Sounds like if you have IIS installed it may be using the same ports as ePO?
Epo 4.5 with the MA 4.5 agent uses port 443 for secure communication.
If IIS is installed on the same machine would cause a port conflict.
so can you go into the epo console | Menu | Configuration | Server Settings | Ports | Take a Screenshot and post it on this forum OR just reply with the ports you are using.
In the mean time as a test, try stopping the IIS services and then restart the 3 McAfee ePO Services to see if the machines start working again. As if they do, you just have a port conflict.
Hi Ryan, thanks so much for replying...getting a little desperate here! As you suggested, I stopped IIS Admin service (and the 3 dependent as well), and restarted the 3 ePO services (application, event parser and server), and tried to deploy an agent to two agentless machines in the rogue list (a PC and a server) - both failed, with these errors in server.log:
20091120092254 E #9316 NAIMSRV Failed to send http request. Error=12029
20091120092254 E #9316 NAIMSRV Push Agent Installation Program to HQ663595 failed, will not retry
20091120090447 E #7176 NAIMSRV Failed to send http request. Error=12029
20091120090447 E #7176 NAIMSRV Push Agent Installation Program to NLB1 failed, will not retry
I am using ports (top to bottom on menu-config-server settings-ports):82, 443, 8081, 8082, 8443, 8444.
On the ePO server, admin tools-IIS manager-default website-properties, I have TCP port 80 and SSL port is blank (first chat support had me add an unused port, second chat support had me remove this port).
In case this is important, we have WSUS installed on the same server (but it has always been there with ePO 4.0, and no issues), and it is in IIS as the second website, and using TCP port 8530 and SSL port 8531.
Note: I am deploying MA 4.0, not 4.5 - I decided to upgrade one step at a time, in case of issues!!
More suggestions would be greatly appreciated!!
can you please check on the ePO Server if you can successfully open the following network share:
\\NLB1\admin$ or \\HQ663595\admin$
=> The reason behind this is I assume that you might have a problem with the DNS suffixes because of a multiple domain structure in your environment ...
In your previous post you mentioned that a colleage of mine added some IP addresses to a file and it seemed to work.
=> Supposingly this was the file "hosts" in c:\windows\system32\drivers\etc where my colleague added the IP address and a FQDN name of the nodes he wanted to deploy the agent to ...
Can you please check if this is the case?
- Or and this is clearly just a guess - did he add the IP address into a file called httpd.conf as your ePO server is running with multiple nic's and he wanted to make sure that the ePO apache service is running with a specific IP address?
Please let me know the answers of the two questions ...
Thanks for getting back to me! Yes, I can reach the admin$ on machines I try and deploy to (nlb1 is no longer online, but HQ663595 is, the admin share is reachable and I still can't deploy to it, and I tried with another PC as well, just for luck - can reach the share, can not deploy an agent). We only have one domain to deploy to - we have always had one domain, that has not changed since upgrading to 4.5.
I looked at the files - it was definitely NOT the host file, but it MAY have been the httpd.conf file that your colleague modified - it looks familiar, and there are 3 'listen' lines (under the 'to prevent Apache from glomming onto all bound IP addresses' line), two of which are IPs of my ePO server (one with port 82, one with port 443). As for multiple NICs, there are two, but one has always been disabled. Nothing was changed prior to running the upgrade to 4.5 .exe, ie. no renaming, no changing of IPs, no NIC modifications etc.
PS. I should mention, there are 3 httpd.conf files, and the only one that has the IPs of the ePO server is located in C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\conf
in this case I would recommend to you to open a service request with the McAfee Support Team as we saw similar issues in other scenarios ...
Yes, I still have the original SR for this issue open, and am waiting and hoping for assistance from the support team. It seems more people are upgrading to 4.5 and experiencing this issue, but it appears there has not been a cause found, nor a resolution. I'm keeping my fingers crossed for help from support, because this has become a serious issue for me. A half-broken ePO server is not a good thing.
Thanks again for your help!
You might want to check out KB66620, just authored it and I am wonder if this is your issue. As if your EPO Servers Agent Handler is not authorized you will never be able to push the agent installs.
Let me know if it helps.
I'm in the same situation and currently am waiting on Tier 2 support to give me a call back.
I upgraded a perfectly working 4.0 epo server to 4.5 and during the install had an error with the Event Parser service. Called up Mcafee and was told to ignore the error and continue. After the install, everything looked good except the Event Parser was still at version 4.0
Later, the agents never reported into the server and I can't deploy agents anymore. At the same time we went through an IP change for both the server and SQL server.
Latest info: I took my clean install of 4.0 - nothing else on the server but ePO, and it was working just fine - and ran the upgrade to 4.5. Once again, a seemingly good upgrade, no errors, nothing out of the ordinary (next, next, finish). Once again, right after the upgrade to 4.5 the agents can not communicate with the server (wake up agent fails, and after 4 days there has been no successful communication from agent to server) and I can not deploy agents. I think this points to an issue with the upgrade file/process, and perhaps it should be made unavailable until this issue is resolved.
Hi Ryan, I have your KB document, and read through it. I am hesitant to proceed, as my agents can communicate with the server (they couldn't right after the upgrade, but assistance from support got them communicating again, with the addition of IPs in a file on the server), I did not rename the server, I do not see those errors listed in server.log, I can ping and wake up agents, and I did not do anything to the DB prior to or after the upgrade (no restores).
I got a VM and did a clean install of SQL and ePO 4.0 (inc all packages etc) so that it now matches what I had with my main ePO server prior to running the 4.5 upgrade (of course name and IP differ!). I also have a clean install of ePO 4.5 on another VM - so 3 ePO servers, 1 upgraded 4.0 to 4.5 server (my main server, that needs fixing!), one clean ePO 4.0 install, and one clean ePO 4.5 install. Could you please tell me which files/configurations are associated with agent handlers, apache, security etc., or permission/authorization to deploy agents? I am thinking of going through the files on all 3 servers to see what is different/the same. Then I will run the upgrade on the clean 4.0 server, exactly as I did with my main server, see if I get the same problems again - agents suddenly unable to communicate, inability to deploy agents to agentless systems on the network - and again compare files. I guess I am looking for cause! If I do get the same problems with the second upgrade I will at least have a test machine to try out your procedure.