9 Replies Latest reply on Jul 25, 2011 11:20 AM by curbysan

    Help: Re-encrypting test VM

      Hi all,


      I've done a fair bit of searching on the community and on SE's but cannot find a useful response/answer to my problem.




      I manage our encryption solution and am cunducting final testing with a VM (windows XP SP3 x86) to re-encrypt after fully decrypting and removing agents (all via policy and automated tasks).


      The first test of decryption worked a treat: created a new group, broken inheritance, created a new policy for decryption and un ticked 'enable policy' = easy


      I then tested re-encryption and that went back on a treat after simply moving the system into the group with the encryption policy applied.




      Now i'm stuck with my further test - i've decrypted and created automated tasks to remove the agents, this was successful, but after moving the system back into the group with encryption applied - the agents reinstalled but the encryption will not start - it gets stuck on 'Created get all users event' - what seems strange is that when checking the auth users for the VM in question the full list of users is there on the server, so I can't work out what the hold up is....


      I've also (and bare with the none techy description!) pressed the top 4 buttons on the McAfee Agent Monitor on the VM desktop 'Collect and send props', 'send events', 'check new policies' and 'enforce policies'.




      any suggestions? - did i miss something when removing the agents (I didn't once go to control panel to check they removed)? Am i just not being patient (the deployment tasks are scheduled to run throughout the day)??



      thanks in advance guys



        • 1. Re: Help: Re-encrypting test VM



          Have you broke policy on group or on system? If you assigned policy to system and moved system, then policy for this system followed with it.

          Check also MfeEpe.log for possible errors.



          1 of 1 people found this helpful
          • 2. Re: Help: Re-encrypting test VM

            You should find the system in the system tree and then switch to the "assigned policy" tab. Make sure the policy you think is assigned is actually assigned.


            Also, remember to view the Endpoint Encryption Status screen on the client. If this says anything other than "policy enforcement complete" then it is not done enforcing the policy (even if the McAfee Agent Status Monitor says it is complete).

            1 of 1 people found this helpful
            • 3. Re: Help: Re-encrypting test VM

              thanks for the reply...


              I broke inheritance on the group not on machine and moved the machine between the 2 groups (with different policy applied)


              I'll check the log and see where that gets me also.

              • 4. Re: Help: Re-encrypting test VM

                again thanks for the reply DLarson ....


                the EE sys status does seem to get to the 'policy enforcement complete' state but during the next ASCI the status changes to 'creating get all users event' then to 'created get all users event' then back to 'policy enrocement complete'.


                I checked the policy assigned to the groups and this is correct:


                i have 2 groups - 'laptop encryption' and 'laptop de-cryption' and alos only have 2 policies - 1 for each group, so figure moving the machines between each group was easy (which works until you completely remove the agents and then re-discover the machine....




                it's really just an 'incase' or fall back - i want to know we can fully and cleanly de-crypt then re-encrypt if necessary.

                • 5. Re: Help: Re-encrypting test VM

                  What version of EEPC is this?

                  • 6. Re: Help: Re-encrypting test VM

                    Hi tonyw


                    thanks for the response ....


                    i'm running:

                    EEPC 6.1 (Agent is version 1.1.0)

                    ePO 4.6

                    McAfee Agent



                    i also just tried to delete the system by 'moving GUID to duplicate list and deleting system' this gave a new GUID to the agent but it stil doesn't work....


                    I could try decrypting from the group again??




                    many thanks for the continued help

                    • 7. Re: Help: Re-encrypting test VM

                      Alright so do any policy or user changes affect the system?  Are you able to assign a new user or reset a user's password from EPO and have the policy pushed to the client?


                      If not, does the EpeEventHandler.log on the EPO server contain any errors?

                      By default it will be located at C:\Program Files\McAfee\ePolicy Orchestrator\DB\Logs\

                      1 of 1 people found this helpful
                      • 8. Re: Help: Re-encrypting test VM

                        I can assign new users, but the is no way to verify if the added users are applied - the VM won't actually start to encrypt so any new users/resets can't be tested.


                        I checked the log and it only has 2 lines in:


                        ===== Logging Service Started ===== 1, 1, 0, 248

                        ===== Logging Service Started ===== 1, 1, 0, 248


                        (as does the EpePolicyHandler.log)



                        so no errors....



                        --- I did try manually adding users as you suggested, which worked fine, i then checked later and the agent then populated many more users from the local logon history of the VM, so that indicates that the agent is passing events/props/packages back to the server...

                        • 9. Re: Help: Re-encrypting test VM

                          ok its 'fixed' - i passed the machine through the decryption group again and left for the weekend then dropped back into the encryption group and its started encrypting again - it may have been a bad agent/encryption software deployment/install that failed to start but it's now working again ... sorry for wasting everyones time on this!! i should have tried that earlier




                          thansk for all the help - enjoying being part of the community!



                          Message was edited by: curbysan on 25/07/11 11:20:55 CDT