1 2 3 Previous Next 23 Replies Latest reply on Nov 30, 2011 3:11 AM by EPO-Janni

    "Wake up Agents" problem on EPO 4.5

    EPO-Janni

      Hello,

       

      we have problems regarding the "Wake up Agents" action and regarding to push new agents on our EPO 4.5 environment. Usually the EPO agent reactivates with the EPO server if I select a machine in the "System Tree" and chose this action. The "Show agent log" shows the activity and I also see in the server task log that the process is running and is finished after 1 minute. This worked fine for some month in the past without any problems.

       

      Now we have the problem that after sending "Wake up Agents" to a machine the task will be shown in the "Server Task Log" but nothing happens regarding the EPO client log. After some minutes the task failed. We also had this problem some days ago and rebooted the EPO server. After this procedure everything was OK. Now we have the same problem again. Of course we can reboot the EPO server again, but this can't be after some days again and again.

       

      What can I check or what can I do to analyze or solve this problem?

       

      Thanks for your help.

       

      Best regards and greetings from Germany

       

      Janni

        • 1. Re: "Wake up Agents" problem on EPO 4.5
          hem

          Greetings,

           

          If you expand the server task log, it will show the brief message why the server task is failing.

           

          I will suggest you to initate the wakeup for one machine, capture the server.log when wake up is failed from the ePO server (\Program files\McAfee\ePO\DB\Logs), share the machine name (if you can) sothat I can search in the server.log why wakeup is failing.

          1 of 1 people found this helpful
          • 2. Re: "Wake up Agents" problem on EPO 4.5

            YOu need to check your firwall log

             

            Clikc on the McAfee Icon on the ePo server  then navigate to HIPS window and assuming you have the password unlock the interface and then check the firelog traffic and see if the application traffic is blocked

            YOu will also need to check your HIPS : Firewall

             

            Firewall rules policy for  uner the Agent rules and see if its only allow incoming traffic

             

            You also need to query your network admin to see if the McAfee agent port for waking up agent is blocked by a firewall

             

            Message was edited by: allamiro on 4/13/11 12:51:36 PM CDT
            • 3. Re: "Wake up Agents" problem on EPO 4.5
              EPO-Janni

              Hello,

               

              thanks your your answers.

               

              @alamiro: There is no HIPS module installed on the EPO server and on the "problem clients". We have this problem on all machines - on machines with installed HIPS module and on machines without installed HIPS module. So the HIPs isn't the reason for this problem.

               

              @hem: I have tried to send a wakeup to one of our machines and also opened the agent monitor on the target machine. The target machine is reachable (ping, RDP, C$ share). There is no activity on target EPO agent monitor. And the server task failes after 6 minutes. I capured a screenshot:

               

              LOG1.JPG

               

              I also checked the SERVER.LOG on the EPO server. But I found no entries regarding the hostname of the client machine which I waked up. The SERVER.LOG shows many other entries like this:

               

              ...

              20110414074354 I #4444 NAIMSRV  Processing agent props for SERVER123({1A966C56-4868-4228-BE16-98521DF8A55C})

              20110414074354 I #4444 NAIMSRV  Sending props response for agent SERVER123, agent has up-to-date policy

              20110414074411 I #4068 NAIMSRV  Received [PropsVersion] from CLIENT123:{0EE86A72-5FF0-4B9E-A093-4DE354155700}

              20110414074411 I #4068 NAIMSRV  Sending props response for agent CLIENT23, policy files attached (Policy\Server.xml,SiteList.xml)

              20110414074411 I #4068 mod_epo  Signing agent response package with key Kd73kLA4z+6Bv9p4A5D/jM9PTZ0=

              20110414074418 I #4436 NAIMSRV  Received [PropsVersion] from CLIENT234:{9A81C7B2-8561-4B89-AE02-5570F7205E0A}

              20110414074418 I #4436 mod_epo  Signing agent response package with key Kd73kLA4z+6Bv9p4A5D/jM9PTZ0=

              20110414074418 I #3960 NAIMSRV  Received [IncProps] from CLIENT234:{9A81C7B2-8561-4B89-AE02-5570F7205E0A}

              20110414074418 I #3960 NAIMSRV  Processing agent props for CLIENT234({9A81C7B2-8561-4B89-AE02-5570F7205E0A})

              20110414074418 I #3960 NAIMSRV  Sending props response for agent CLIENT234, agent has up-to-date policy

              ...

               

              What can I check/do next?

