3 Replies Latest reply on Jul 21, 2017 8:02 AM by brentil

    Unable to login Mcafee ePolicy 5.1.0 after patch for Petya ransomware

    chooyq

      Hi all, I have encountered a issue with logging in to Mcafee ePolicy 5.1.0 after deployment of Petya ransomware patches. However, I have uninstalled the patches for Petya ransomware and still unable to access the login page. The Mcafee application server service started and stopped running after around 1mins. I have also extracted the server logs and Event Parser logs. Please help !

        • 1. Re: Unable to login Mcafee ePolicy 5.1.0 after patch for Petya ransomware
          tkinkead

          Both logs are full of this:

           

          20170629150739W#03216EPODAL  Login for MOTION\administrator failed. Building profile and retrying.
          20170629150739E#03216PONTUTILFailed to create local ePO User Group, push agent aborted!  System error code 1379
          20170629150739E#03216EPODAL  ePOData_Connection.cpp(298): Failed to logon the domain user MOTION\administrator to connect to database.
          20170629150739E#03216EPODAL 

          ePOData_Connection.cpp(368): Error 0x80070002 returned from credentials callback. Database NOT available

           

          Database errors all over the place, and failed logins for MOTION\administrator.  First, are you really running ePO services under your domain "administrator" account?  You should really be running ePO under a separate service account with appropriate permissions (primarily, local admin on the ePO server).

           

          Second, and more importantly to your question, is your database running?  If so, did your administrator account credentials change?

          • 2. Re: Unable to login Mcafee ePolicy 5.1.0 after patch for Petya ransomware
            chooyq

            Yes, it's running under administrator account. Account credentials was changed in May. However, it was not affected then. I've tried to navigate to core-config but shows the same page. Doesn't shows mcafee epolicy at all.

            • 3. Re: Unable to login Mcafee ePolicy 5.1.0 after patch for Petya ransomware
              brentil

              The service starting and then stopping after a minute or two is typically indicative of the database being offline.  If this machine hasn't been rebooted in a while then services would have kept running even with bad credentials, so your DB credentials might have been impacted too in whatever change was done previously.