Reading on previous posts and adding information so someone could help out. This is netstat -abn output
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING 2568 tlntsvr.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 740 RpcSs [svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System]
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 460 [lsass.exe]
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 864 TrkSvr [svchost.exe]
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING 2608 [tssdis.exe]
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1992 [sqlservr.exe]
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING 2136 [ntfrs.exe]
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1600 [jqs.exe]
TCP 127.0.0.1:42424 0.0.0.0:0 LISTENING 1340 [aspnet_state.exe]
TCP 188.8.131.52:139 0.0.0.0:0 LISTENING 4 [System]
TCP 127.0.0.1:5152 127.0.0.1:1085 CLOSE_WAIT 1600 [jqs.exe]
TCP 184.108.40.206:1157 220.127.116.11:80 TIME_WAIT 0
UDP 0.0.0.0:4500 *:* 460 [lsass.exe]
UDP 0.0.0.0:1434 *:* 2416 [sqlbrowser.exe]
UDP 0.0.0.0:500 *:* 460 [lsass.exe]
UDP 0.0.0.0:445 *:* 4 [System]
UDP 127.0.0.1:1086 *:* 2696 [iexplore.exe]
UDP 127.0.0.1:1027 *:* 864 TrkSvr [svchost.exe]
UDP 127.0.0.1:1035 *:* 864 RemoteAccess
UDP 127.0.0.1:123 *:* 848 W32Time [svchost.exe]
UDP 127.0.0.1:1036 *:* 864 RemoteAccess [svchost.exe]
UDP 18.104.22.168:137 *:* 4 [System]
UDP 22.214.171.124:138 *:* 4 [System]
UDP 126.96.36.199:123 *:* 848 W32Time [svchost.exe]
As a follow up comment. I an the Mcafee Virtual Technician to diagnose possible known issues. When MVT tries to connect to Internet it states that is has no Internet service on that machine and it cannot connect to Internet.
This is not true since I was online to download the MVT software from mcafee.com and I went into microsoft´s support site to look for the event IDs. Alson I was online in www.mcafee.com to download the stinger software, which by the way did not find any threats.
I don´t really know if I´m posting in the right area, since I have not received a single reply, not even one from the moderator stating I'm talking to myself...
Anyway, it seems like ePO 4.6 is no as stable as I would've wanted it. It turns out that due to the glitch that happened right before the updates were suspended, the MCAFEETOMCATSRV250 service and registry entry are gone, nowhere to be found in the computer.
This defenitely is causing the ePO 4.6 Mcafee EPO Event Parser and the Mcafee ePO Orchestrator 4.6 server to fail when loading.
I was mistaken to name the Mcafeee Orchstrator Server (Apache2) Mcafee Server as the possible root cause when it is because of the missing dependency MCAFEETOMCATSRV250 that everything seems to be failing.
Question: Is there anywhere I can look at the registry and check what the tomcat service is setup? So I may try to work things out before re-installing?
The only solution I found was to re-install ePO.
I followed the Corporate KnowledgeBase ID: KB66616 to the letter. It worked.
TIP. I recommend installing SQLServer2005_SSMSEE for better management of the ep04 database. You could also do it through the CLI, but just to make life easier.
Best of luck to whomever finds him or herself in this situation.
Hello I have similar issue with Event Parser. Service won't start with following warn: mcafee event parser started then stopped... Cause of this issue is mismatch SQLServer TCP/IP port in McAfee configuration. I resolved this issue in the following way:
- run cmd.exe and enter netstat -an
- find sqlserver.exe and check listening port
- other method to find TCP/IP port in MSSQL 2008 is registry editor:
go to branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll and look for value at TcpDynamicPorts attribute (this value is your TCP/IP port of SQLServer)
- run your favourite browser and enter mcaffe epo address for example: https://mcafee:8443/core/config-auth then provide your credentials
- now check whether Database server port in your epo config is matching with sqlserver.exe TCP/IP port (in registry or netstat as I describe above)
- if port doesn't match - change it in epo configuration apply and restart your server