1 2 Previous Next 17 Replies Latest reply on Feb 18, 2010 4:05 AM by rackroyd

    EPO not communicating on multiple clients

      We have multiple clients that never receive their policy therefore never get AV installed.

      Mixture of Windows XP and some Windows 7 machines with the same problem. Our firewalls are setup via GPO so allowing rules to and from the EPO client to the server.

      When browsing a machine directly (http://machinename:8081) I get HTTP 403 forbidden "This Website requires you to log in"

      I have disabled the Firewall services (although because we're getting a 403 we know the firewall is not blocking) no difference to the symptoms.

      We've re-installed EPO and rebooted multiple times and are at a loss as to what could be causing this. For a brief moment a few minutes agao, one of the machines started working (even though nothing was changed), then stopped again. What's going on???

      Any pointers?

      edit - EPO Version 4.0.0.1444

      Moved from home products to Corporate - MOD
        • 1. RE: EPO not communicating on multiple clients
          Looking more into this, I have found the following in the Agent Log -

          2009-09-30 07:09:38 i #1700 LstnSvr Remote access to log is disabled through policy
          2009-09-30 07:11:22 i #1444 Agent Agent Started Enforcing policies
          2009-09-30 07:11:22 I #1444 Agent Thread time-out occurred
          2009-09-30 07:11:22 I #1444 Manage Enforcing policies
          2009-09-30 07:11:22 i #1444 Manage Enforcing Policies for EPOAGENT3000META
          2009-09-30 07:11:22 i #1444 Manage Enforcing Policies for EPOAGENT3000
          2009-09-30 07:11:22 I #1444 Manage CManage::EnforcePolicies() - No policies available for - "EPOAGENT3000".
          2009-09-30 07:11:22 I #1444 Manage CManage::EnforceAgentPolicy() - FAILED to get Policy For Agent)
          2009-09-30 07:11:22 i #1444 Agent Agent finished Enforcing policies
          2009-09-30 07:11:22 i #1444 Agent Next policy enforcement in 5 minutes
          2009-09-30 07:11:23 I #1600 Agent Sending the next batch of immediate events
          2009-09-30 07:11:23 i #1600 Agent Agent is looking for events to upload
          2009-09-30 07:11:23 I #1600 Agent Agent did not find any events to upload
          2009-09-30 07:11:23 I #1600 Agent Agent did not find any events to upload
          2009-09-30 07:11:23 I #1600 Agent Agent did not find any events to upload
          2009-09-30 07:16:22 i #1444 Agent Agent Started Enforcing policies
          2009-09-30 07:16:22 I #1444 Agent Thread time-out occurred
          2009-09-30 07:16:22 I #1444 Manage Enforcing policies
          2009-09-30 07:16:22 i #1444 Manage Enforcing Policies for EPOAGENT3000META
          2009-09-30 07:16:22 i #1444 Manage Enforcing Policies for EPOAGENT3000
          2009-09-30 07:16:22 I #1444 Manage CManage::EnforcePolicies() - No policies available for - "EPOAGENT3000".
          2009-09-30 07:16:22 I #1444 Manage CManage::EnforceAgentPolicy() - FAILED to get Policy For Agent)
          2009-09-30 07:16:22 i #1444 Agent Agent finished Enforcing policies
          2009-09-30 07:16:22 i #1444 Agent Next policy enforcement in 5 minutes
          2009-09-30 07:16:23 I #1600 Agent Sending the next batch of immediate events
          2009-09-30 07:16:23 i #1600 Agent Agent is looking for events to upload
          2009-09-30 07:16:23 I #1600 Agent Agent did not find any events to upload
          2009-09-30 07:16:23 I #1600 Agent Agent did not find any events to upload
          2009-09-30 07:16:23 I #1600 Agent Agent did not find any events to upload


          I can now see why we cannot view the log via IE, I will look into this. It still does not explain why the McAfee software doesn't install....

