So, yesterday I was following the STIG documents for hardening ePO and I did something that I shouldn't have done. I enabled the firewall and HIPS and now I'm pretty much stuck with no access.
The server is up and running and I can log in via the console if I remote desktop to the server; however, remote console is completely disabled.
Also I'm getting all kinds of other strange errors around. None of my agents will update, they all get unable to communicate with ePO, I can't ping anything, nslookups fail, dfsr won't happen between different AD servers. Pretty hosed if I say so myself.
So I went and disabled from the server, but it's locked to a point where no agents can communicate. I removed the agent from one laptop but its still having issues.
So what I'm wonder is no a how to fix this, but since this is in a lab and we were testing, if I remove ePO and reinstall, should that fix things or since they had agents pushed to them and the agents are doing what they do, does this mean I could be hosed and have to figure out fixes?
I've put everything regarding the Firewall and HIPS back to McAfee defaults but still no joy. Any help would be greately appreciated.
See that's what I figured, but with the jacked up HIPS / FW install on the clients themselves, would they even allow for the new agents to be pushed since I can't agent wake up to them currently?
The agents just continually report unable to communicate to ePO.
Not a firewall expert, so I won't venture an answer. The agent would try to check in every asci interval as per you agent policy. So you might not be able to wake up the devices but they might still try to communicate back to ePO if the same server was still back there listening. Sorry I can't be much more help, maybe someone with more firewall experience will jump in. BUt it doess look like a visit to each device to reinstall the agent manually (you have to generate a FramePkg.exe in ePO to do the manual install) or using the logon script if they still see the domain
Interesting and something I'll take into account. It certianly looks like there is some sort of firewall problem though, because a wakeup agent fails with unable to communicate to the devices.
I'll try and repackage the framework and see if I can locally install. The other strange thing is, all the machines can see the domain itself.
I have a 20.x.x.x network and a 30.x.x.x network.
ePO is on the 30 network and can get to some of the devices. The 20 network though is a completely different story but I can RDP from 20 to 30 and from 30 to 20. So, I'm not 100% sure where my error lies. I do know though that an agent wakeup from ePO does nothing; regardless of network I'm trying to talk too.
Windows FW is on, but it's set to domain mode allow all on inbound and outbound.