This content has been marked as final. Show 10 replies
Hmmm.... it's a slightly unusual scenario, but I can't think of a reason why it shouldn't work (unless VSE was somehow configured to block access.)
I think it more likely that the push is failing for another reason - unfortunately there are lots of things that can cause pushes to fail.
What does the corresponding entry in the server task log say? Can you ping the machine in question from the epo server by its netbios name alone?
Hi Joe thanks for response.
The server task log just says that the Push Agent task has failed due to expiry.
I can ping the client PC from the server both by its IP address and hostname.
The client PC's entry in the system tree shows as Unmanaged, no IP address is displayed and when I try to ping from ePo it responds "Failed to determine host IP address". I've googled this and searched the forums and it seems this is because for whatever reason the host's ip address is not entered in the ePo database.
Beyond this I'm stumped. If it's relevant, the client PC also has VirusScan installed on it managed by the old server, though deleting the client PC from the old server system tree and deleting the agent has no effect on being able to push an agent from the new server.
Hmm... can you check the epoapsrv.log on the server? There may be more detail in there regarding what failed.
With regard to being unable to ping, theat would make sense - the server is trying to ping the machine's last known address taken from the DB, and if it's never communicated then there won't be such an entry.
For pushes to work, a number of things all have to be enabled - the admin$ share has to be available, remote registry access, and a number of other things. A common gotcha is to have VSE's access protection configured to prevent things running from the admin$ share - which of course means VSE blocks push agent installs :)
As a test, you could always manually install the framepkg from the new server on the client machine: if all goes well it should be able to communicate with the new server and appear in the system tree...
This is from the EpoApSvr.log at the time of initiating a Push Agent from the server:
20091001170850 I #2908 EPOJNI Getting license data...
20091001170850 I #2908 EPOJNI Getting license data...
20091001170854 I #2908 EPOJNI Getting license data...
20091001171122 I #1500 SiteMgrWrap Created instance of Site Manager
20091001171122 I #1500 SiteMgr SetEPOMode: SiteMgr enter ePO mode, server=HO-SCM01, port=8443, EPOUser=, Password=********
20091001171122 I #1500 SiteMgr DALInit: Connected to DAL successful
20091001171122 I #1500 SiteMgr SetEPOMode: Set ePO mode successful
20091001171122 I #1500 SiteMgr GeneralInetRequestThreadProc: GeneralInetRequest thread started
20091001171122 I #1500 SIM_InetMgr Starting download session for url myavert.avertlabs.com:8801
20091001171122 I #1500 naInet HTTP Session initialized
20091001171122 I #1500 naInet Connecting to HTTP Server using Microsoft WinInet
20091001171122 I #1500 naInet Trying to connect to Real Server myavert.avertlabs.com using INTERNET_OPEN_TYPE_PRECONFIG
20091001171122 I #1500 naInet Connected to Server: myavert.avertlabs.com on Port: 8801 using WinInet
20091001171122 I #1500 SIM_InetMgr Started download session 1 for site myavert.avertlabs.com:8801
20091001171122 I #1500 SiteMgr GeneralInetRequestThreadProc: Downloading /reportservice.asmx
20091001171122 I #1500 SIM_InetMgr Downloading file reportservice.asmx from session 1, LocalDir=C:\WINDOWS\TEMP\nai4C45.tmp\00000000, RemoteDir=
20091001171122 I #1500 naInet Open URL: http://myavert.avertlabs.com:8801/reportservice.asmx
20091001171122 I #1500 naInet Trying to download using Microsoft WinInet library
20091001171122 I #1500 naInet Connecting to Real Server myavert.avertlabs.com using INTERNET_OPEN_TYPE_DIRECT
20091001171122 I #1500 naInet No resume download needed, calling InternetOpenUrl
20091001171122 I #1500 naInet Downloading a file of total size: 7991, content-length: 7991
20091001171122 I #1500 naInet Downloaded 7991 bytes this time
20091001171122 I #1500 naInet Downloaded 0 bytes this time
20091001171122 I #1500 SIM_InetMgr Downloaded file reportservice.asmx successfully in session 1
20091001171122 I #1500 naInet HTTP Session closed
I can't see anything in there to indicate a reason for failure though I don't really know what I'm looking for...
The client PC has Access Protection disabled. This is what is so confusing: the client PC is communicating happily enough with the old ePo server which leads me to believe that there's not a configuration problem at that end. Its even the same service account that is pushing the agent from both old and new server so there should be no permissions issues there either!
Sorry, my mistake - I meant the server.log, not the epoapsrv.log :(
More coffee required...
Should the server.log be found in C:\Program Files\McAfee\ePolicy Orchestrator\DB\Logs?
I've just looked there and there's 4 log files, but no server.log. Could this be because it's never successfully deployed an agent? Or am I looking in the wrong place?
Yep, that's where it should be (assuming ePO is installed to C:\Program Files\McAfee\ePolicy Orchestrator.)
What files have you got? The absence of server.log is a bit worrying... it logs agent to server comms activity as well as things like agent pushes, so it really ought to exist if the server is OK.
but no server.log
That's a touch worrying.
Is the epo server service started?
If you restart it does it throw any errors?
In the <install folder>\Apache2\Logs folder will be some files of the format "errorlog.<datetime>" - can you post the contents of the latest one after restarting the service?