7 Replies Latest reply on Dec 29, 2009 10:55 AM by Quitch

    Deployed RSD sensors but none reporting in

    Quitch

      I setup a client task to deploy an RSD sensor to each DHCP server, I then modified the RSD policy to allow for DHCP monitoring and setup a listening subnet rule to cover all my subnets. However, on the RSD screen it lists no sensors on my network, yet if I check on the DHCP servers I can see that the sensor has been deployed.

       

      Why are they not reporting in?

        • 1. Re: Deployed RSD sensors but none reporting in
          jstanley

          First check and make sure the sensors installed correctly on the clients. The easiest method for this is to open up services and see if you have the following service present and started:

          McAfee Rogue System Sensor

           

          Assuming the sensor service is present and started the next step would be to check the RSDSensor_out.log and see what the error is communicating with the EPO server. The log should be located here (by default):

          C:\Program Files\McAfee\RSD Sensor\RSDSensor_out.log

           

          In that log you should find some sort of error as well as the IP address the sensor is trying to use to communicate with the EPO server. If the IP address is wrong you can correct this in the RSD Sensor policy on the General tab put the IP address for the EPO server in the Server name field.

           

          I hope that helps!

          1 of 1 people found this helpful
          • 2. Re: Deployed RSD sensors but none reporting in
            Quitch

            I'm seeing the following:

             


            12-29-09 04:36:40,827 [1600] WARN RSDSensor.ServerCom <> - SocketException: Failed to connect to remote host :8444

            10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

             

             

            I've confirmed the IP in policy is correct, however am I correct in thinking that I should be seeing the host ip or name in front of the port number?

             

            The port corresponds to the secure client - server communications port.

            • 3. Re: Deployed RSD sensors but none reporting in
              jstanley

              So this is a straight-forward failure to connect. If the IP is correct then try the following:

              1. Run a netstat on your EPO server (netstat -anb) and make sure tomcat5.exe is listening on port 8444
              2. Assuming tomcat is listening on the correct port on the EPO server then do a telnet test from the client hosting the sensor (telnet<IP address of the EPO server> 8444)

               

              If the server is not listening on the correct port then we have many different possibilities I'd rather only go into if that is the problem. If the server is listening on the correct port but the telnet test is failing then something (ie a firewall) is blocking the communication. The most likely culprit would be the windows firewall on the EPO server.

               

              I agree the IP address should be included in the log but it is not (even on working sensors).

              • 4. Re: Deployed RSD sensors but none reporting in
                Quitch

                I found if I sent a wakeup command with a forced policy update the sensors are now correctly reporting back.

                • 5. Re: Deployed RSD sensors but none reporting in
                  jstanley

                  Well then that makes sense. I'm guessing you put the correct IP address in the sensor policy the client had not enforced this policy yet.

                   

                  I'm glad to hear the mystery is resolved

                  • 6. Re: Deployed RSD sensors but none reporting in
                    Quitch

                    Well, the IP was already in the default policy so I'm unsure why the sensors didn't get it at delpoyment, but hey ho.

                    • 7. Re: Deployed RSD sensors but none reporting in
                      Quitch

                      Performed agent wake-up with forced policy refresh.