          Are there other log files I should be looking in, I cannot see anything recent or seemingly relevant in the _Error log.
          • 2. RE: EPO not communicating on multiple clients
            went to the server and forced the deployment task and monitored the log file -


            2009-09-30 07:31:22 i #1444 Agent Agent Started Enforcing policies
            2009-09-30 07:31:22 I #1444 Agent Thread time-out occurred
            2009-09-30 07:31:22 I #1444 Manage Enforcing policies
            2009-09-30 07:31:22 i #1444 Manage Enforcing Policies for EPOAGENT3000META
            2009-09-30 07:31:22 i #1444 Manage Enforcing Policies for EPOAGENT3000
            2009-09-30 07:31:22 I #1444 Manage CManage::EnforcePolicies() - No policies available for - "EPOAGENT3000".
            2009-09-30 07:31:22 I #1444 Manage CManage::EnforceAgentPolicy() - FAILED to get Policy For Agent)
            2009-09-30 07:31:22 i #1444 Agent Agent finished Enforcing policies
            2009-09-30 07:31:22 i #1444 Agent Next policy enforcement in 5 minutes
            2009-09-30 07:31:22 I #1600 Agent Sending the next batch of immediate events
            2009-09-30 07:31:22 i #1600 Agent Agent is looking for events to upload
            2009-09-30 07:31:22 I #1600 Agent Agent did not find any events to upload
            2009-09-30 07:31:22 I #1600 Agent Agent did not find any events to upload
            2009-09-30 07:31:22 I #1600 Agent Agent did not find any events to upload


            Starting to answer my own questions here, but that EPOAGENT3000 doesnt look right to me on a V4 agent?
            • 3. RE: EPO not communicating on multiple clients
              anyone? I've had other things on so not had time to work on this, someone must have some ideas please?
              • 4. RE: EPO not communicating on multiple clients
                Not much help but I can verify that I also get EPOAGENT3000 and EPOAGENT3000META, when enforcing policies, when using McAfee Agent 4.0. Which leads me to believe the number doesn't really correspond with the version.

                But maybe you should try to re-install the EPOAGENTMETA.zip in the extensions? as it appears your EPO server is missing the policies, or parts of them?

                BR
                Pouria
                • 5. RE: EPO not communicating on multiple clients
                  JoeBidgood
                  As Pouria says, EPOAGENT3000 is the correct identifier for both 3.x and 4.x agents.
                  However checking in the extension again is unlikely to help, I think: the "no policies" message is a symptom of the fact that the agent is not communicating and therefore has not been able to receive a policy.

                  What does it say in the agent log when the agent is trying to talk to the server? You're looking for entries like "agent is connecting to epo server"...

                  Thanks -

                  Joe
                  • 6. RE: EPO not communicating on multiple clients
                    just forced a check policies, here is the new entries in the logs -

