3 Replies Latest reply on Jun 18, 2010 7:34 AM by royjacobs

    agent can't update server when no user is logged on

      setup:

      • master repository in head office
      • distributed repository on fileserver in head office
      • Download credentials (agent to repository):   Use credentials of logged-on account
      • share permissions on UNC-path:

                everyone: read

                system: read

                mcafee service account: full control

      • NTFS permissions on folder:

                everyone: read

                system: full control

                mcafee service account: full control

      • repository is selected based on ping time (timeout 30ms)

       

      what goes right:

      • all my distributed repositories update their content from the master repository using the mcafee service account.
      • all client epo agents update from the local distributed repository.

       

      what goes wrong:

      • the epo agent on the servers can't find a valid repository when no user is logged on (not even the mcafeeFTP or mcafeeHTTP)
      • i can't diversify on a repository that only servers need to use the mcafee service account and clients the logged on user
        • 1. Re: agent can't update server when no user is logged on
          JoeBidgood

          This is as designed... if there is no user logged on, then by definition  the "use logged on user" setting cannot work as there are no  credentials that can be used.

          You'll need to specify credentials for the UNC repository instead of using the logged-on user setting. If it's only for the servers you can create a server-only policy with this setting and assign that to the affected machines.

           

          HTH -

           

          Joe

          • 2. Re: agent can't update server when no user is logged on

            it's not possible to set a policy on a repository, only on managed machines.

             

            otherwise i need to duplicate all my repositories, configure them to use the service-account and set them as repository list for a server-only policy, which is not a clean solution, because then i double the amount of repositories, which can even cause conflicts while updating them.

            • 3. Re: agent can't update server when no user is logged on
              JoeBidgood

              Sorry, I should have been clearer

               

              You don't need to duplicate the repositories - instead, you can create a policy for the servers and add the UNC share as a local repository: this will allow you to specify credentials that the servers will use. (I would advise disabling the "real" repository in the same policy so that the servers don't try to connect with the wrong credentials.)

               

              So for example say that your UNC repo is \\server\share and is called "UNC_repo" and is set to "use logged on user." You would create an agent policy where you would add a new UNC repo called "UNC_local", still pointing at \\server\share, but with different credentials specified. Then disable the UNC_repo repository in the policy, and assign this policy to the servers.

               

              HTH -

               

              Joe