1 2 Previous Next 11 Replies Latest reply on Dec 3, 2009 10:49 AM by cpredovic

    I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.

    cpredovic

      Similar to another post I've seen - I had a perfectly functioning ePO 4.0 sp5 server in dev (windows 2003, SQL 2005), with my clients using the 4.0 agent. Everything worked, everything was automated. I decided to do an upgrade - the test before upgrading production. I ran the upgrade .exe, and all seemed to go well...clicked next, next, next, and the upgrade completed without error messages. Two days later I noticed that the agents hadn't communicated since the upgrade date. I tried to deploy an agent to a new dev PC I saw in the rogue list...failed. I opened a chat with McAfee, and a nice person in India managed to get the agents communicating again by modifying a file on the server by (I believe) adding an IP address or two. I wish I could recall what the file was, but there were many windows open, and he had the mouse/keybd. We both assumed that fixed everything...and the next day I discovered I still couldn't deploy agents. A second chat support person suggested I remove the SSL port in IIS default web properties - no change, the agents could still communicate, and I couldn't deploy agents. I was asked to upload a MER file - they have not found anything yet. Unlike the other post - I did not rename my server, did not change IPs, did not do anything with the database (other than back it up prior to upgrading) and didn't make any other changes to the server. I just ran the upgrade .exe. Any suggestions for a fix, or a point in the right direction, would be greatly appreciated! Thanks.

       

      Error example in server.log:

      20091119154313 E #11684 NAIMSRV  Failed to send http request.  Error=12029
      20091119154313 E #11684 NAIMSRV  Push Agent Installation Program to NLB1 failed, will not retry

        • 1. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
          RMCCULLO

          Sounds like if you have IIS installed it may be using the same ports as ePO?

           

          Epo 4.5 with the MA 4.5 agent uses port 443 for secure communication.

          If IIS is installed on the same machine would cause a port conflict.

           

          so can you go into the epo console | Menu | Configuration | Server Settings | Ports | Take a Screenshot and post it on this forum OR just reply with the ports you are using.

           

           

          In the mean time as a test, try stopping the IIS services and then restart the 3 McAfee ePO Services to see if the machines start working again. As if they do, you just have a port conflict.

          • 2. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
            cpredovic

            Hi Ryan, thanks so much for replying...getting a little desperate here! As you suggested, I stopped IIS Admin service (and the 3 dependent as well), and restarted the 3 ePO services (application, event parser and server), and tried to deploy an agent to two agentless machines in the rogue list (a PC and a server) - both failed, with these errors in server.log:

             

            20091120092254 E #9316 NAIMSRV  Failed to send http request.  Error=12029
            20091120092254 E #9316 NAIMSRV  Push Agent Installation Program to HQ663595 failed, will not retry

             

            20091120090447 E #7176 NAIMSRV  Failed to send http request.  Error=12029
            20091120090447 E #7176 NAIMSRV  Push Agent Installation Program to NLB1 failed, will not retry

             

            I am using ports (top to bottom on menu-config-server settings-ports):82, 443, 8081, 8082, 8443, 8444.

            On the ePO server, admin tools-IIS manager-default website-properties, I have TCP port 80 and SSL port is blank (first chat support had me add an unused port, second chat support had me remove this port).

             

            In case this is important, we have WSUS installed on the same server (but it has always been there with ePO 4.0, and no issues), and it is in IIS as the second website, and using TCP port 8530 and SSL port 8531.

             

            Note: I am deploying MA 4.0, not 4.5 - I decided to upgrade one step at a time, in case of issues!!

             

            More suggestions would be greatly appreciated!!

            • 3. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.

              Hello cpredovic,

               

              can you please check on the ePO Server if you can successfully open the following network share:

               

              \\NLB1\admin$ or \\HQ663595\admin$

               

              => The reason behind this is I assume that you might have a problem with the DNS suffixes because of a multiple domain structure in your environment ...

               

              In your previous post you mentioned that a colleage of mine added some IP addresses to a file and it seemed to work.

               

              => Supposingly this was the file "hosts" in c:\windows\system32\drivers\etc where my colleague added the IP address and a FQDN name of the nodes he wanted to deploy the agent to ...

               

              Can you please check if this is the case?

               

              - Or and this is clearly just a guess - did he add the IP address into a file called httpd.conf as your ePO server is running with multiple nic's and he wanted to make sure that the ePO apache service is running with a specific IP address?

               

              Please let me know the answers of the two questions ...

