3 Replies Latest reply on Dec 7, 2009 6:10 PM by GWIRT

    ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers

    pwilson

      I manage an ePO server in my office and have recently deployed a new ePO server in a separate office that is 1500 miles away.  Both ePO servers are in separate domains and manage systems only in their respective domains.

       

      I have turned on Rogue System Detection and find that the the managed systems for each ePO server are being reported as Rogues in the other ePO server.

       

      I found the option under Configuration --> Server Settings --> ePO Servers and added the other ePO server using the name, fully qualified domain name and even tried the IP, but nothing seems to work.  The Agents in one domain can't seem to report to the ePO server in the other domain that they exist and this system is managed by another ePO server.

       

      Has any one worked with RSD this way?  Any advice on how to get the foriegn agent to talk to the server?

       

      Any help would be appreciated.

       

      Thanks,

      Patrick

        • 1. Re: ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers
          GWIRT

          Go to Configuration --> Server Settings --> Rogue System Matching and in the Alternative McAfee Agent Ports section, put the agent wakeup port of the other server. This will help identify the systems of the other server as "Alien" instead of "Rogue".

          • 2. Re: ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers
            pwilson

            Greg,

             

            Thanks for answering.  I did as you suggested and found no difference.  The ePO servers do not recognize that there are Agents installed if they are installed by the foreign server and systems are still reporting as rogues.

             

            There was one other thing I did try and that was to modify the Agent wake-up communication port and the Agent broadcast communication port on one server because they were the same on both servers.  I waited 24 hours to see if there was any difference, and there was not.  Is there something I need to do to cause the servers to re-examine the rogues now that the alternate port has been added?

             

            For reference here are the ports:

             

                                                                                  Server 1               Server 2

            Agent-to-server communication port:                    80                         8888

            Agent-to-server communication secure port:         Enabled 443          Enabled 443

            Agent wake-up communication port:                    8083                     8081

            Agent broadcast communication port:                  8084                     8083

            Console-to-application server comm port:             8443                    8443

            Client-to-server authentication comm port:            8444                     8444

             

             

             

            Any other thoughts?

             

            Thanks,

            Patrick

            • 3. Re: ePO 4.5 and Rogue System Detection 4.5.0 - multiple ePO servers
              GWIRT

              Try enabling the "RSD: Query New Rogue Detection" Automatic Response.

               

              For the machines that are listed as rogue, if you "Query Agent", does that help?