9 Replies Latest reply on Nov 6, 2017 3:57 PM by erebus

    Pushing agent to Mac

    firas_ajjuri

      Hi all

       

      Anyone know what causes this error?

       

      SSH Output: pscp: unable to open install.sh: permission denied

       

      This is found in server Task log when pushing out an agent to a mac?

       

      thanks guys

       

      Firas

        • 1. Re: Pushing agent to Mac
          Daniel_S

          Well the error says "permission denied" so I would double check the credentials for bringing out the agent.

          You need to have ssh enabled on the system, you need root.

           

          You also may want to have a look at the McAfee Agent productguide at pages 33 and following.

           

          Best regards

          Dan

          • 2. Re: Pushing agent to Mac
            erebus

            I contacted McAfee support about this exact same error message.  This is their reply:

             

                 "Request you try the deployment with the Root user if you, If not you can copy the install.sh file to the mac machine and change the permission on the file and have this installed,

                  Note: While copying the file via Winscp please make sure you have the transfer setting is set to binary,"

             

            There isn't a "root" or "binary" option anywhere when doing a deployment through ePolicy.  I'm testing one Mac computer now but I'd prefer to use the ePolicy deployment for the rest of the computers rather than logging into each computer with root access and installing it manually.  Not really a solution in my opinion.  If I get any helpful information from them about hot to deploy it from ePolicy I'll post it here. 

            • 3. Re: Pushing agent to Mac
              erebus

              I’ve made a little progress, I’ve gotten the agent to install but it still won’t see it in ePolicy Orchestrator. This link helps a lot: https://kc.mcafee.com/corporate/index?page=content&id=KB61125

              On the Mac I went to ./Library/McAfee/agent/scripts/uninstall.sh and ran that script then rebooted.  In ePolicy Orchestrator I went to the System Tree -> New Systems button -> Create and download agent installation package -> Non-Windows -> Ok button.  Save the Agent Package zip file and copy it to the Mac.  Unzip it, run sudo chmod +x install.sh on wherever you extracted the zip file then run install.sh -i on that same file. 

              Not sure why it still won’t see ePolicy Orchestrator but it’s a step in the right direction.  Anyone else had any luck?

              • 4. Re: Pushing agent to Mac
                Daniel_S

                Can you change to /Library/McAfee/cma/bin and run sudo ./cmdagent /p or /i

                Do you see that the agent is running?

                • 5. Re: Pushing agent to Mac
                  erebus

                  Yep, it is running.  I went through the instructions on the link below to try stopping and restarting the service but it's showing as "unmanaged" in ePO. 

                  McAfee Corporate KB - How to start and stop the McAfee Agent services on Mac OS X 10.10 (and later) KB83950 https://kc.mcafee.com/corporate/index?page=content&id=KB71313

                   

                  I’ve got the ePO system tree syncing with Windows Active Directory and tried pinging the Mac from the server where ePO is installed, and vice versa and get replies both ways.  Just kind of reaching here trying to figure out why it doesn’t think it’s managed when the McAfee service is running.  I’ve had some other suggestions to use a 3rd party application like Centrify, JAMF, or NoMAD to manage the Mac instead of using Windows AD.  Although, unless someone has done that and is sure it works, I don’t really want to throw another variable into this issue.  

                  • 6. Re: Pushing agent to Mac
                    erebus

                    Got it working now, but it's not a satisfactory solution in my opinion.  I ended up enabling the root user on the Mac, uninstalling the McAfee agent and rebooting. I logged in as root and re-installed the agent from the installation package I made from the ePO server.  Took a couple of minutes but then it was showing up as “Managed” in ePO. 

                     

                    So…for whatever reason using sudo to install the agent didn’t work, I had to install it as root.  I can’t have every end user that has a Mac have local admin rights and enable the root user on their system.  Not sure what I’m going to do now, but at least I know what the issue was. 

                    • 7. Re: Pushing agent to Mac
                      Daniel_S

                      Hi mate,

                       

                      is it possible that you tried a lot of stuff on that system?

                      Maybe you take just one Mac you haven´t touched at all and then try sudo install.

                      In all of my cases it worked just like this.

                       

                      Regards

                      Dan

                      • 8. Re: Pushing agent to Mac
                        erebus

                        I reloaded the original OS from the disk image which was El Capitan and had the same issues; it won't push the agent to the Mac from the ePO server.  I upgraded to High Sierra and still can't get it to push out.  If I manually install the package from the steps above using sudo it will install the agent but not be seen as "managed".  I had to install it as root to get the "managed" state on the ePO server.  I contacted McAfee support about what I've found and they want me try it again and send some additional logs from ePO.  I'll give that a go and see what they say.

                        • 9. Re: Pushing agent to Mac
                          erebus

                          There is a Hotfix for this issue.  Agent 5.0.6.347 will allow you to deploy to Mac from the console.  If you have an agent on the Mac already you'll need to uninstall that first, otherwise it'll error out because it says it can't upgrade the agent.

                          https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 27000/PD27270/en_US/ReleaseNotes_MA506HF…