7 Replies Latest reply on Sep 14, 2010 9:35 AM by djjava9

    ePO will not push agent to different subnet

    mtb20814

      We are testing ePO. I have been able to get the agent to push to workstations that are in the same subnet as the server, but not to workstations that are in different subnets. We are not a large organization, less than 100 workstations, but have 3 different subnets. I don't want to setup anything else in the different subnets. What do I need to do in order to get this to work?

        • 1. Re: ePO will not push agent to different subnet
          djjava9

          A quick and easy way to deploy the agent is directly from the ePO server.  Deploying agents using this method works very well if you have a smaller environment  and good control over the environment with the appropriate administrator rights.  It’s also a great way to address one off situations where maybe a few agents need to be deployed to new machines on the network.  This is covered in detail in the Product Guide. 

           

          But a key item is troubleshooting the deployment of these agents from ePO.  Of course ePO requires local administrator to deploy agents remotely.  In addition, the machine you are deploying to must have the admin$ share enabled and netbios enabled and not being block by any firewall.  Often troubleshooting the agent deployment can be time consuming but an easier way to troubleshoot is attempting to connect to the potential agent from the ePO server itself.  This should be done from a Run prompt in Windows and a share should be established to \\machinename\admin$. If you are able to connect to the share using credentials then you know the ePO server will be able to deploy an agent to the target machine.  If you can not open this share then there is no way the ePO will be able to deploy an agent remotely.  This is often because of lack of rights to the target machine or a firewall that is blocking netbios communication.  Make sure you confirm you have the appropriate rights on the target machine before deploying the agent from the ePO server.

          • 2. Re: ePO will not push agent to different subnet

            I too have the same problem.  From the EPO 4.5 Server (fresh install), I clicked on Start / Run and typed in \\myworkstationname\admin$ and it brought me to a windows with a bunch of files and folders.  I guess this shows that nothing is blocking the server from reaching out to another subnet machine.  The EPO Server is a 10.0.32.x subnet and my workstation is 192.168.36.x subnet.  I was able to push the agent to my workstation using the IP Address.  This gets overwhelming if we have 500+ systems that we need to push the agents to.  If I go to Detected Systems and select Subnet, I entered all the required field: Subnet Name - Test, Network Address - 192.168.36.0/23 for 255.255.254.0 subnet and then click on Import.  It showed up as "Uncovered".  What is uncovered and why is it uncovered?  Another thing is my server only sees the computers in the 10.0.32.x subnet and nothing outside of that.

             

            This server do have NetBios Enabled and Firewall is Off.  It is a Windows 2008 Server running in a Virtualized Environment using ESX 4.0 which is supported by McAfee.

             

            Any help is much appreciated.

            • 3. Re: ePO will not push agent to different subnet
              djjava9

              it sounds like you are talking about rogue system detection which is a separate functionality then pushing out agents.  so you can of course push out agents thru the normal tree interface where you can enter an ip address, machine name, or browsing thru AD.  The RSD area is a functionality that allows you to detect "rogue" machines that dont have an ePO agent.  A detected system is a machine that does not have an agent and an uncovered subnet does not have rogue sensor.  check out the epo 4.5 product guide and read the chapter on RSD for more info.  https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 21000/PD21812/en_US/epo_450_product_guide_en-us.pdf

              • 4. Re: ePO will not push agent to different subnet

                Thanks for your help.  It didn't quite detected all the Rogue Systems but I did get it to detect ALL the systems in AD which was my ultimate goal.

                 

                I was able to do it by going to System Tree / Select the Group under My Organization.  Go to Group Details and select AD as Synchronization Type and follow the on-screen requirements.

                • 5. Re: ePO will not push agent to different subnet
                  mtb20814

                  Never did get ours to work correctly, it will only 'push' the agent to a workstation that is in the same subnet as the server. I have read through the doc, but am still missing something. With our renewal coming up in a little while, I will make the suggestion that we look elsewhere for a product that works.

                  • 6. Re: ePO will not push agent to different subnet
                    tonyb99

                    You dont have any firewall or subnet traffic restrictions in place that could block the ports EPO uses and have the shares and rights setup?

                    Ive happily run 4.0 and 4.5 over hundreds of subnets, and despite sometimes having to tweak the way I do things to account for network firewall devices and DNS issues its always worked pretty well.

                    Are you working off importing an AD structure or RSD or importing a list of Ip addresses or hostnames and sending the agent installs out?

                    • 7. Re: ePO will not push agent to different subnet
                      djjava9

                      i've been working with epo for 10 years.  it definitely works.  what exact error message are you getting when you try the push?  and are you able to connect to admin$ on the machine you are pushing to from the ePO server?