      echo.
      echo  The McAfee Agent communicates with ePO, Protection Pilot, or McAfee's
      echo  update services, using registry values of AgentGUID and MacAddress, to
      echo  uniquely identify each system. Imaging or duplicating a system breaks
      echo  these unique identifiers. Clearing these values, followed by a reboot or
      echo  services restart, repopulates these values with new and unique entries.
      echo.
      echo  Prior to duplication, clear these registry entries and create the image
      echo  before restarting services or rebooting.
      echo.
      echo  Otherwise,
      echo.
      echo  After duplication, clear these values, then reboot or restart the services.
      echo.
      echo  VSE v8.7i (or above) by default, self-protects against certain changes.
      echo  In order to make either registry change, temporarily disable the
      echo  self-protection settings within VSE v8.7i (or above).
      echo.
      echo  From the VirusScan Console:
      echo  Access Protection > Properties
      echo    Uncheck 'Prevent McAfee services from being stopped'
      echo    Common Standard Protection
      echo      Uncheck (un)Block 'Prevent modification of McAfee files and settings'
      echo      Uncheck (un)Block 'Prevent modification of McAfee Common Management Agent'
      echo.
      Choice.exe /C:YN /N " Press  Y  to continue,  N  to skip . . ."
      if ErrorLevel 2 goto Exit
      echo  Stopping services . . .
      net stop McAfeeFramework /yes
      net stop McShield /yes
      net stop McTaskManager /yes
      echo  Stopping services, done.
      echo  Deleting registry entries . . .
      REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F
      REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F
      REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /f
      REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /f
      echo  Deleting registry entries, done.
      echo.
      echo  Please re-enable the self-protection settings within
      echo  VSE v8.7i (or above) to there original values.
      echo.
      echo  From the VirusScan Console:
      echo  Access Protection > Properties
      echo    Check 'Prevent McAfee services from being stopped'
      echo    Common Standard Protection
      echo      Check Block 'Prevent modification of McAfee files and settings'
      echo      Check Block 'Prevent modification of McAfee Common Management Agent'
      echo.
      Choice.exe /C:YN /N " Press  YN  to continue . . ."
      echo.
      echo  About to restart McAfee services.
      echo  This will repopulate AgentGUID and MacAddress values.
      echo.
      echo  Please do Not start these services if Imaging this system Now. (Choose Skip.)
      echo.
      Choice.exe /c:YN /T:N,15 /N " Restart Services?  Y  to continue,  N [or wait 15 seconds]  to skip . . ."
      if ErrorLevel 2 goto Exit
      echo  Starting services . . .
      net start McAfeeFramework /yes
      net start McShield /yes
      net start McTaskManager /yes
      echo  Starting services, done.
      Choice /c:YN /T:Y,15 /N " Press  YN [or wait 15 seconds]  to continue . . ."

:Exit

Hope this helps.

Ron Metzger