This content has been marked as final. Show 16 replies
Don't know but I thought that 127.0.0.1 was a "special" IP reserved for "Local Loopback" and was always resolved as the local machine's network adapter for test purposes....
Is it the client that has the IP of 127.0.0.1 or the server? Can you ping the server from the client station?
I can't tell if you're saying in EPO the agent shows up with an IP of 127.0.0.1 or if the agent is trying to find the server at IP 127.0.0.1.
Open the agent log file and check what IP it thinks the server is at. The log can be found at C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_[hostname].log.
Look for some entries like this:
2009-04-14 00:37:16 I #2088 naInet Connecting to Real Server: [server IP] on port: 8088
2009-04-14 00:37:16 I #2092 Agent Forwarding all events
2009-04-14 00:37:16 I #2088 naInet Connected to ePO Server: [server IP]
The ePO client is registering with the IP address of 127.0.0.1 instead of it's actual IP address, i.e. 192.168.0.201.
When it looks for the ePO server, it's looking for http://127.0.0.1:8088/software/sitestat.xml. So from what I can tell, the client is getting the 127.0.0.1 address AND it's trying to find the ePO server at 127.0.0.1. I think the client giving itself the localhost address is what's causing the client to not be able to find the Sitestat.xml file.
From the client I can ping the ePO server and telnet to all the appropriate ports.
When I did a re-install today, the client had the correct IP entries in the registry until I tried to do a manual update. Then it changed them back to this:
IPAddress - 127.0.0.1
SubnetAddress - 127.0.0.0
SubnetMask - 255.0.0.0
All of the clients that work have their actual IP and subnet info.
Open your sitelist.xml file and check to see what IP it has listed for the server.
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml.
Also, how many network adapters are in the server and client? I had two active network adapters on my server and it put the wrong IP in the sitelist file. That caused a lot of trouble for me.
New development: We called this in to McAfee tech support yesterday and once they found out how our system was set up (ePO server in DMZ w/all clients on internal subnets communicating through firewall) they told us we were running an unsupported configuration and we were on our own. Nice.
The SiteList.xml and ServerSiteList.xml both refer to our ePO server as having an IP address of 127.0.0.1. This is the same as on our systems that work. I'm not sure how the agent is translating this, but the one thing that doesn't seem to happen during the install on the affected box is that the agent is missing a registry key of ServerName|127.0.0.1|8088 in addition to the incorrect IP info that I mentioned before.
The server did have two NICs which were registering, but I disabled the one that wasn't being used. It made sense that the Agent was trying to grab IP info from the wrong NIC, but re-installs after the disable had the same result.
Sounds kind of like you're using VPN's to tunnel through the firewall and the VPN clinet is using some NAT lookup to resolve actual IP's......
Jim: No, it's just a secure environment with firewall rules to only allow communication that is absolutely necessary. There are no VPN's or VPN clients involved. We have other servers in the same subnet that are working properly with our standard installation process, which is what has us stumped.
Well I did think that if you'd been using VPNs then you'd have mentioned it before now ;)
However - I still just can't get my head around your clients actually using 127.0.0.1 - on my PC the dos command NBTSTAT -A 127.0.0.1 returns and error and the IP address reported is the "real" IP address of my PC
EDIT: - of course a subsequent NBTSTAT - A of that IP address return the correct info....
- so as I said earler 127.0.0.1 is not a "normal" IP address and is the Loopback IP for your local PC or Server so I just cannot see why this IP is being used :confused: