cancel
Showing results for 
Search instead for 
Did you mean: 
stickman
Level 12

setup cannot connect to epo server although global admin details used

Hi there,

When trying to upgrade EPO 4.6.6 to EPO 4.6.7. I get message "Setup cannot connect to the EPO server with the credentials you provided". I can login to the EPO with these details and the account is global admin account. I also followed KB77892 (https://kc.mcafee.com/corporate/index?page=content&id=KB77892&impressions=false&act=RATE&actp=search...) and it does not resolve the problem. Any suggestions?

Message was edited by: minion on 3/10/14 9:43:58 AM CDT
0 Kudos
14 Replies
ulyses31
Level 16

Re: setup cannot connect to epo server although global admin details used

Hi minion, are you using special characters in your username or password?

If you're using credentials from AD (domain\user) then it may fail. You should use the built-in admin user or create a new epo local user.

0 Kudos
stickman
Level 12

Re: setup cannot connect to epo server although global admin details used

Hi Lazlo.

No special characters and using new global admin (epo authenication) user I created. I tried investigating the install log but can't see much from that why it fails.

0 Kudos
meforum
Level 10

Re: setup cannot connect to epo server although global admin details used

hi minion,

- what OS you're using?

- Do you try a inplace upgrade (same server) or "upgrade" to a new server (move)

- McAfee ePO services need to be running for the upgrade

- are you sure you've followed the kb? (sorry for that, but I find the kb not so clear what to do...). e.g. if your server is 64 bit - you have to copy the "Remote-Client" folder to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\ , I think. But it also could be that there's some hard coded path - so even on 64bit it has to be "...\program files\..."? Who knows ... just give it a try.

0 Kudos
stickman
Level 12

Re: setup cannot connect to epo server although global admin details used

Hi meforum,

Thanks for your reply see my answers in bold below:

- what OS you're using? server 2008 r2

- Do you try a inplace upgrade (same server) or "upgrade" to a new server (move) restored ovf template from original server on test server

- McAfee ePO services need to be running for the upgrade yep they are running

- are you sure you've followed the kb? (sorry for that, but I find the kb not so clear what to do...). e.g. if your server is 64 bit - you have to copy the "Remote-Client" folder to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\ , I think. But it also could be that there's some hard coded path - so even on 64bit it has to be "...\program files\..."? Who knows ... just give it a try. i have tried copying it to all possible locations

0 Kudos
allyb585
Level 7

Re: setup cannot connect to epo server although global admin details used

Minion,

I am having the same problem when trying to upgrade to 4.6.7. Have you figured anything out? I've checked permissions, created a new global admin, and I was just able to upgrade to 4.6.6 with the same credentials just a month ago.

0 Kudos
stickman
Level 12

Re: setup cannot connect to epo server although global admin details used

Nope not yet, call logged with McAfee. Will post feedback here as soon as they get back to me.

Message was edited by: minion on 3/17/14 1:37:17 AM CDT

Message was edited by: minion on 3/17/14 2:17:38 AM CDT
0 Kudos
ravencross
Level 7

Re: setup cannot connect to epo server although global admin details used

Not sure if this will help but open a command prompt on your ePO server run the command "netstat -an". At the bottom of the list you should see [::]:8005, if not that means that the ePO is not listening on port 8005 which is the port the installer is passing the command to verify the Global Admin credentials. I'm sure there's a way through the config files to open another listener for the ePO on 8005 if you've change it due to security controlls, but I didn't go that route. Instead I used netcat (part of nmap) to open a new listener and forward it to port 8007. To do this follow these steps:

1. Download NMAP (http://www.nmap.org)

2. Install it to the server

3. Open a command prompt as administrator

4. Go to the install directory

5. Run the command ncat --sh-exec "ncat <ip of your ePO (not loop back)> <port used to connect>" -l 8005 --keep-open (http://nmap.org/book/ncat-man-examples.html gives examples)

6. Install the patch

7. Break out of the proxy

8. Remove NMAP from the system

This worked for me after beating my head against the wall.

Update: While the above fix was able to get past the credential issue the patch still failed. Looking into this secondary hurdle.

Update: The failure I'm now receiving occurs when the patch attempts to start the McAfee services. Still no clue why this is happening, but will continue to look.

Update: I get the idiots award for this one. Forgot to disable HIPS on the ePO server. Once HIPS, OAS, and Access Protection were disabled and the port was forwarded both the patch and the HF went without issue. Finally the nightmare is over.

Message was edited by: ravencross on 3/18/14 7:26:02 AM CDT
0 Kudos
stylzz
Level 7

Re: setup cannot connect to epo server although global admin details used

Okay after various checks in install log (EPO450-Install-MSI.LOG, I was able to see a line that looked something like this: SERVERNAME:8443 "<username>" "<password>" https post

I was racking my head against the wall to figure out why this would not work. I continually received the invalid credential error as everyone else that is having this problem. Based on this error, I am assuming it was trying to log onto the server via port 8443. We are using custom ports in our ePolicy configuration. So after configuring non complex passwords for accounts, then ensuring accounts had proper ownership to the db, to no avail, I figured I would try something else. These are the steps I did.

1. Back up server.xml file (c:\prog~\mcafee\epolic~\server\conf)

2. Modify server.xml where it states: "Define a SSL HTTP/1.1 Connector on port 8443" if the "port="####" " is anything different than 8443 then the upgrade will fail. So change the "####" to "8443".

3. Save the file.

4. You can either restart the services or restart the server (I restarted the server)

5. Run your setup.exe file again

6. Enter the credentials of your Global Administrator and it should run through perfectly. 
7. After completion change your server.xml file back to the original

8. Restart your server.

This worked for me....

-- Will

0 Kudos
allyb585
Level 7

Re: setup cannot connect to epo server although global admin details used

I was having the same issue, and I just got 4.6.7 to install. I took Stylzz suggestion as far as the server.xml file needing to be changed. However, my line item "Define a SSL HTTP/1.1 Connector on port 8443" said that, but my "port='####" said 8005. I noticed while running netstat that there was a connection trying to go to 8007 vice 8005 while trying to install. I changed the 8005 to 8007, and changed my shortcut url and it installed.

0 Kudos