6 Replies Latest reply on Nov 5, 2009 11:56 PM by Feng

    Agents communicate, but cannot view logs on port 8081

      Hi all.

       

      I am in the process of migrating our organisation from ePolicy 3.6.1 (with VSE8.0i clients) to ePolicy 4.5 (with VSE8.7i clients).

       

      My outline is roughly as below:

       

      1. Upgrade VSE on 3.6.1 server

      2. Deploy new agent from 4.5 machine and take over.

       

      All polciies are being set up manually (we don't have that many).

       

      My problem is of the machines which are already over on ePolicy 4.5, they communicate fine, show as managed, but I cannot browse to the log via http://machinename:8081.  I can't even connect to the server on http://servername:8081.  It just says page cannot be displayed.

       

      Log on my machine at system startup is as below:

       

      2009-11-06 08:24:29     I     #1988     FrmSvc     START cmdline="C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart
      2009-11-06 08:24:29     I     #1988     FrmSvc     ServiceStart
      2009-11-06 08:24:29     I     #1988     FrmSvc     Running
      2009-11-06 08:24:29     I     #2492     FrmSvc     Starting Subsystem <Logging>
      2009-11-06 08:24:29     x     #2492     Logging     Subsystem started
      2009-11-06 08:24:29     I     #2492     FrmSvc     Starting Subsystem <User Space Controller>
      2009-11-06 08:24:29     I     #2492     FrmSvc     Starting Subsystem <Management>
      2009-11-06 08:24:29     I     #2512     Manage     Mangement plugin watch worker thread started
      2009-11-06 08:24:30     x     #2492     Manage     Subsystem started
      2009-11-06 08:24:30     I     #2492     FrmSvc     Starting Subsystem <Updater>
      2009-11-06 08:24:30     I     #2492     updsubs     Starting updater subsystem
      2009-11-06 08:24:30     i     #2492     Updater     Subsystem started
      2009-11-06 08:24:30     I     #2492     FrmSvc     Starting Subsystem <Scheduler>
      2009-11-06 08:24:30     I     #2492     Sched     >>--CSchedule::Start
      2009-11-06 08:24:30     I     #2492     Sched     Glbs.szMyPlatform: WXPW:5:1:3
      2009-11-06 08:24:30     I     #2492     Sched     Deploy VirusScan Enterprise 8.7i - Last run time is : not run yet
      2009-11-06 08:24:30     I     #2492     Sched     Deploy AntiSpyware Module for VSE 8.7i - Last run time(local) is Wed Sep 30 11:00:27 2009
      2009-11-06 08:24:30     I     #2492     Sched     
      2009-11-06 08:24:30     I     #2492     Sched     Definition Update - Last run time(local) is Thu Nov 05 12:40:00 2009
      2009-11-06 08:24:30     I     #2492     Sched     
      2009-11-06 08:24:30     I     #2492     Sched     CNaiSchedule::GetRandomizedDelayMins() : 74
      2009-11-06 08:24:30     i     #2492     Sched     Next time(local) of task Definition Update: Friday, 6 November 2009 1:14:00 PM
      2009-11-06 08:24:30     I     #2492     Sched     All the tasks are successfully loaded from the file
      2009-11-06 08:24:30     i     #2492     Sched     Scheduler is now running
      2009-11-06 08:24:30     I     #2492     Sched     <<--CSchedule::Start
      2009-11-06 08:24:31     I     #2492     FrmSvc     Starting Subsystem <Agent>
      2009-11-06 08:24:31     I     #2492     Agent     Subsystem starting...
      2009-11-06 08:24:31     I     #2492     SpiPkgr     Specifying spipe 5.0 support in key package
      2009-11-06 08:24:31     I     #2492     CSecPkg     Found request secret key
      2009-11-06 08:24:31     I     #2492     CSecPkg     Request private key set successfully
      2009-11-06 08:24:31     I     #3028     Agent     Agent communication thread started
      2009-11-06 08:24:31     I     #3036     Agent     Agent event worker thread started
      2009-11-06 08:24:31     I     #2492     Agent     Subsystem started
      2009-11-06 08:24:31     i     #3044     Agent     Next policy enforcement in 5 minutes
      2009-11-06 08:24:31     I     #3040     Agent     Agent Immediate Events worker thread started
      2009-11-06 08:24:31     i     #3032     Agent     Agent will connect to Server in randomized full ASCI interval : 3600 seconds
      2009-11-06 08:24:31     I     #3032     Agent     Agent worker thread started
      2009-11-06 08:24:31     i     #3032     Agent     Agent will connect to Server in : 35 minutes and 54 seconds
