2 Replies Latest reply on Feb 27, 2010 4:25 AM by johno_2001

    ePolicy Orchestrator 4.5 with agent 4.0 and 4.5 to servers in a different domain...

      I am trying to deploy agents to servers in a different domain to the one that the Epolicy Server resides.

       

      I have been able to deploy the agent to servers in workgroups, by creating a package and installing this locally. This works and the servers connect to the ePolicy server and gett there policies.

       

      When i try to do the same with the servers in the seperate domain i get the following mesage

       

       

      Agent Subsystem 16/12/2009 13:48:45 Info Next policy enforcement in 5 minutes
      Agent Subsystem 16/12/2009 13:48:45 Info Agent finished Enforcing policies
      Management 16/12/2009 13:48:45 Info Agent policy enforcement is disabled by Administrator
      Management 16/12/2009 13:48:45 Info Enforcing Policies for EPOAGENT3000
      Management 16/12/2009 13:48:45 Info Enforcing Policies for EPOAGENT3000META
      Agent Subsystem 16/12/2009 13:48:45 Info Agent Started Enforcing policies
      Agent Monitor 16/12/2009 13:48:45 Detail Enforcing policies
      Agent Subsystem 16/12/2009 13:46:39 Info Next policy enforcement in 5 minutes
      Agent Subsystem 16/12/2009 13:46:39 Info Agent finished Enforcing policies
      Management 16/12/2009 13:46:39 Info Agent policy enforcement is disabled by Administrator
      Management 16/12/2009 13:46:39 Info Enforcing Policies for EPOAGENT3000
      Management 16/12/2009 13:46:39 Info Enforcing Policies for EPOAGENT3000META
      Agent Subsystem 16/12/2009 13:46:38 Info Agent Started Enforcing policies
      Agent Subsystem 16/12/2009 13:46:38 Info Enforcing newly downloaded policies
      Agent Subsystem 16/12/2009 13:46:38 Info New server policy was successfully merged
      Agent Subsystem 16/12/2009 13:46:37 Info New Site List file was received
      Agent Subsystem 16/12/2009 13:46:37 Info Agent received POLICY package from ePO server
      Agent Subsystem 16/12/2009 13:46:37 Info Agent communication session closed
      Agent Subsystem 16/12/2009 13:46:37 Info Package uploaded to ePO Server successfully
      Agent Subsystem 16/12/2009 13:46:36 Info Agent is connecting to ePO server
      Agent Subsystem 16/12/2009 13:46:36 Info Agent is sending PROPS VERSION package to ePO server
      Agent Subsystem 16/12/2009 13:46:36 Info Agent communication session started
      Agent Subsystem 16/12/2009 13:46:36 Info Agent started performing ASCI
      Agent Subsystem 16/12/2009 13:45:38 Info Next policy enforcement in 5 minutes
      Agent Subsystem 16/12/2009 13:45:38 Info Agent finished Enforcing policies
      Management 16/12/2009 13:45:38 Info Agent policy enforcement is disabled by Administrator
      Management 16/12/2009 13:45:38 Info Enforcing Policies for EPOAGENT3000
      Management 16/12/2009 13:45:38 Info Enforcing Policies for EPOAGENT3000META
      Agent Subsystem 16/12/2009 13:45:38 Info Agent Started Enforcing policies
      Agent Subsystem 16/12/2009 13:44:38 Info Agent is looking for events to upload
      Agent Subsystem 16/12/2009 13:40:38 Info Next policy enforcement in 5 minutes
      Agent Subsystem 16/12/2009 13:40:38 Info Agent finished Enforcing policies
      Management 16/12/2009 13:40:38 Info Agent policy enforcement is disabled by Administrator
      Management 16/12/2009 13:40:38 Info Enforcing Policies for EPOAGENT3000
      Management 16/12/2009 13:40:38 Info Enforcing Policies for EPOAGENT3000META
      Agent Subsystem 16/12/2009 13:40:37 Info Agent Started Enforcing policies
      Agent Subsystem 16/12/2009 13:39:38 Info Agent is looking for events to upload
      Agent Subsystem 16/12/2009 13:35:37 Info Next policy enforcement in 5 minutes
      Agent Subsystem 16/12/2009 13:35:37 Info Agent finished Enforcing policies
      Management 16/12/2009 13:35:37 Info Agent policy enforcement is disabled by Administrator
      Management 16/12/2009 13:35:37 Info Enforcing Policies for EPOAGENT3000
      Management 16/12/2009 13:35:37 Info Enforcing Policies for EPOAGENT3000META
      Agent Subsystem 16/12/2009 13:35:37 Info Agent Started Enforcing policies
      Agent Subsystem 16/12/2009 13:34:38 Info Agent is looking for events to upload
      Agent Subsystem 16/12/2009 13:30:37 Info Next policy enforcement in 5 minutes
      Agent Subsystem 16/12/2009 13:30:37 Info Agent finished Enforcing policies
      Management 16/12/2009 13:30:37 Info Agent policy enforcement is disabled by Administrator
      Management 16/12/2009 13:30:37 Info Enforcing Policies for EPOAGENT3000
      Management 16/12/2009 13:30:37 Info Enforcing Policies for EPOAGENT3000META
      Agent Subsystem 16/12/2009 13:30:36 Info Agent Started Enforcing policies
      Agent Subsystem 16/12/2009 13:30:36 Info Enforcing newly downloaded policies
      Agent Subsystem 16/12/2009 13:30:36 Info New policy for lga\administrator was successfully merged
      Agent Subsystem 16/12/2009 13:30:36 Info New server policy was successfully merged
      Agent Subsystem 16/12/2009 13:30:35 Info New Site List file was received
      Agent Subsystem 16/12/2009 13:30:35 Info Agent received POLICY package from ePO server
      Agent Subsystem 16/12/2009 13:30:35 Info Agent communication session closed
      Agent Subsystem 16/12/2009 13:30:35 Info Package uploaded to ePO Server successfully
      Agent Subsystem 16/12/2009 13:30:34 Info Agent is connecting to ePO server
      Agent Subsystem 16/12/2009 13:30:34 Info Agent communication session started
      Management 16/12/2009 13:30:34 Info Collecting Properties
      Agent Subsystem 16/12/2009 13:30:34 Info Checking MAC address...
      Agent Subsystem 16/12/2009 13:30:34 Info Agent started performing ASCI
      Agent Monitor 16/12/2009 13:30:32 Info Agent service is running

