The client will need to do another Policy enforcement, to obtain the policies and user information from ePO.
During this policy enforcement it will actually migrate from version 5 to version 6.
Hope this helps
Thanks for that but I was aware of the need for another policy enforcement, that's why I wrote "I have forced the mcafee agent to check in etc with no change."
Sorry missed that bit..
Did you open the McTray Icon, then Quick Settings, Endpoint Encryption Status.. Whilst testing, have this open and the McAfee Agent Dialog.
The Endpoint Encryption Status dialog will update, telling you when events have been created to sent to ePO. Once these events have been sent and processed, the required data will be sent back to the client. At which point the policy enforcement will complete.
You can speed this process up, by clicking on the send event button.. Otherwise you will have to wait for the McAfee to send the event.
No probs and yes I have done this (Collect and Send Props and Check & Enforce policies) and there has been no change to the encryption system status.
I've just examined the MfeEpe.log and it shows the following warnings;
2011-08-02 15:49:45,490 WARNING EpoPlugin enforceUserPolicy: User (domain\username) ignored.
2011-08-02 16:32:43,349 WARNING MfeEpeEsEncryptionInformationService ..\..\..\Src\EpeFsmHostErrorHandler.cpp: EPE_fsm_host_error_handler::handle: 71: Received service unavailable exception: The service MfeEpeEncryptionInformationServiceClient is currently unavailable
I have verified that the McAfee Endpoint Encryption Agent service is started.
Can you tell us what message the Endpoint Encryption Status Screen is showing? There should be a one line status message and I'm curious to know what it says. There is a very specific sync sequence that needs to happen in order for the upgrade to complete, and you may just be stuck on one of the steps. Also, have you seen the demo video posted in this post: https://community.mcafee.com/community/business/data/epoenc/blog/2011/07/20/endp oint-encryption-for-pc-v5-to-v6-upgrade-guide ? They show the sequence in detail, so it would be good to look at those and see if you missed any steps.
Hi DLarson, thanks for your input.
The exact message shown on the McAfee Endpoint Encryption Status window is;
"System State - Inactive"
"Volume Status - No Volume Information"
02/08/2011 15:49:45 Created get all users event
I believe you're right that it's just stuck on one step ... Yes I did read that whole page you linked, and the extra pages linked off it and both the videos earlier this morning but it hasn't helped with resolving this issue unfortunately. As far as I can tell I've done everything right. I've just tried to migrate another test machine with the same results too.
I'm not sure what time zone you are in, so I can't determine how long it has been stuck in that state. But I can say that there is an expected pause here. The McAfee Agent only sends events back to ePO every 5 minutes (assuming the default MA policy). So you should only see this "Created get all users event" for 5 minutes or less. If you want to speed it along, then click the "Send Events" button in the McAfee Agent Status Monitor.
Also, I have seen cases where the event parser service was stopped on the ePO server. If that is stopped, then we cannot send our events to ePO.
Just throwing this in there... but is a firewall enabled on the client machine?
Reason: event goes up, datachannels come back, enforcement proceeds. With a firewall, Server-to-Agent Communication won't work, thus the datachannels can't be received until the MA next performs an Agent-to-Server Communication.
DLarson - Yes the agent is configured for the default 5 minute interval for sending events and I'm on GMT so that time-stamp was already a couple of hours old. I had already tried speeding it along by clicking Send Events to no avail.
Confirmed the event parser service is running ok (all the mcafee services on the server are running ok)
Timmah - thanks for your input. I had thought of this already and disabled the Host Intrusion Protection on the test Win7 laptop. The other WinXP test machine is a VM with no firewall software on. Windows firewall is disabled by Group Policy.
Anyone got any ideas on the the incorrect slash ? It should be a backslash but shows as a forward slash in the log. I'm wondering if it's isn't applying the user assignment properly and failing to take over the encryption. (though it does work fine on non-migrated machines evidently)