      2009-11-06 08:24:31     I     #2492     FrmSvc     Starting Subsystem <Listen Server>
      2009-11-06 08:24:31     I     #3064     LstnSvr     CAsyncSocket::StartListening (SOCK_STREAM) LISTENING... TRUE
      2009-11-06 08:24:31     x     #2492     LstnSvr     Subsystem started
      2009-11-06 08:24:31     I     #2492     FrmSvc     Starting Subsystem <Trusted Connection>
      2009-11-06 08:24:31     I     #2492     TrstCon     Start
      2009-11-06 08:24:31     I     #2492     FrmSvc     Service started
      2009-11-06 08:25:23     I     #2496     FrmSvc     User SID is S-1-5-21-1170163745-1901472128-176895030-3388 and SessionID is 0
      2009-11-06 08:25:24     I     #2496     Logging     StartReadingMessages (\\.\mailslot\{76889C92-A0C0-46e3-A4E1-1D6A5439B8DD}0000089c, 0x7f57, 4)
      2009-11-06 08:25:24     I     #2496     Logging     - using empty 0
      2009-11-06 08:29:30     i     #3044     Agent     Agent Started Enforcing policies
      2009-11-06 08:29:30     I     #3044     Agent     Thread time-out occurred
      2009-11-06 08:29:30     I     #3044     Manage     Enforcing policies
      2009-11-06 08:29:30     i     #3044     Manage     Compiling policies
      2009-11-06 08:29:30     i     #3044     Manage     Enforcing Policies for VIRUSCAN8700
      2009-11-06 08:29:31     i     #3044     Manage     Enforcing Policies for EPOAGENT3000META
      2009-11-06 08:29:31     i     #3044     Manage     Enforcing Policies for EPOAGENT3000
      2009-11-06 08:29:31     i     #3044     Manage     Enforcing Policies for McAfee Agent
      2009-11-06 08:29:31     I     #3044     Agent     CePOAgent::EnforcePolicy priority=-2
      2009-11-06 08:29:31     I     #3044     Agent     Enforcing policies
      2009-11-06 08:29:31     I     #3044     LstnSvr     Enforcing Policies
      2009-11-06 08:29:31     I     #3044     Logging     Enforcing policies
      2009-11-06 08:29:31     I     #3044     Manage     Enforcing policies
      2009-11-06 08:29:31     I     #3044     UsrSpCt     Enforcing policies
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::EnforcePolicy
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:29:31     I     #3044     Sched     Deploy VirusScan Enterprise 8.7i - Last run time is : not run yet
      2009-11-06 08:29:31     I     #3044     Sched     0 fields of the task 21 are updated successfully
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:29:31     I     #3044     Sched     Deploy AntiSpyware Module for VSE 8.7i - Last run time(local) is Wed Sep 30 11:00:27 2009
      2009-11-06 08:29:31     I     #3044     Sched     
      2009-11-06 08:29:31     I     #3044     Sched     0 fields of the task 25 are updated successfully
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:29:31     I     #3044     Sched     Definition Update - Last run time(local) is Thu Nov 05 12:40:00 2009
      2009-11-06 08:29:31     I     #3044     Sched     
      2009-11-06 08:29:31     I     #3044     Sched     0 fields of the task 32 are updated successfully
      2009-11-06 08:29:31     I     #3044     Sched     RunAtEnforcementEnabled not found in the task settings
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:29:31     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:29:31     I     #3044     Sched     <<--CSchedule::EnforcePolicy
      2009-11-06 08:29:31     i     #3044     Agent     Agent finished Enforcing policies
      2009-11-06 08:29:31     i     #3044     Agent     Next policy enforcement in 5 minutes
      2009-11-06 08:34:31     i     #3044     Agent     Agent Started Enforcing policies
      2009-11-06 08:34:31     I     #3044     Agent     Thread time-out occurred
      2009-11-06 08:34:31     I     #3044     Manage     Enforcing policies
      2009-11-06 08:34:31     i     #3044     Manage     Enforcing Policies for VIRUSCAN8700
      2009-11-06 08:34:31     i     #3044     Manage     Enforcing Policies for EPOAGENT3000META
      2009-11-06 08:34:31     i     #3044     Manage     Enforcing Policies for EPOAGENT3000
      2009-11-06 08:34:31     i     #3044     Manage     Enforcing Policies for McAfee Agent
      2009-11-06 08:34:31     I     #3044     Agent     CePOAgent::EnforcePolicy priority=-2
      2009-11-06 08:34:31     I     #3044     Agent     Enforcing policies
      2009-11-06 08:34:31     I     #3044     LstnSvr     Enforcing Policies