      I have tried with and without embedded credenials.

       

      I Started with Agent 4.0 P2 and found this http://community.mcafee.com/thread/10335

       

      I Downloaded and installed Agent 4.0 P3 with embedded credentials (MA400P3Win_EMBEDDED.zip) still no joy.

       

      I downloaded and installed Agent 4.5 again still no joy.

       

       

      Notes:

      There is no Domain Trust.

      The group polices aren't effecting it.

       

       

      Any Ideas anyone ????

       

       

      Simon

        • 1. Re: ePolicy Orchestrator 4.5 with agent 4.0 and 4.5 to servers in a different domain...
          jstanley

          Well it shouldn't break agent-to-server communication but the message below looks like you have disabled policy enforcement on the agent. You can check this in EPO:

          1. Logon to the EPO console
          2. Navigate to the My Organization directory of your system tree (top most directory)
          3. Click Assigned Policies
          4. Select McAfee Agent from the drop down list
          5. Click Enforcing or Not Enforcing next to Enforcement Status: depending on which one is showing
          6. Make sure agent policies are set to Enforcing
          7. Check if inheritance is broken. This will be listed at the bottom of this page in the Broken inheritance below this point: section.

           

          The log you provided appears as if the agent is communicating with the EPO server fine:

          Agent Subsystem 16/12/2009 13:30:35 Info Package uploaded to ePO Server successfully

           

          If that is not assisting then it looks as if you took information from the agent's web-monitor. If you open the web-monitor and click current next to framesvc it should pull down the actual agent log which has more verbose information.