                    2009-10-06 16:26:19 i #2520 Agent Agent started performing ASCI
                    2009-10-06 16:26:19 I #2520 Agent Collecting IP address using Internet Manager
                    2009-10-06 16:26:19 I #2520 persite Cache file location = C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\sitecache.bin
                    2009-10-06 16:26:19 I #2520 persite Cabundle file location = C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\cabundle.cer
                    2009-10-06 16:26:19 I #2520 naInet HTTP Session initialized
                    2009-10-06 16:26:19 I #2520 imsite Connecting to site: 10.52.254.54 on port: 80
                    2009-10-06 16:26:19 I #2520 naInet HTTP Session closed
                    2009-10-06 16:26:19 I #2520 Agent CAgentWork::IsMacAddressComputerNameChanged priority=-2
                    2009-10-06 16:26:19 i #2520 Agent Checking MAC address...
                    2009-10-06 16:26:19 i #2520 Agent Computer Name is changed..regenerating Agent ID
                    2009-10-06 16:26:19 I #2520 Agent Agent is sending properties version to the ePO Server
                    2009-10-06 16:26:19 I #4468 Agent Started processing a package..
                    2009-10-06 16:26:19 I #4468 Agent Preparing Props Version Package
                    2009-10-06 16:26:19 I #4468 Agent Collecting IP address using Internet Manager
                    2009-10-06 16:26:19 I #4468 naInet HTTP Session initialized
                    2009-10-06 16:26:19 I #4468 imsite Connecting to site: 10.52.254.54 on port: 80
                    2009-10-06 16:26:19 I #4468 naInet HTTP Session closed
                    2009-10-06 16:26:19 I #4468 SpiPkgr Using sequence number 761
                    2009-10-06 16:26:19 i #4468 Agent Agent communication session started
                    2009-10-06 16:26:19 i #4468 Agent Agent is sending PROPS VERSION package to ePO server
                    2009-10-06 16:26:19 i #4468 Agent Agent is connecting to ePO server
                    2009-10-06 16:26:19 I #4468 imutils Trying with site: 10.52.254.54:80
                    2009-10-06 16:26:19 I #4468 naInet HTTP Session initialized
                    2009-10-06 16:26:19 I #4468 imsite Upload from: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00128993163796640000_2573358779.spkg
                    2009-10-06 16:26:19 I #4468 imsite Upload response target: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00128993163798510000_4126439973.spkg
                    2009-10-06 16:26:20 I #4468 naInet HTTP Session closed
                    2009-10-06 16:26:20 i #4468 Agent Package uploaded to ePO Server successfully
                    2009-10-06 16:26:20 I #4468 SpiPkgr Signature length is 45
                    2009-10-06 16:26:20 i #4468 Agent Agent communication session closed
                    2009-10-06 16:26:20 i #4468 Agent Agent received REQUEST PROPS package from ePO server
                    2009-10-06 16:26:20 I #4468 Agent Started processing a package..
                    2009-10-06 16:26:20 I #4468 Agent Preparing Props Package
                    2009-10-06 16:26:20 I #4468 Agent Collecting IP address using Internet Manager
                    2009-10-06 16:26:20 I #4468 naInet HTTP Session initialized
                    2009-10-06 16:26:20 I #4468 imsite Connecting to site: 10.52.254.54 on port: 80
                    2009-10-06 16:26:20 I #4468 naInet HTTP Session closed
                    2009-10-06 16:26:20 I #4468 SpiPkgr Using sequence number 762
                    2009-10-06 16:26:20 i #4468 Agent Agent communication session started
                    2009-10-06 16:26:20 i #4468 Agent Agent is sending FULL PROPS package to ePO server
                    2009-10-06 16:26:20 i #4468 Agent Agent is connecting to ePO server
                    2009-10-06 16:26:20 I #4468 imutils Trying with site: 10.52.254.54:80
                    2009-10-06 16:26:20 I #4468 naInet HTTP Session initialized
                    2009-10-06 16:26:20 I #4468 imsite Upload from: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00128993163803510000_3150686783.spkg
                    2009-10-06 16:26:20 I #4468 imsite Upload response target: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00128993163805530000_1429539353.spkg
                    2009-10-06 16:26:21 I #4468 naInet HTTP Session closed
                    2009-10-06 16:26:21 i #4468 Agent Package uploaded to ePO Server successfully
                    2009-10-06 16:26:21 I #4468 SpiPkgr Signature length is 45
                    2009-10-06 16:26:21 i #4468 Agent Agent communication session closed
                    2009-10-06 16:26:21 i #4468 Agent Agent received POLICY package from ePO server
                    2009-10-06 16:26:21 I #4468 Agent Started processing a package..
                    2009-10-06 16:26:21 I #4468 Agent Processing PropsResponse package
                    2009-10-06 16:26:21 I #4468 Agent Looking for new sitelist from server
                    2009-10-06 16:26:21 i #4468 Agent New Site List file was received
                    2009-10-06 16:26:21 I #4468 Agent Looking for new event filter from server
                    2009-10-06 16:26:21 I #4468 Agent Looking for new repository keys hash file from server
                    2009-10-06 16:26:21 I #4468 Agent Looking for new policy from server
                    2009-10-06 16:26:21 i #4468 Agent New server policy was successfully merged
                    2009-10-06 16:26:21 i #4468 Agent Enforcing newly downloaded policies
                    2009-10-06 16:26:21 I #4468 Agent Agent Enforce Policy Interface called
                    2009-10-06 16:26:21 i #6008 Agent Agent Started Enforcing policies
                    2009-10-06 16:26:21 I #6008 Agent Thread signal occurred
                    2009-10-06 16:26:21 I #6008 Manage Enforcing policies
                    2009-10-06 16:26:21 i #6008 Manage Enforcing Policies for EPOAGENT3000META
                    2009-10-06 16:26:21 I #6008 Datastore Did not find software ID EPOAGENT3000
                    2009-10-06 16:26:21 I #6008 Manage Failed to read EnforcePolicy. Error code -1201
                    2009-10-06 16:26:21 i #6008 Agent Agent finished Enforcing policies
                    2009-10-06 16:26:21 i #6008 Agent Next policy enforcement in 5 minutes


