2 Replies Latest reply on Feb 14, 2010 7:55 AM by epository

    RSD Sensor is missing

      HI

       

      I got 1 issue whereby all my RSD sensor is missing here is the situation

       

      1. Previously i am using epo 4.0 patch 4, when i upgrade to epo 4.0 patch 5 it was failed.

      2. During the upgrade i forgot to backup any RSD keystore which is rsd.keystore , key.pem , root.pem and sensor.pem .

          All this key is store under C:\Program Files\Mcafee\ePolicy Orchestrator\Server\Keystore.

      3. After the upgrade to epo 4.0 patch 5 failed. I straight upgrade to epo 4.5 which is success.

      4. However, i notice that all the sensor is missing, when i check C:\Program Files\Mcafee\ePolicy Orchestrator\Server\Keystore, there is

          no rsd key inside.

      5. I only have rsd keystore backup from previous month. So i decide to restore the rsd key from previous month to the Keystore folder.

      6. Unfortunately, it still failed, all the sensor still missing. When i try to deploy new sensor, it cant connect to the epo here i attach  the log.

      7. I found out one error that happen on all sensor which is:

          12-17-09 12:23:27,250 [2256] WARN RSDSensor.ServerCom <> - SocketException: Failed to initiate an SSL connection:

         Error: 0 - 0

         Certificate Verify Result: 19

         Session State: 4401

         Session RState: 240

       

      8.  I check the MCafee KB and manage to find this article KB67099 . I follow all the step but the result still the same.

      9. I suspect my RSD key on the server is corrupted. Is there a way to generate back the ePO RSD key

        • 1. Re: RSD Sensor is missing
          jstanley

          So from the sensor log here is the IP address and port it is attempting to connect to:

          Server communication initialized to URL: https://172.18.216.34:8444/rsdsensor/engine.sm

           

          Is that the correct IP address for your EPO server?

          If you do a "netstat -anb" on your EPO server is tomcat5.exe listening on port 8444?

          From the machine hosting the RSD Sensor does the following command connect successfully: telnet 172.18.216.34 8444

           

          If the answer to all of the above is yes then you may have a problem with your RSD certificate. If the answer to any of the above is no then we have a different problem. If the IP address is incorrect the you can enter the correct IP in your RSD Sensor policy.

           

          The only way to re-generate the RSD Certs is to remove and then re-add the RSD extension. You can find the RSD 4.5 extension to re-add here:

          <install directory for EPO>\Installer\ePO\extensions\rsd.zip

           

          Caution if you delete-re-add your RSD extension this will revert your RSD configuration back to default so consider that a last resort.

          • 2. Re: RSD Sensor is missing
            epository

            We had the same issue with our HBSS where all sensors showed up as passive or missing.

             

            Issue #1 - no reverse lookup for the ePo server in DNS - addded it and it worked. - monitoring of the firewall on the ePo server showed no 8443 traffic coming in.

             

            Issue #2 - had to modify the server.xml file on the ePo server by changing all references to "keystore2" back to "keystore" - then restarted all the McAfee services.  Monitoring of port 8443 traffic showed it coming in from various sensors, but not being processed.

             

            That covers the two situations that we had.