4 Replies Latest reply on Nov 9, 2010 9:07 PM by tmckinney

    ePO 4.5 can't work on Windows SBS 2003R2 premium

      I am an administrator of a small-business local area network. The domain controller is a Dell PowerEdge 2600, 1GB RAM  and is loaded with Windows SBS 2003R2 premium and McAfee EPo 4.5. Then I did the following in that order:

      (1) Using SystemTree of EPo 4.5 I selected  38 pcs (37 clients and the the domain controller).

      (2) I went to each client and I manually installed from a CD VirusScan 8.7i and McAfee Agent 4.5 from FrmPkg.exe.

      (3) All PCs in SystemTree are marked "unmanaged" even after cmdagent /p is exected from each client and epo server..


      When EPo was installed,   the following three ports were entered (default ports were not accepted by EPo):

      (a) Agent-to-Server communication port: 54321

      (b) Agent Wake-Up communication port: 54322

      (c) Agent Broadcast communication port: 54323


      Other ports were the default ones.


      I suspect that the ISA server 2004 is blocking communication between the  clients and the epo server.  Please tell me how I can configure the epo  server.  Thank you in advance for your cooperation.

        • 1. Re: ePO 4.5 can't work on Windows SBS 2003R2 premium

          If you suspect a port is being blocked, you can test the port by telnetting to the port on the remote machine.  For example, you can open a command prompt (start...run...cmd) on a workstation and type "telnet <machine-name-or-ip-address> <port#>"... like "telnet 54321".  If the workstation is Vista or Win7, though, telnet may not be installed by default, but may be installed in Programs and Features in the control panel.


          If the connection times out, it could be (1) the destination machine is not listening on that port, or (2) the port is being blocked.


          If your window changes to a blank window, the connection was successful.  You'll probably have to close the command prompt window manually.


          If you want to see a log of what the McAfee Agent is doing, open a browser window to http://localhost:<agent-wakeup-communication-port>.  In your case it would be http://localhost:54322  You should see problems logged here if your client's agent is having problems communicating with the ePO Server.


          If you don't have subnet/ip sorting set up on your ePO server, you might be able to find your systems in the Lost and Found in the Systems Directory tree.

          • 2. Re: ePO 4.5 can't work on Windows SBS 2003R2 premium

            Thank you tmckinney.  Even with the helpful hint you gave me, I could not successfully configure epo and isa server 2004 and hence, instead of ePO,  I wanted to use a mirror task to copy files from ftp.nai.com/commonUpdater to our server and edit repository list on each of client computers so that the client can download from our server.  The mirror task very often fails and therefore I want to use GlobalScape CuteFTP  8.3.4 to download files Catalog.z, siteStat.xml and folder Current. Because our internet speed (128 Kbs) is very low I want to copy only relevant folders and files from folder "current".  Please tell me which folders and files should I copy from ftp.nai.com/commonUpdater/current. McAfee VirusScan 8.7i Enterprise including Patch 3 is installed on all 38 computers.



            Message was edited by: wondimuf on 11/2/10 8:16:32 AM CDT



            Message was edited by: wondimuf on 11/2/10 8:18:54 AM CDT



            Message was edited by: wondimuf on 11/4/10 12:51:55 AM CDT
            • 3. Re: ePO 4.5 can't work on Windows SBS 2003R2 premium

              I've moved this thread to our ePO area for better attention by a community expert.

              • 4. Re: ePO 4.5 can't work on Windows SBS 2003R2 premium

                Updates may fail without all the files, I would suspect it is an error checking mechanism by the updater.  Not sure if you can take any shortcuts on the update repository.


                However, if your ePO server is downloading updates (Repository Pull), besides having your clients update directly from the ePO server, you can create Distributed Repositories that can update in one of three methods: UNC, http, or ftp.  If both your ePO server and your clients can reach the same resource (like a UNC share or http/ftp site), you can set up a distributed repository, set an ePO server schedule to make a regular repository replication (update the distributed repository), and configure the policies for your McAfee Agent to point to the distributed repository to get updates.


                But if your clients cannot share a repository managed by your ePO server, I'm not sure your clients are receiving policies from the ePO server either, so your VirusScan clients may be working as stand alone systems, anyway.  Not sure what the ePO server could do at this point.


                Are your VirusScan clients DAT versions within 30 days?  If not, you would be well served to download a superdat file or xdat file and update your clients locally, and keep up with updates incrementally.  The incremental updates should be too bad.  If you still have problems with download speeds if you're only a day or two out of date, you may check network port settings between your network switch and PCs...they should either both be "auto" or should both be hard coded for the same speed/duplex setting (I strongly recommend both be set to "auto", because the next time you replace or rebuild a PC, the default will be "auto").  Port mismatches, as they are called, cause many hard to diagnose network problems.