               

              Thanks and regards

               

              Janni

               

              Nachricht geändert durch EPO-Janni on 14.04.11 08:00:52 MESZ

               

              Nachricht geändert durch EPO-Janni on 14.04.11 09:02:24 MESZ
              • 5. Re: "Wake up Agents" problem on EPO 4.5
                EPO-Janni

                Hello alamiro,

                 

                thanks for your information. But as I wrote that is not a firewall or port blocking problem in our case. I can access all machines and I can also access the EPO agent logs using the port 8081. I also tested it on the EPO server. I sent a wakeup from the EPO server to the EPO server. And I cecked it using the "CmdAgent /s" on the EPO server at same time. The task failed after 6 minutes and on the the EPO agent monitor on the EPO server happend no activities. If I try to initiate an "send props" in the EPO agent monitor everythink works without problems. But if I initiate a wakeup from the EPO console to the EPO server agent it fails aftre 6 minutes.

                 

                We just rebooted the EPO server again and everything is OK until now, because we have to work (deploy and check EPO agents). But I don't find any reasons regarding this problem. I also just cleaned the events in the EPO database and removed 400.000 older events. Now we have currently 50.000 event entries in our SQL EPO database. May be it's an database problem?

                 

                Best regards

                 

                Janni

                • 6. Re: "Wake up Agents" problem on EPO 4.5

                  the error you had some simalirites to what on that post they suggested different answers good luck

                  • 7. Re: "Wake up Agents" problem on EPO 4.5
                    QHAFIZ

                    As you said, restarting ePO Server resolves the issue. Most likely there would be Sequence Error issue.

                    The sequence error would usually starts exponential retry to connect to ePO and eats up all avaiable connections (Windows Server 2003/2008 has 254 Max connections) at ePO Server which further prevents the Agents to connect.

                    Duplicate GUID at multiple Agents can cause sequence error. But there are other reasons for Sequence error as well.

                     

                    You may check KB60776 (to check Sequence error) and KB67473 for remediation.

                     

                    Be carefull if you are using EEPC any version!!!

                     

                    Hope this helps!

                    1 of 1 people found this helpful
                    • 8. Re: "Wake up Agents" problem on EPO 4.5
                      EPO-Janni

                      Hello QHAFIZ,

                       

                      thanks for your information. I am searching every day for "Duplicated systems". Then I remove such duplicated systems in the EPO console. There are 1-3 of this duplicate hostnames per week. But is there any possibility to search for "Duplicated GUIDs"?

                       

                      I checked the server.log and searched for "sequence". I found 5 entries today which looks likes as follow:

                       

                      ...

                      Signing agent response package with key Kd73kLA4z+6Bv9p4A5D/jM9PTZ0=

                      20110415095043 E #3916 NAIMSRV  Agent HOST123 with GUID {20A6AD96-352E-4AFE-9A1A-E3BF5862EEDC} and IP 177.177.128.241 and MAC 0060e0e02217 has an invalid sequence number; expecting 83 > 85

                      20110415095043 E #3916 NAIMSRV  Rejecting agent due to an invalid or duplicate sequence number

                      20110415095043 E #3916 mod_epo  Failed to process agent request

                      ...

                       

                      How can I check or search for multiple GUIDs?

                       

                      Thanks and regards

                       

                      Janni

                      • 9. Re: "Wake up Agents" problem on EPO 4.5
                        Attila Polinger

                        Janni,

                         

                        resolution of duplicate guids with agents need enabling and running a certain server task (not enabled by default). As QHAFIZ stated, KB67473 describes the server tasks that are related to this issue. the article is very brief in pointing out the bottom line (for me at least), that is (underlined)

                         

                        " Duplicate Agent GUID - Remove systems with potentially duplicated GUIDs - This task deletes the systems that have a large number of sequencing errors and classifies the agent GUID as problematic. As a result, the agent is forced to generate a new GUID. The threshold number of sequencing errors is set in the query, Systems with High Sequence Errors."

                         

                        It very briefly refers to that the agent is "forced" to regenerate its GUID. This regeneration does not happen on the fly

                         

                        as could be expected during normal ASCI (considering the sequence errors seen in server.log.)

                         

                        You need to enable the server task (Duplicate Agent GUID - Remove systems with potentially duplicated GUIDs ), and when it runs examines the clients sequence erros and whichever stepped over the limit determined by the query Systems with high Sequence errors, it deletes the node and puts its GUID into a different SQL table.

                        On next ASCI of the said (or any) client ePO examines this other SQL table and if found a matching GUID, instructs the agent to regenerate the GUID (it differentiates between compatible agents and not compatible ones, with respect to regeneration compatiblitiy).

                         

                        I hope this is a more clarifying explanation.

                         

                        Attila

                         

                        Message was edited by: apoling on 15/04/11 12:45:49 CEST
                        1 of 1 people found this helpful
                        1 2 3 Previous Next