2 Replies Latest reply on Feb 1, 2011 9:01 AM by dr_novell

    High Network Utilization

      I’m having a problem with high network traffic to the EPO server. Checked the logs and found that the McAfee agent is looking for events to upload every 5 minutes. On the policy the default for client to server communication is 60 minutes. Is there any modify this?

       

      Agent Subsystem 30/01/2011 12:40:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:35:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:30:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:25:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:20:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:15:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:10:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:05:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 12:00:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 11:55:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 11:50:41 Info Agent is looking for events to upload
      Agent Subsystem 30/01/2011 11:45:41 Info Agent is looking for events to upload

       

      Also I noticed that some of the agents can not communicate with EPO server even though they can ping the server and the server can ping the agent. 

       

      31 January 2011 11:59:52  Error  Agent  Agent failed to communicate with ePO Server
      31 January 2011 11:59:52  Info  Agent  Agent communication session closed
      31 January 2011 11:59:52  Info  Agent  Agent will connect to the ePO Server in 45 minutes and 4 seconds.
      31 January 2011 11:59:52  Info  Agent  Agent communication session started
      31 January 2011 11:59:52  Info  Agent  Agent is sending EVENT package to ePO server
      31 January 2011 11:59:52  Info  Agent  Agent is connecting to ePO server
      31 January 2011 12:00:00  Info  Scheduler  Scheduler: Invoking task [Deploy McAfee Agent 4.5]...
      31 January 2011 12:00:03  Info  Scheduler  Next time(local) of task Deploy McAfee Agent 4.5: 31 January 2011 12:20:00
      31 January 2011 12:00:55  Error  Agent  Agent failed to communicate with ePO Server
      31 January 2011 12:00:55  Info  Agent  Agent communication session closed
      31 January 2011 12:00:55  Info  Agent  Agent will connect to the ePO Server in 9 minutes and 46 seconds.
      31 January 2011 12:01:43  Info  Agent  Agent is looking for events to upload
      31 January 2011 12:01:43  Info  Agent  Agent uploading 10 events to ePO Server
      31 January 2011 12:01:43  Info  Agent  Agent communication session started
      31 January 2011 12:01:43  Info  Agent  Agent is sending EVENT package to ePO server
      31 January 2011 12:01:43  Info  Agent  Agent is connecting to ePO server
      31 January 2011 12:03:01  Error  Agent  Agent failed to communicate with ePO Server
      31 January 2011 12:03:01  Info  Agent  Agent communication session closed
      31 January 2011 12:03:01  Info  Agent  Agent will connect to the ePO Server in 19 minutes and 4 seconds.
      31 January 2011 12:03:32  Info  Updater  Unable to find a valid repository.
      31 January 2011 12:03:32  Info  Updater  Update process failed.
      31 January 2011 12:06:43  Info  Agent  Agent is looking for events to upload
      31 January 2011 12:06:43  Info  Agent  Agent uploading 10 events to ePO Server
      31 January 2011 12:06:43  Info  Agent  Agent communication session started
      31 January 2011 12:06:43  Info  Agent  Agent is sending EVENT package to ePO server
      31 January 2011 12:06:43  Info  Agent  Agent is connecting to ePO server
      31 January 2011 12:07:46  Error  Agent  Agent failed to communicate with ePO Server

       

      Dr

       

        • 1. Re: High Network Utilization

          The message "Agent is looking for events to upload" means that the local agent is looking for files on the local hard drive (I believe in a location like this: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\AgentEvents).  It should not result in any network traffic unless there are events to upload to the ePO server.

           

          The frequency of this check is controlled by the McAfee Agent policy 'Policy Enforcement Interval'.  (Test it out, change that value to 10 and watch your events happen every 10 minutes instead).  Usually you want policy enforcement to be much more frequent as the client to server connect interval. Feel free to increase the time by a lot if you're not worried about users tampering with the McAfee software and you're not concerned about timely notification of events.

           

          As to the errors connecting to the server, I would go to the ePO server, find the client, and then do a 'deploy agent'. Make sure to UNCHECK the box "Install only on systems that do not already have an agent managed by this ePO server" and CHECK the box "Force installation over existing version".  (I usually check the box "Suppress agent installation user interface" too).  The target is probably going to need a reboot.

          1 of 1 people found this helpful
          • 2. Re: High Network Utilization

            Thanks for your reply. I think I found the issue. I noticed that the local repository had not been updated recently. When I tried to update a machine from the local repository it said "Unable to find a valid repository". When I pointed the workstation to a repository that had successfully updated then it was fine. Problem is that if the workstation cannot update from a local repository then it will then try a repository that is across a wan link thus slowing everything down. This was causing a never ending loop as the repository wouldn't update due to the network traffic generated by the workstations updating across the wan.

             

            I have configured email alerting so that I will know when the replication had not completed successfully. It seems that the repository replication task is configured to run for 2.5 hours. Is there a way of changing this setting?

             

            Dr