                    Looks like it is talking to the EPO server. I have searched for "Failed to read EnforcePolicy. Error code -1201" before and not found any help..
                    • 7. RE: EPO not communicating on multiple clients
                      JoeBidgood
                      Yes, looks like it's communicating OK. Can you try this on one of the affected machines?

                      1) Stop the framework service
                      2) Delete the following files from the agent data folder:
                      server.xml
                      serverdefault.xml
                      compiled.xml
                      3) Start the framework service again
                      4) Send a wakeup call to the machine

                      This will make the machine request a completely new set of policies from the server and apply them.

                      Thanks -

                      Joe
                      • 8. RE: EPO not communicating on multiple clients
                        Hi Joe,

                        I had a serverdefault.xml which I have now deleted, the others were not found.

                        now I have done that, the machine doesnt seem to know which site it is in and where to get its updates from, a lot of noise in the logs. Probably expected.

                        I'll keep an eye on it for a bit, I'm busy doing 10 other things too, will report back.

                        Cheers.
                        • 9. RE: EPO not communicating on multiple clients
                          New set of logs, same error as before. However - I can now see the agent log remotely which I couldnt before, so we've fixed something.

                          2009-10-07 13:54:23 I #1472 Agent Sending the next batch of immediate events
                          2009-10-07 13:54:23 i #1472 Agent Agent is looking for events to upload
                          2009-10-07 13:54:23 I #1472 Agent Agent did not find any events to upload
                          2009-10-07 13:54:25 i #192 Agent Agent Started Enforcing policies
                          2009-10-07 13:54:25 I #192 Agent Thread time-out occurred
                          2009-10-07 13:54:25 I #192 Manage Enforcing policies
                          2009-10-07 13:54:25 i #192 Manage Enforcing Policies for EPOAGENT3000META
                          2009-10-07 13:54:25 I #192 Datastore Did not find software ID EPOAGENT3000
                          2009-10-07 13:54:25 I #192 Manage Failed to read EnforcePolicy. Error code -1201
                          2009-10-07 13:54:25 i #192 Agent Agent finished Enforcing policies
                          2009-10-07 13:54:25 i #192 Agent Next policy enforcement in 15 minutes
                          2009-10-07 13:59:23 I #1472 Agent Sending the next batch of immediate events
                          2009-10-07 13:59:23 i #1472 Agent Agent is looking for events to upload
                          2009-10-07 13:59:23 I #1472 Agent Agent did not find any events to upload
                          2009-10-07 14:04:23 I #1472 Agent Sending the next batch of immediate events
                          2009-10-07 14:04:23 i #1472 Agent Agent is looking for events to upload
                          2009-10-07 14:04:23 I #1472 Agent Agent did not find any events to upload
                          2009-10-07 14:09:00 I #1016 LstnSvr CAsyncSocket::DoAccept for event: FD_ACCEPT
                          2009-10-07 14:09:00 I #2220 LstnSvr 'GET' request received from Host: ::1:55030
                          2009-10-07 14:09:00 I #1016 LstnSvr CAsyncSocket::DoAccept for event: FD_ACCEPT
                          2009-10-07 14:09:00 I #2032 LstnSvr 'GET' request received from Host: ::1:55031
                          1 2 Previous Next