cancel
Showing results for 
Search instead for 
Did you mean: 
ChrisR
Level 7
Report Inappropriate Content
Message 1 of 16

ePO agent not reporting in on OSX 10.6

Recently i've been upgrading all my computers to 10.6 and for some reason getting the ePO agent to report in is a hit or miss affair. It either reports in normally within the correct time frame or it will not check in no matter what i do.

I've tried reformatting the computer, pinging the ePO server to confirm that it can connect, reinstalling the agent, uninstalling VirusScan, changing the hostname, confirmed firewall exception for cma and disabled firewall on the computer, confirmed that cma application is running, and moved the cma folder (Located under /Library/McAfee/cma) from a currently reporting machine onto the machine no longer reporting.

Under Netstat it appears a connection has been made to the ePO server but when i go to http://localhost:8081 on the computers in question I get a 404 error.

I am currently using ePO 4.5

on 8/13/10 11:34:41 AM CDT
15 Replies
ChrisR
Level 7
Report Inappropriate Content
Message 2 of 16

Re: ePO agent not reporting in on OSX 10.6

I have some new information.

1. I have noticed this problem also occurring on 10.5 as well.

2. Under /Library/Mcafee/cma/scratch it appears the epo agent is retrieving the correct information needed to contact the server

3. When the problem is occurring Mcafee virus scan software only has the default repos installed.

It also appears that the epo agent creates a log file somewhere but i can't seem to locate it. Where would this be located?

Re: ePO agent not reporting in on OSX 10.6

The logs appear to be located in /Library/McAfee/cma/scratch/etc

As for your problem, I have no idea what the cause might be.  We have not experienced that here.

Re: ePO agent not reporting in on OSX 10.6

I've been poking around a little on this, because I want to better understand how McAfee works on the Mac.

First run '# netstat -an | grep 8081' to make sure you have a listener on that port.

Then become root like this '% sudo su -'.

Then run '# lsof -r -i TCP' | grep cma' to see what's listening on that port:

'# lsof -r -i TCP | grep cma'

The results should look like this:


cma       2636           root    9u  IPv6 0x0c9621f0      0t0  TCP *:sunproxyadmin (LISTEN)

You can also run '# ps -A | grep cma' to make sure the agent is running.

You should see this:

# ps -A | grep cma
2636 ??         0:30.56 /Library/McAfee/cma/bin/cma

If all this checks out, then I can't explain why you're getting a 404.  Since you're getting a 404, logically it seems that the sunproxyadmin service is listening and responding on the port but is refusing the request.  A 404 error indicates that the web server cannot find the file requested.  Perhaps you have a permissions problem?  Or a missing file?  When I view http://localhost:8081 or remotely view another Mac, what I have presented to me is the logfile found in /Library/McAfee/cma/scratch/etc/.  Perhaps the logfile is missing?  Or it doesn't have the correct permissions?

# ls -lsa /Library/McAfee/cma/scratch/etc/log
24 -rw-r--r--  1 root  wheel  9133 Nov 17 21:45 /Library/McAfee/cma/scratch/etc/log

The sunproxyadmin service is owned by cma.  If the logfile isn't world writeable, the service won't be able to display the file.

Edited to add:

It occurs to me that you could create a file named log in that directory and type something in it.  If it shows up in the browser, then that confirms the source of your problem.  The logfile is missing or not readable by the sunproxyadmin service.


Message was edited by: pschmehl on 11/17/10 10:23:55 PM CST
ChrisR
Level 7
Report Inappropriate Content
Message 5 of 16

Re: ePO agent not reporting in on OSX 10.6

Everything that you said exists and is correct. The log file is there and has the correct permissions. The service is there and listening on the correct port.

I went ahead and set everything under /Library/Mcafee to 777 to see if that does anything but i think i remember doing this before and it made no difference.

Here is my log file for reference:

Re: ePO agent not reporting in on OSX 10.6

Can you post a log from an initial install?  I can compare that to one of mine and see if there are any differences.

ChrisR
Level 7
Report Inappropriate Content
Message 7 of 16

Re: ePO agent not reporting in on OSX 10.6

Here is the log file. I also went ahead and tar'd up the entire cma folder.  I changed the permissions on the scratch folder so it can been viewed.

