1 2 Previous Next 16 Replies Latest reply on Nov 2, 2011 7:15 AM by ErinC

    Clients inactive after migration from EEM

      Hello all,

       

      I have just setup EEPC611 on our ePO 4.5.4 HF1 server.  I have successfully deployed the client files to a new PC and it completed encrypting fine and I can log on ok etc.

      The issue I have is with migrating a PC from EEPC5.25.  From EEM to ePO.

       

      I exported a test machine from the EEM with its associated users (using the EEMigration tool) then imported the zip into the ePO console and lastly deployed the client files ok to the migrated machine (both agent and encryption client) which was already managed by ePO. The client prompted for a reboot and I let it reboot but after rebooting the old EEPC5 system tray icon is still there and the new EEPC6 system status says "Inactive" - no volume information".  I have forced the mcafee agent to check in etc with no change.

       

      I did have this "Inactive" issue with the test machine which was not migrated but setup as new and I went through the KB article https://kc.mcafee.com/corporate/index?page=content&id=KB68410
      It turned out I needed to edit the dcRedirect.xml file with the updated path, then it worked fine.

       

      I've been through the different possible causes in the above linked KB article but am not sure what to try next.

       

      An anomaly that I have noticed in the McAfee Agent Monitor - "Enforcing User (domain/username) Policies for EEADMIN_1000"
      This appears to report the (back)slash in the domain\username the wrong direction (ie a forward-slash).  Not sure if this is an issue or not?

       

      Any advice appreciated

        • 1. Re: Clients inactive after migration from EEM
          whgibbo

          Hi,

          The client will need to do another Policy enforcement, to obtain the policies and user information from ePO.

           

          During this policy enforcement it will actually migrate from version 5 to version 6.

           

          Hope this helps

          • 2. Re: Clients inactive after migration from EEM

            Hi whgibbo,

             

            Thanks for that but I was aware of the need for another policy enforcement, that's why I wrote "I have forced the mcafee agent to check in etc with no change."

            • 3. Re: Clients inactive after migration from EEM
              whgibbo

              Hi,

              Sorry missed that bit..

               

              Did you open the McTray Icon, then Quick Settings, Endpoint Encryption Status..  Whilst testing, have this open and the McAfee Agent Dialog.

              The Endpoint Encryption Status dialog will update, telling you when events have been created to sent to ePO.  Once these events have been sent and processed, the required data will be sent back to the client.  At which point the policy enforcement will complete.

               

              You can speed this process up, by clicking on the send event button..  Otherwise you will have to wait for the McAfee to send the event.

              • 4. Re: Clients inactive after migration from EEM

                No probs   and yes I have done this (Collect and Send Props and Check & Enforce policies) and there has been no change to the encryption system status.

                 

                I've just examined the MfeEpe.log and it shows the following warnings;

                 

                2011-08-02 15:49:45,490 WARNING EpoPlugin                            enforceUserPolicy: User (domain\username) ignored.

                 

                2011-08-02 16:32:43,349 WARNING MfeEpeEsEncryptionInformationService ..\..\..\Src\EpeFsmHostErrorHandler.cpp: EPE_fsm_host_error_handler::handle: 71: Received service unavailable exception: The service MfeEpeEncryptionInformationServiceClient is currently unavailable

                 

                I have verified that the McAfee Endpoint Encryption Agent service is started.

                • 5. Re: Clients inactive after migration from EEM

                  Can you tell us what message the Endpoint Encryption Status Screen is showing? There should be a one line status message and I'm curious to know what it says. There is a very specific sync sequence that needs to happen in order for the upgrade to complete, and you may just be stuck on one of the steps. Also, have you seen the demo video posted in this post: https://community.mcafee.com/community/business/data/epoenc/blog/2011/07/20/endp oint-encryption-for-pc-v5-to-v6-upgrade-guide ? They show the sequence in detail, so it would be good to look at those and see if you missed any steps.

                  • 6. Re: Clients inactive after migration from EEM

                    Hi DLarson, thanks for your input.


                    The exact message shown on the McAfee Endpoint Encryption Status window is;

                    "System State - Inactive"

                    "Volume Status - No Volume Information"

                    02/08/2011 15:49:45 Created get all users event

                     

                    Progress 0%

                     

                    I believe you're right that it's just stuck on one step ... Yes I did read that whole page you linked, and the extra pages linked off it and both the videos earlier this morning but it hasn't helped with resolving this issue unfortunately.  As far as I can tell I've done everything right.  I've just tried to migrate another test machine with the same results too.

                    • 7. Re: Clients inactive after migration from EEM

                      I'm not sure what time zone you are in, so I can't determine how long it has been stuck in that state. But I can say that there is an expected pause here. The McAfee Agent only sends events back to ePO every 5 minutes (assuming the default MA policy). So you should only see this "Created get all users event" for 5 minutes or less. If you want to speed it along, then click the "Send Events" button in the McAfee Agent Status Monitor.

                       

                      Also, I have seen cases where the event parser service was stopped on the ePO server. If that is stopped, then we cannot send our events to ePO.

                      • 8. Re: Clients inactive after migration from EEM
                        Timmah

                        Just throwing this in there... but is a firewall enabled on the client machine?

                         

                        Reason: event goes up, datachannels come back, enforcement proceeds. With a firewall, Server-to-Agent Communication won't work, thus the datachannels can't be received until the MA next performs an Agent-to-Server Communication.

                         

                        Cheers,

                         

                        Tim

                        • 9. Re: Clients inactive after migration from EEM

                          DLarson -  Yes the agent is configured for the default 5 minute interval for sending events and I'm on GMT so that time-stamp was already a couple of hours old.  I had already tried speeding it along by clicking Send Events to no avail.

                           

                          Confirmed the event parser service is running ok (all the mcafee services on the server are running ok)

                           

                          Timmah - thanks for your input.  I had thought of this already and disabled the Host Intrusion Protection on the test Win7 laptop.  The other WinXP test machine is a VM with no firewall software on.  Windows firewall is disabled by Group Policy.

                           

                          Anyone got any ideas on the the incorrect slash ?  It should be a backslash but shows as a forward slash in the log.  I'm wondering if it's isn't applying the user assignment properly and failing to take over the encryption.  (though it does work fine on non-migrated machines evidently)

                          1 2 Previous Next