cancel
Showing results for 
Search instead for 
Did you mean: 

managing computers in different Windows domain

I have ePO 4.5 running on a server in a Windows 2008 Domain, domain A.

The organisation has an other Windows domain, Domain B, with his own AD Domain controller.

ePO is running on a non-AD Domain controller in Domain A.

I added the ip-range of domain B in DNS of Domain A. From the ePO-server I can ping the computers in domain B and I can access the admin shares of these computers. They all are Windows XP (SP3).

Firewall has ports opened, needed for ePO.

Both networks are permanently connected by VPN.

Now I am trying to deploy the McAfee agent to systems in DomainB, from ePO in DomainA

In the server task log I can see that deploying the agent was successfull.

Than I ran a WakeUp Agent to get the system properties. Also this task completed successfully. But the computer remains unmanaged . .

The strange thing: the duration of the Deploy Agent task was 1 minute, the wakeup agent task less than 1 minute. This seems very short to me.

I created a distributed repository on the Domain controller of Domain B and the update from ePO in Domain A is daily running successfully.

(I perferred to run an ePO in Domain B but that Domain Controller has an underscore in his name. There is no memberserver).

Can anyone help me?

11 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: managing computers in different Windows domain

Hi...

The first thing to check is that the agent has actually been installed correctly on the machines in domain B, and that it s communicating - is the framework service running, and are there any errors in the agent log?

Regards -

Joe

Tristan
Level 15
Report Inappropriate Content
Message 3 of 12

Re: managing computers in different Windows domain

Is there a trust set up between the two AD domains?

Is it that the admin passwords used to deploy and report are not authenicating on the remote computers successfully?

Re: managing computers in different Windows domain

No, there is no trust between the domains.

When deploying the agent from the ePO server to a workstation in the other domain, I use the credentials for the admin in that domain. I checked the workstation and verified that the agent had been installed. But it cannot communicate with the ePO server (only one-way communication seems top be possible, from ePO to workstation). Can I add credentials in the agent to let it communicate with the ePO server in the orther domain?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 12

Re: managing computers in different Windows domain

No credentials are required for an agent to server communications - the only time credentials are required are for the actual installation of the agent.(Agent to server comms are secured with a public / private key pair.)

Can you post the agent log from the affected client machine?

Thanks -

Joe

Re: managing computers in different Windows domain

Here are some documents.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: managing computers in different Windows domain

Okay, the agent is installed and trying (but failing) to communicate. It's trying to talk to 192.100.2.251 on ports 443 and 8080. Is this the correct IP for the server, and is there anything - firewall, for example - that is blocking those ports between the client and the ePO server?

Regards -

Joe

Re: managing computers in different Windows domain

Thanks for the quick response!

The Ip-address is oke.

In the client's firewall the following ports are open: 8080, 8081, 8082 and 8444. But this is for incoming traffic onto the XP machines, so this should not cause the issue.

There are a firewalls (linux) on both locations. I have to check if ports are blocked. It should not, both networks should trust each other.

The ePO server in MS Windows 2008. I disabled the firewall to test but this was not a solution.

I let u know what the results are.

Re: managing computers in different Windows domain

The Agent is installed on de workstation but cannot communicate with the ePO server. I don't know yet what issue is the cause of this. Firewall ports on ePO server are open.

Re: managing computers in different Windows domain

Check the agent to make sure it is installed. If it isnt, see if you can manually install it and see if it will communicate with the ePO server.