6 Replies Latest reply on Jun 29, 2011 10:25 AM by DLarson

    Policy updates slow after adding authorized users or changing policies

    rsterling

      When adding a new user to an already encrypted PC we run collect and send props on both the client and server and also do enforce policies.  However, it just seems that the system needs at least 15 - 20 minutes to send this user to the client.  If we try to log into the PBA any time before that, we receive and unknown user error.   Finally we just get tired of waiting and collecting and sending and give it the 15 minutes of time it seems to want.  Why would this be taking this long for a policy whether it be an added user or a product policy change from "No PBA" to "Yes PBA" ?  Is there any way I can give this a kick in the pants?  What am I missing here?  Latest EEPC and ePO 4.5 patched.

       

      Regards,

      Rich S

        • 1. Re: Policy updates slow after adding authorized users or changing policies
          whgibbo

          Hi,
          I'm guessing that you are using EEPC 6.1, correct ?

           

          The communication method had been changed since EEPC 6.0.x, 6.1 now uses ePO Events to send data/requests to the epo server.  The events will be delivered according the McAfee Agent Policy, which is by default every 5 minutes.  High priority one should get delivered

           

          If you click on the McAfee Tray, then select Quick Settings, then Show Endpoint Encryption Status.  It will display the following dialog.

          EEStatusDialog.png

          I have highlighted the area that will get updated during the policy enforcement.  Watch this dialog as well as the McAfee Agent Status monitor dialog. 

          The Endpoint Encryption (EE) Status dialog will tell you when the EEPC policy enforcement has completed.

           

          If the status on the EE status dialog, begins with 'Created' it means that it has created an event to be sent and is waiting for the response to come back from the Agent Handler/ePO Server.

          When you see this, you can click on the Send Events button

           

          McAfeeStatusMonitor.png

           

          Hope this helps.

          • 2. Re: Policy updates slow after adding authorized users or changing policies
            rsterling

            Thank you very much for your detailed reply.  You mention "High priority one should get delivered".  Is there a way to set a priority on a policy?  What would be my best work around to force this quicker?

             

            Regards,

            Rich S

            • 3. Re: Policy updates slow after adding authorized users or changing policies
              whgibbo

              The High priority is for the event, these are sent by the point product (e.g. EEPC).  They can't be manually configured.

              But if a high proprity event has already been sent by any point product during 'collect and send' or 'policy enforcement' then it will fall back to the McAfee Agent Policy setting. 

               

              In reality leaving the machine to do it on its own is the best way.  But for testing or force it, then clicking 'Send Events' on the McAfee Status Monitor will sent event.

              • 4. Re: Policy updates slow after adding authorized users or changing policies

                I'm struggling with the same issue with updating users/groups to all client machines. No matter how many times you manually synchronise or wakeup clients, clients wont update with the added user – “unknown user”. However, every morning ‘somehow’ the policy is magically updated and you can logon with the user. What’s frustrating is even though the status window displays “Policy Enforcement Complete” is doesnt!

                 

                Looking at the MfeEpe log file you can see repeated messages trying to update users:

                 

                2011-06-17 11:20:58,474 INFO    EpoPlugin                            userHandler: processing user updates/requests

                2011-06-17 11:20:58,988 INFO    EpoPlugin                            userHandler: skipping user updates/requests (nothing to do)

                 

                Is there a way of identifying a user being added and matching them against an entry in the log file, like it was possible in SB 5.x.x ?

                • 5. Re: Policy updates slow after adding authorized users or changing policies
                  Timmah

                  Hi Rich,

                   

                  Those log messages imply that the client has no idea that a new user has been added. This could happen if something goes wrong in ePO when attempting to assign a user to a branch/machine, causing any policies to *not* get updated. There's also a background task that runs infrequently to check consistency of these policies. My guess is the background task is cleaning up a failed user action.

                   

                  Would it be possible to attach your orion log?

                   

                  Also, for curiosity, what is the ASCI set to?

                   

                  Cheers,

                   

                  Tim

                  • 6. Re: Policy updates slow after adding authorized users or changing policies

                    I can understand your frustration. The “Policy Enforcement Complete” in the Agent Status Monitor is a lie! The only way to know the true status of the encryption activity is to look in the Endpoint Encryption Status screen (right click McAfee system tray icon, choose Quick Settings > Show Endpoint Encryption Status). We have a product enhancement request in place that asks for better status reporting directly in the Agent Status Monitor, but until that happens we need to keep using the Endpoint Encryption Status screen.

                     

                    As for the speed of the operations, here's what you need to know...

                    • High priority events are sent to ePO every 5 minutes. This is configurable in the McAfee Agent Policy (Policy Catalog > McAfee Agent > Events tab > Enable priority event forwarding).
                    • You could lower this to 1 minute, but this may negatively impact other products ... namely ePO if you're using VSE and have an outbreak, it might overload your ePO server.
                    • If you are using the "add local domain users" feature, it creates another event in a sequence. That's why it is taking you at least 10 minutes - there are two five minute intervals in the process.

                     

                    So although there is a delay, the process is deterministic.