4 Replies Latest reply on Aug 9, 2010 7:05 PM by rmetzger

    ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

      I am a deployment lead at an Enterprise organization. The ePO administrator is having difficulties installing agents across the enterprise which she blamed on computers having duplicate names and IP addresses (re-imaged computers showing up in the network with two names and two different IP addresses through the ePO server). Also she claims she cannot push the Agent and then the AV ans AS installs. It runs on a schedule of 2:30 pm for the agent and 3:30 pm for the AV cllient and then 4:00pm for the AS module.

       

      We were deploying workstations bare without any antivrus or antispyware but the delay was exposing our workstations for an extraordinary amount of time which may have led to some of them being infected by viruses. So as the main lead I thought it would not hurt to pre-deploy VirusScan 8.7i onto the image (with no agent installed). She says that this practice of pre-installing VirusScan causes her not to be able to 'see' the computers and deploy the ePO agent. The facts are  is that she can deploy the agent on some of the machines but not others (same exact image).  I don't think that the ePO server should be thwarted by VirusScan already being deployed.Can anyone tell me the facts?

       

      ePO server 4.0

      epO agent 4.0.0.1494

      VirusScan 8.7i Patch 3 (8.7.0.570)

      Antispy Module 8.7.0.129

      Windows XP workstations

      Windows 7 workstations

      Windows Server 2003

      Windows Server 2008

        • 1. Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

          First issue (having problems deploying to machines with same name/ip) could be correct. Depends on a lot of things and the way EPO is set up in the organisation.

           

          I don't believe the second issue (pushing ASE/VSE instantly) is actually an issue. The EPO Admin should be able to get computers to get the software at any stage.

           

          Third issue (VSE already installed affecting CMA install from EPO) is not correct. CMA will install regardless of VSE or ASE already on the machine. However, it can cause some issues with features being enabled that the Admin specifically doesn't want installed (eg Email scanners etc).

          • 2. Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent

            What would some the things that would cause workstations to show duplicate IP/Host Names in the EPO server?

            Also how does the ePO administrator push the Agent/VSE/ASE instantly to a workstation or a group of workstations(lab)?

            • 3. Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent
              ittech

              I totally agree with Mal09.

               

              We pre-install VSE 8.7i and AntiSpyware before deploying an agent in my environment. We have an AD domain and our ePO syncs with that everynight and an agent is deployed to any unmanaged system. It works well.

               

              The duplicate PCs/IPs could be a result of the ePO actively searching for PCs combined with Syncing if you have that in place.

              • 4. Re: ePO administrator says pre-installing VSE 8.7i and Antispy Module prevents deployment of agent
                rmetzger

                johnbtech wrote:

                 

                I am a deployment lead at an Enterprise organization. The ePO administrator is having difficulties installing agents across the enterprise which she blamed on computers having duplicate names and IP addresses (re-imaged computers showing up in the network with two names and two different IP addresses through the ePO server). Also she claims she cannot push the Agent and then the AV ans AS installs. It runs on a schedule of 2:30 pm for the agent and 3:30 pm for the AV cllient and then 4:00pm for the AS module

                 

                Hi John,

                 

                Well, this problem has been discussed in several places here at these forums.

                 

                I think the problem is related to AgentGUID and MacAddress within the image getting cloned and thereby not Unique. ePO gets confused and creates the problems you specified.

                 

                The solution can be handled best during the imaging process. Just before creating the image, delete the AgentGUID and MacAddress registry entries (listed below). Immediately create the image without rebooting or any further ePO ASCI. When the image is cloned to the new PC, these registry entries are constructed uniquely.

                 

                Alternatively, you could delete these registry entries after the cloning process, but before access to the ePO server is initiated.

                 

                See this thread for details: https://community.mcafee.com/message/140545#140545

                 

                Below, I have used this batch file to handle the process of deleting these entries. The script is designed to be used with either technique as you desire (pre or post image deployment).

                DeleteAgentGUID-MacAddress.Bat:

                @echo off title  McAfee AgentGUID and MacAddress Removal Tool - by Ron Metzger
                      echo.
                      echo  The McAfee Agent communicates with ePO, Protection Pilot, or McAfee's
                      echo  update services, using registry values of AgentGUID and MacAddress, to
                      echo  uniquely identify each system. Imaging or duplicating a system breaks
                      echo  these unique identifiers. Clearing these values, followed by a reboot or
                      echo  services restart, repopulates these values with new and unique entries.
                      echo.
                      echo  Prior to duplication, clear these registry entries and create the image
                      echo  before restarting services or rebooting.
                      echo.
                      echo  Otherwise,
                      echo.
                      echo  After duplication, clear these values, then reboot or restart the services.
                      echo.
                      echo  VSE v8.7i (or above) by default, self-protects against certain changes.
                      echo  In order to make either registry change, temporarily disable the
                      echo  self-protection settings within VSE v8.7i (or above).
                      echo.
                      echo  From the VirusScan Console:
                      echo  Access Protection > Properties
                      echo    Uncheck 'Prevent McAfee services from being stopped'
                      echo    Common Standard Protection
                      echo      Uncheck (un)Block 'Prevent modification of McAfee files and settings'
                      echo      Uncheck (un)Block 'Prevent modification of McAfee Common Management Agent'
                      echo.
                      Choice.exe /C:YN /N " Press  Y  to continue,  N  to skip . . ."
                      if ErrorLevel 2 goto Exit
                      echo  Stopping services . . .
                      net stop McAfeeFramework /yes
                      net stop McShield /yes
                      net stop McTaskManager /yes
                      echo  Stopping services, done.
                      echo  Deleting registry entries . . .
                      REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F
                      REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F
                      REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /f
                      REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /f
                      echo  Deleting registry entries, done.
                      echo.
                      echo  Please re-enable the self-protection settings within
                      echo  VSE v8.7i (or above) to there original values.
                      echo.
                      echo  From the VirusScan Console:
                      echo  Access Protection > Properties
                      echo    Check 'Prevent McAfee services from being stopped'
                      echo    Common Standard Protection
                      echo      Check Block 'Prevent modification of McAfee files and settings'
                      echo      Check Block 'Prevent modification of McAfee Common Management Agent'
                      echo.
                      Choice.exe /C:YN /N " Press  YN  to continue . . ."
                      echo.
                      echo  About to restart McAfee services.
                      echo  This will repopulate AgentGUID and MacAddress values.
                      echo.
                      echo  Please do Not start these services if Imaging this system Now. (Choose Skip.)
                      echo.
                      Choice.exe /c:YN /T:N,15 /N " Restart Services?  Y  to continue,  N [or wait 15 seconds]  to skip . . ."
                      if ErrorLevel 2 goto Exit
                      echo  Starting services . . .
                      net start McAfeeFramework /yes
                      net start McShield /yes
                      net start McTaskManager /yes
                      echo  Starting services, done.
                      Choice /c:YN /T:Y,15 /N " Press  YN [or wait 15 seconds]  to continue . . ."

                :Exit

                Hope this helps.

                Ron Metzger