5 Replies Latest reply: Apr 9, 2014 6:03 AM by newag RSS

    ePO 4.6 Mcafee EPO Event Parser and Mcafee Application Server not starting

    Miguel Veliz

      Hello everyone!

       

      Since last monday neither the ePO 4.6 Mcafee EPO Event Parser nor Mcafee Application Server start. 

       

      The server was downloading updates and there was a power surge in the building. The server is on an UPS and it never shut down,  but since then the server was rebooted htis past monday, it displays that one or more services could not start.

       

      When I tried to start the Mcafee Application Server (Apache2, SSL, etc) I received an error 1075: Dependency service does not exist or has been marked for deletion. I googled it and a Java heap size information came up. This doesn´t seem to be related, but I increased the heap size anyway from 512 to 1024, since Win2003 in this case is 32 bits and that was the overall recommendation.

       

      One of the dependencies for this service is the NT LM Security Support Provider.

       

      The Mcafee EPO Event Parser dependes on the Mcafee Application Server  so if the first one does not load, the second won't either.

       

      The SQL server instance starts and it reports as started on the services screen.

       

      I start the apache monitor and I see the mcafeeapachesrv250, but if I try to start it, it just gives a message stating "Failure to start service".

       

      Any help wil be greatly appreciated.!

       

       

       


        • 1. Re: ePO 4.6 Mcafee EPO Event Parser and Mcafee Application Server not starting
          Miguel Veliz

          Hi everyone.

           

          Reading on previous posts and adding information so someone could help out. This is netstat -abn output

           

           

          Active Connections

           

            Proto  Local Address          Foreign Address        State               PID

            TCP    0.0.0.0:23             0.0.0.0:0              LISTENING           2568           tlntsvr.exe]

           

            TCP    0.0.0.0:135            0.0.0.0:0              LISTENING           740       RpcSs   [svchost.exe]

           

            TCP    0.0.0.0:445            0.0.0.0:0              LISTENING           4               [System]

           

            TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING           460          [lsass.exe]

           

            TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING           864      TrkSvr   [svchost.exe]

           

            TCP    0.0.0.0:1029           0.0.0.0:0              LISTENING           2608           [tssdis.exe]

           

            TCP    0.0.0.0:1031           0.0.0.0:0              LISTENING           1992           [sqlservr.exe]

           

            TCP    0.0.0.0:1034           0.0.0.0:0              LISTENING           2136           [ntfrs.exe]

           

            TCP    127.0.0.1:5152         0.0.0.0:0              LISTENING           1600           [jqs.exe]

           

            TCP    127.0.0.1:42424        0.0.0.0:0              LISTENING           1340           [aspnet_state.exe]

           

            TCP    145.15.3.5:139         0.0.0.0:0              LISTENING           4           [System]

           

            TCP    127.0.0.1:5152         127.0.0.1:1085         CLOSE_WAIT         1600            [jqs.exe]

           

            TCP    145.15.3.5:1157        200.44.32.243:80       TIME_WAIT         0

           

            UDP    0.0.0.0:4500           *:*                                    460                [lsass.exe]

           

            UDP    0.0.0.0:1434           *:*                                    2416                [sqlbrowser.exe]

           

            UDP    0.0.0.0:500            *:*                                    460                [lsass.exe]

           

            UDP    0.0.0.0:445            *:*                                    4                [System]

           

            UDP    127.0.0.1:1086         *:*                                    2696            [iexplore.exe]

           

            UDP    127.0.0.1:1027         *:*                                    864            TrkSvr    [svchost.exe]

           

            UDP    127.0.0.1:1035         *:*                                    864            RemoteAccess

            [svchost.exe]

           

            UDP    127.0.0.1:123          *:*                                    848            W32Time [svchost.exe]

           

            UDP    127.0.0.1:1036         *:*                                    864            RemoteAccess  [svchost.exe]

           

            UDP    145.15.3.5:137         *:*                                    4            [System]

           

            UDP    145.15.3.5:138         *:*                                    4            [System]

           

            UDP    145.15.3.5:123         *:*                                    848            W32Time [svchost.exe]

          • 2. Re: ePO 4.6 Mcafee EPO Event Parser and Mcafee Application Server not starting
            Miguel Veliz

            Hi everyone.

             

            As a follow up comment. I an the Mcafee Virtual Technician to diagnose possible known issues. When MVT tries to connect to Internet it states that is has no Internet service on that machine and it cannot connect to Internet.

             

            This is not true since I was online to download the MVT software from mcafee.com and I went into microsoft´s support site to look for the event IDs.  Alson I was online in www.mcafee.com to download the stinger software, which by the way did not find any threats.

             

            Any ideas.?

             

            Thanks!

            • 3. Re: ePO 4.6 Mcafee EPO Event Parser and Mcafee Application Server not starting
              Miguel Veliz

              Hi everyone... 

               

              I don´t really know if I´m posting in the right area, since I have not received a single reply, not even one from the moderator stating I'm talking to myself...

               

              Anyway, it seems like ePO 4.6 is no as stable as I would've wanted it. It turns out that due to the glitch that happened right before the updates were suspended, the MCAFEETOMCATSRV250 service and registry entry are gone, nowhere to be found in the computer.

               

              This defenitely is causing the ePO 4.6 Mcafee EPO Event Parser and  the Mcafee ePO Orchestrator 4.6 server to fail when loading.

               

              I was mistaken to name the Mcafeee Orchstrator Server (Apache2) Mcafee Server as the possible root cause when it is because of the missing dependency MCAFEETOMCATSRV250 that everything seems to be failing.

               

              Question: Is there anywhere I can look at the registry and check what the tomcat service is setup? So I may try to work things out before re-installing?

               

              Thank you!

              • 4. Re: ePO 4.6 Mcafee EPO Event Parser and Mcafee Application Server not starting
                Miguel Veliz

                Hello everyone....

                 

                The only solution I found was to re-install ePO.

                 

                I followed the Corporate KnowledgeBase ID: KB66616 to the letter.  It worked.

                 

                TIP. I recommend installing SQLServer2005_SSMSEE  for better management of the ep04  database. You could also do it through the CLI, but just to make life easier.

                 

                Best of luck to whomever finds him or herself in this situation.

                • 5. Re: ePO 4.6 Mcafee EPO Event Parser and Mcafee Application Server not starting
                  newag

                  Hello I have similar issue with Event Parser. Service won't start with following warn: mcafee event parser started then stopped... Cause of this issue is mismatch SQLServer TCP/IP port in McAfee configuration. I resolved this issue in the following way:

                  - run cmd.exe and enter netstat -an

                  - find sqlserver.exe and check listening port

                  - other method to find TCP/IP port in MSSQL 2008 is registry editor:

                  go to branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll and look for value at TcpDynamicPorts attribute (this value is your TCP/IP port of SQLServer)

                  - run your favourite browser and enter mcaffe epo address for example: https://mcafee:8443/core/config-auth then provide your credentials

                  - now check whether Database server port in your epo config is matching with sqlserver.exe TCP/IP port (in registry or netstat as I describe above)

                  - if port doesn't match - change it in epo configuration apply and restart your server