               

              Rene

               

               

              Message was edited by: Rene Wiese on 11/23/09 3:57 PM
              • 4. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
                cpredovic

                Hi Rene,

                 

                Thanks for getting back to me! Yes, I can reach the admin$ on machines I try and deploy to (nlb1 is no longer online, but HQ663595 is, the admin share is reachable and I still can't deploy to it, and I tried with another PC as well, just for luck - can reach the share, can not deploy an agent). We only have one domain to deploy to - we have always had one domain, that has not changed since upgrading to 4.5.

                 

                I looked at the files - it was definitely NOT the host file, but it MAY have been the httpd.conf file that your colleague modified - it looks familiar, and there are 3 'listen' lines (under the 'to prevent Apache from glomming onto all bound IP addresses' line), two of which are IPs of my ePO server (one with port 82, one with port 443). As for multiple NICs, there are two, but one has always been disabled. Nothing was changed prior to running the upgrade to 4.5 .exe, ie. no renaming, no changing of IPs, no NIC modifications etc.

                 

                Thanks,

                Chris

                PS. I should mention, there are 3 httpd.conf files, and the only one that has the IPs of the ePO server is located in C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\conf

                 

                 

                Message was edited by: cpredovic on 11/24/09 9:25 AM
                • 5. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.

                  Hello Chris,

                   

                  in this case I would recommend to you to open a service request with the McAfee Support Team as we saw similar issues in other scenarios ...

                   

                  Rene

                  • 6. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
                    cpredovic

                    Hi Rene,

                     

                    Yes, I still have the original SR for this issue open, and am waiting and hoping for assistance from the support team. It seems more people are upgrading to 4.5 and experiencing this issue, but it appears there has not been a cause found, nor a resolution. I'm keeping my fingers crossed for help from support, because this has become a serious issue for me. A half-broken ePO server is not a good thing.

                     

                    Thanks again for your help!

                    Chris

                    • 7. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
                      RMCCULLO

                      You might want to check out KB66620, just authored it and I am wonder if this is your issue. As if your EPO Servers Agent Handler is not authorized you will never be able to push the agent installs.

                       

                      Let me know if it helps.

                       

                      Ryan McCullough

                      • 8. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
                        rwhitehill

                        I'm in the same situation and currently am waiting on Tier 2 support to give me a call back.

                         

                        I upgraded a perfectly working 4.0 epo server to 4.5 and during the install had an error with the Event Parser service.  Called up Mcafee and was told to ignore the error and continue.  After the install, everything looked good except the Event Parser was still at version 4.0

                         

                        Later, the agents never reported into the server and I can't deploy agents anymore.   At the same time we went through an IP change for both the server and SQL server.

                         

                         

                        • 9. Re: I upgraded my ePO 4.0 server to ePO 4.5 - agents stopped communicating, and I can't deploy agents.
                          cpredovic

                          Latest info: I took my clean install of 4.0 - nothing else on the server but ePO, and it was working just fine - and ran the upgrade to 4.5. Once again, a seemingly good upgrade, no errors, nothing out of the ordinary (next, next, finish). Once again, right after the upgrade to 4.5 the agents can not communicate with the server (wake up agent fails, and after 4 days there has been no successful communication from agent to server) and I can not deploy agents. I think this points to an issue with the upgrade file/process, and perhaps it should be made unavailable until this issue is resolved.

                           

                          Chris

                           

                          Hi Ryan, I have your KB document, and read through it. I am hesitant to proceed, as my agents can communicate with the server (they couldn't right after the upgrade, but assistance from support got them communicating again, with the addition of IPs in a file on the server), I did not rename the server, I do not see those errors listed in server.log, I can ping and wake up agents, and I did not do anything to the DB prior to or after the upgrade (no restores).

                           

                          I got a VM and did a clean install of SQL and ePO 4.0 (inc all packages etc) so that it now matches what I had with my main ePO server prior to running the 4.5 upgrade (of course name and IP differ!). I also have a clean install of ePO 4.5 on another VM - so 3 ePO servers, 1 upgraded 4.0 to 4.5 server (my main server, that needs fixing!), one clean ePO 4.0 install, and one clean ePO 4.5 install. Could you please tell me which files/configurations are associated with agent handlers, apache, security etc., or permission/authorization to deploy agents? I am thinking of going through the files on all 3 servers to see what is different/the same. Then I will run the upgrade on the clean 4.0 server, exactly as I did with my main server, see if I get the same problems again - agents suddenly unable to communicate, inability to deploy agents to agentless systems on the network - and again compare files. I guess I am looking for cause! If I do get the same problems with the second upgrade I will at least have a test machine to try out your procedure.

                           

                          Thanks again,

                          Chris

                           

                           

                          Message was edited by: cpredovic on 12/1/09 11:45 AM
                          1 2 Previous Next