Re: ePO agent not reporting in on OSX 10.6

If the log file you posted is truly the very first log entries of a new install, then there is a part missing.  Here's the initial part of my log:

2010-11-16 23:18:45 [2636] [LPCDLLManager] Successfully loaded LPC runtime /Library/McAfee/cma/lib/libmfelpc.dylib
2010-11-16 23:18:45 [2636] [LpcConnMgr] Initializing lpc data
2010-11-16 23:18:45 [2636] [LpcConnMgr] Registering software id EPOAGENT3700MACX with a hash value of 106251147
2010-11-16 23:18:45 [2636] [LpcConnMgr] Registering software id CMNUPD__3000 with a hash value of 1496913389
2010-11-16 23:18:45 [2636] [LpcConnMgr] Registering software id CMNUPD__3000 with a hash value of 1496913389
2010-11-16 23:18:46 [2636] [LpcConnMgr] Starting lpc connection manager
2010-11-16 23:18:46 [2636] [LpcConnMgr] Setting up lpc server
2010-11-16 23:18:46 [2636] [LpcConnMgr] lpc server path /Library/McAfee/cma/scratch/pipe
2010-11-16 23:18:46 [2636]  [UnxLpcSvr] Initializing LPC server
2010-11-16 23:18:46 [2636]  [UnxLpcSvr] Starting LPC server
2010-11-16 23:18:46 [2636]  [UnxLpcSvr] Creating server run thread
2010-11-16 23:18:46 [2636]  [UnxLpcSvr] server started successfully
2010-11-16 23:18:46 [2636] [LpcConnMgr] Setting up message queue
2010-11-16 23:18:46 [2636] [LpcConnMgr] Setting up heart beat component
2010-11-16 23:18:46 [2636]    [persite] Cache file location = /Library/McAfee/cma/scratch/etc/sitecache.bin
2010-11-16 23:18:46 [2636]    [persite] Cabundle file location = /Library/McAfee/cma/scratch/etc/cabundle.cer
2010-11-16 23:18:46 [2636]     [imsite] Found site name=McAfeeHttp
2010-11-16 23:18:46 [2636]     [imsite] Found site name=Allshare
2010-11-16 23:18:46 [2636]     [imsite] Found site name=ePO_UTDADMCMSV01
2010-11-16 23:18:46 [2636]     [naInet] HTTP Session initialized
2010-11-16 23:18:46 [2636]     [imsite] Connecting to site: 10.180.26.11 on port: 443
2010-11-16 23:18:46 [2636]     [naInet] HTTP Session closed
2010-11-16 23:18:46 [2636]  [Management]  Starting management subsystem

The last line is the first line of the log you posted.

ChrisR
Level 7
Report Inappropriate Content
Message 9 of 16

Re: ePO agent not reporting in on OSX 10.6

Alright i've done some digging and found a difference between the two installs.

/Library/Mcafee/cma/scratch/etc/Sitelist.xml

This file differs between a "correct" installation and a "incorrect" installation.

This is what the one installed on an incorrect installation looks like

<?xml version="1.0" encoding="UTF-8"?>

<nsSmiley FrustratediteLists xmlns:ns="naSiteList" LocalVersion="20030131002737" Type="Client" GlobalVersion="20030131003110">

<SiteList Default="1" Name="Default">

<HttpSite Name="McAfeeHttp" ID="McAfeeHttp" Server="update.nai.com:80" Enabled="1" Order="1" Type="repository" Local="1">

<RelativePath>products/commonupdater</RelativePath>

<UseAuth>0</UseAuth>

<UserName/>

<Password Encrypted="1">f2mwBTzPQdtnY6QNOsVexH9psAU8z0HbZ2OkDTrFXsR/abAFPM9B3Q==</Password>

</HttpSite>

<FTPSite Name="McAfeeFtp" ID="McAfeeFtp" Server="ftp.nai.com:21" Enabled="1" Order="2" Type="fallback" Local="1">

<RelativePath>CommonUpdater</RelativePath>

<UserName>anonymous</UserName>

<Password Encrypted="1">MQCBNesmh4xsoov8E4KA/i9ukpwRoD3RDId9bU+InCJ/abAFPM9B3Q==</Password>

</FTPSite>

<SpipeSite Type="master" Name="" Order="0" Enabled="1" Local="0" Server="" ServerName="" ServerIP="">

<RelativePath>Software</RelativePath>

<UseAuth>0</UseAuth>

<UserName></UserName>

<Password Encrypted="1">f2mwBTzPQdtnY6QNOsVexH9psAU8z0HbZ2OkDTrFXsR/abAFPM9B3Q==</Password>

</SpipeSite>

</SiteList>

</nsSmiley FrustratediteLists>

On a correct installation this file contains the location of the epo server it needs to connect to.
There are a few other files that are also changed but it looks like they all depend on this file which is passed in by the installer script.
I'm still trying to debug where the file gets altered during the installation process. Currently i'm digging around in the cma.pkg but it's looking like the error might be in the cma starter script.

Message was edited by: ChrisR on 12/2/10 4:00:20 PM CST
ChrisR
Level 7
Report Inappropriate Content
Message 10 of 16

Re: ePO agent not reporting in on OSX 10.6

Ok it've done a bit more digging. It looks like the error lies within the cma.pkg installer. It looks like there are two install methods available for the installer even though none are selected when the installer is called. So it looks like by default for me it is selecting the upgrade install instead of the fresh install. It appears the upgrade install tries to backup and reuse many of the files that the install option adds in manually. Since it is a clean install the update can not find the files to place back in their locations (it doesn't appeary any error checking is in place to see if these files exist in the first place either). Thats why the agent is always warning me about missing files.