      2009-11-06 08:34:32     I     #3044     Logging     Enforcing policies
      2009-11-06 08:34:32     I     #3044     Manage     Enforcing policies
      2009-11-06 08:34:32     I     #3044     UsrSpCt     Enforcing policies
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::EnforcePolicy
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:34:32     I     #3044     Sched     Deploy VirusScan Enterprise 8.7i - Last run time is : not run yet
      2009-11-06 08:34:32     I     #3044     Sched     0 fields of the task 21 are updated successfully
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:34:32     I     #3044     Sched     Deploy AntiSpyware Module for VSE 8.7i - Last run time(local) is Wed Sep 30 11:00:27 2009
      2009-11-06 08:34:32     I     #3044     Sched     
      2009-11-06 08:34:32     I     #3044     Sched     0 fields of the task 25 are updated successfully
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:34:32     I     #3044     Sched     Definition Update - Last run time(local) is Thu Nov 05 12:40:00 2009
      2009-11-06 08:34:32     I     #3044     Sched     
      2009-11-06 08:34:32     I     #3044     Sched     0 fields of the task 32 are updated successfully
      2009-11-06 08:34:32     I     #3044     Sched     RunAtEnforcementEnabled not found in the task settings
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:34:32     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:34:32     I     #3044     Sched     <<--CSchedule::EnforcePolicy
      2009-11-06 08:34:32     i     #3044     Agent     Agent finished Enforcing policies
      2009-11-06 08:34:32     i     #3044     Agent     Next policy enforcement in 5 minutes
      2009-11-06 08:39:32     i     #3044     Agent     Agent Started Enforcing policies
      2009-11-06 08:39:32     I     #3044     Agent     Thread time-out occurred
      2009-11-06 08:39:32     I     #3044     Manage     Enforcing policies
      2009-11-06 08:39:32     i     #3044     Manage     Enforcing Policies for VIRUSCAN8700
      2009-11-06 08:39:32     i     #3044     Manage     Enforcing Policies for EPOAGENT3000META
      2009-11-06 08:39:32     i     #3044     Manage     Enforcing Policies for EPOAGENT3000
      2009-11-06 08:39:32     i     #3044     Manage     Enforcing Policies for McAfee Agent
      2009-11-06 08:39:32     I     #3044     Agent     CePOAgent::EnforcePolicy priority=-2
      2009-11-06 08:39:32     I     #3044     Agent     Enforcing policies
      2009-11-06 08:39:32     I     #3044     LstnSvr     Enforcing Policies
      2009-11-06 08:39:32     I     #3044     Logging     Enforcing policies
      2009-11-06 08:39:32     I     #3044     Manage     Enforcing policies
      2009-11-06 08:39:32     I     #3044     UsrSpCt     Enforcing policies
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::EnforcePolicy
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:39:32     I     #3044     Sched     Deploy VirusScan Enterprise 8.7i - Last run time is : not run yet
      2009-11-06 08:39:32     I     #3044     Sched     0 fields of the task 21 are updated successfully
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:39:32     I     #3044     Sched     Deploy AntiSpyware Module for VSE 8.7i - Last run time(local) is Wed Sep 30 11:00:27 2009
      2009-11-06 08:39:32     I     #3044     Sched     
      2009-11-06 08:39:32     I     #3044     Sched     0 fields of the task 25 are updated successfully
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::ModifyTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::ModifyTask
      2009-11-06 08:39:32     I     #3044     Sched     Definition Update - Last run time(local) is Thu Nov 05 12:40:00 2009
      2009-11-06 08:39:32     I     #3044     Sched     
      2009-11-06 08:39:32     I     #3044     Sched     0 fields of the task 32 are updated successfully
      2009-11-06 08:39:32     I     #3044     Sched     RunAtEnforcementEnabled not found in the task settings
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:39:32     I     #3044     Sched     >>--CSchedule::GetTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::GetTask
      2009-11-06 08:39:32     I     #3044     Sched     <<--CSchedule::EnforcePolicy
      2009-11-06 08:39:32     i     #3044     Agent     Agent finished Enforcing policies
      2009-11-06 08:39:32     i     #3044     Agent     Next policy enforcement in 5 minutes
      

