5 Replies Latest reply on Dec 18, 2009 9:53 AM by TTU

    Systems disappears from ePO



      I have a few systems that appear and disappear from ePO 4.0 depending on whether or not they are VPN'd in.  If they VPN in, they show up.  Shortly after the VPN connection is terminated though they disappear from the ePO db.  Any ideas on what the heck could be causing this?

        • 1. Re: Systems disappears from ePO

          Are you sure this isn't a duplicate GUID problem?  I'd definately check that first as we've seen that cause this type of appear/disappear issue in the past...



          1 of 1 people found this helpful
          • 2. Re: Systems disappears from ePO

            It may also be an issue with ePO not knowing that the machines are using a VPN.


            Is this the first time that the machines are connecting to ePO? If so then what may be happening is that each machine is given the same mac address by the VPN, which causes ePO to overwrite the information for one machine with the information from the next one to connect with the same mac address. ePO has a mechanism to deal with this, but it relies on ePO knowing that the mac address in question belongs to a vpn.


            What are the first six characters of the mac address that these machines are given by the vpn?


            Regards -



            • 3. Re: Systems disappears from ePO

              This was my initial suspicion.  However, after completely blowing away my GUID and generating a new one I still had the same problem.

              • 4. Re: Systems disappears from ePO



                You are correct.  That was the issue.  We figured it out yesterday afternoon.


                Here is the text of the email I received from a McAfee SME.  After adding the first 6 of the MAC address as shown below there were not more issues:



                McAfee ePolicy Orchestrator 4.0
                McAfee Agent 4.0
                McAfee Common Management Agent
                Microsoft Windows (all supported versions, see KB51109 )

                Problem 1

                When a new computer is added to the ePolicy Orchestrator (ePO) tree another computer disappears.

                Problem 2

                The common factor is that this happens with computers that connect via a Virtual Private Network (VPN).


                This problem will only be encountered when the first connection from a client computer to the ePO server takes place over a VPN connection. If the computers first connection is via a Local Area Network (LAN), the correct Media Access Control (MAC) address is added to the table.
                When a computer communicates with the ePO server via VPN, it uses the VPN virtual computer's MAC address and not its own actual MAC address. This VPN MAC address is usually the same for all computers connecting through the VPN.

                Solution 1

                To fix this issue, create a new entry in the ePO ePOVirtualMacVendor table with the Organization Unique Identifier (OUI) which is part of the VPN MAC address.
                Solution 1 - To avoid this issue
                When adding a new computer to ePO Server, ensure that the first connection occurs via a LAN and not via VPN.

                Solution 2

                Solution 2 - To resolve the issue if the computers have already connected via a VPN.
                Step 1 - Determine the VPN MAC address to add to the ePO VendorID field
                The best way to obtain the VPN MAC address is to identify a computer that has connected to the ePO Server for the first time via VPN and removed the previous computer.
                1. From the client computer, use the agent Status Monitor to Collect and Send Props.
                2. Log on to the ePO Console
                3. Click the Systems tab.
                4. Click the System Tree.
                5. Locate the computer that has connected via VPN.
                6. Double-click on the computer to view its properties
                7. To the right of System Information, click More. This will display the VPN MAC address collected from the client.
                8. Scroll down and locate the MAC Address. Make a note of the first six digits of this MAC address in the next step (Example: 00123F21ECED)
                Step 2 - Modify the SQL script to add the computer to the tree.
                NOTE: See KB56429 for how to run SQL scripts provided by McAfee Support using OSQL for ePO 3.6.x and ProtectionPilot.
                Use the SQL command syntax below to add the computer to the tree:
                INSERT INTO ePOVirtualMacVendor (VendorID) values ('######')

                Where: ###### is the first 6 digits of the VPN MAC address collected from the client.
                Example: For a system with 00123F as the first six digits of the MAC address obtained in Step 1:
                INSERT INTO ePOVirtualMacVendor (VendorID) values ('00123F')
                • 5. Re: Systems disappears from ePO

                  Good news, glad it's fixed


                  Regards -