       

      A netstat doesn't seem to show anothing listening on 8081

       

      C:\Documents and Settings\Administrator.BSAUS1>netstat -b
      
      Active Connections
      
        Proto  Local Address          Foreign Address        State           PID
        TCP    SVRWAL33:4471          SVRWAL33.AUSCO.AD:8443  ESTABLISHED     16892
        [IEXPLORE.EXE]
      
        TCP    SVRWAL33:4472          SVRWAL33.AUSCO.AD:8443  ESTABLISHED     16892
        [IEXPLORE.EXE]
      
        TCP    SVRWAL33:8443          SVRWAL33.AUSCO.AD:4472  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:8443          SVRWAL33.AUSCO.AD:4471  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:1093          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:1095          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:1155  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:1093  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:3595  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:2236  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:1095  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:2139  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1154          SVRWAL33.AUSCO.AD:4397  ESTABLISHED     1480
        [sqlservr.exe]
      
        TCP    SVRWAL33:1155          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:2139          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:2236          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:ms-wbt-server  ho-002dd-l.ausco.ad:4476  ESTABLISHED     2752
        TermService
        [svchost.exe]
      
        TCP    SVRWAL33:3444          svrwal09.ausco.ad:microsoft-ds  ESTABLISHED
      4
        [System]
      
        TCP    SVRWAL33:3595          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2324
        [tomcat5.exe]
      
        TCP    SVRWAL33:4397          SVRWAL33.AUSCO.AD:1154  ESTABLISHED     2292
        [Apache.exe]
      
        TCP    SVRWAL33:4458          svrwal03.ausco.ad:epmap  ESTABLISHED     544
        [lsass.exe]
      
        TCP    SVRWAL33:4459          svrwal03.ausco.ad:1025  ESTABLISHED     544
        [lsass.exe]
      
        TCP    SVRWAL33:4470          svrwal03.ausco.ad:1025  ESTABLISHED     544
        [lsass.exe]
      
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4468  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4469  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4460  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4466  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4463  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4461  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4465  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4458  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4467  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4457  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4462  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4459  TIME_WAIT       0
        TCP    SVRWAL33:http          ho-002dd-l.ausco.ad:4464  TIME_WAIT       0
        TCP    SVRWAL33:4450          SVRWAL33.AUSCO.AD:1154  TIME_WAIT       0
        TCP    SVRWAL33:4464          svrwal03.ausco.ad:microsoft-ds  TIME_WAIT
      0
      

       

      I did a portscan on thg server (and my machine) and it appears to be listening:

       

      >portqry -n svrwal33 -e 8081
      
      Querying target system called:
      
       ho-002dd-l
      
      Attempting to resolve name to IP address...
      
      Name resolved to 172.16.172.62
      
      
      TCP port 8081 (unknown service): LISTENING
      

       

      The server should have nothing blocking it.  It was a fresh 2003 r2 server.  SQL 2008 Express installed manually and ePolicy installed on top of that.

       

      Hopefully someone can help out there as to why none of the agents let me browse the logs on 8081.

       

      Cheers
      Feng