Since last monday neither the ePO 4.6 Mcafee EPO Event Parser nor Mcafee Application Server start.
The server was downloading updates and there was a power surge in the building. The server is on an UPS and it never shut down, but since then the server was rebooted htis past monday, it displays that one or more services could not start.
When I tried to start the Mcafee Application Server (Apache2, SSL, etc) I received an error 1075: Dependency service does not exist or has been marked for deletion. I googled it and a Java heap size information came up. This doesn´t seem to be related, but I increased the heap size anyway from 512 to 1024, since Win2003 in this case is 32 bits and that was the overall recommendation.
One of the dependencies for this service is the NT LM Security Support Provider.
The Mcafee EPO Event Parser dependes on the Mcafee Application Server so if the first one does not load, the second won't either.
The SQL server instance starts and it reports as started on the services screen.
I start the apache monitor and I see the mcafeeapachesrv250, but if I try to start it, it just gives a message stating "Failure to start service".
Any help wil be greatly appreciated.!
Reading on previous posts and adding information so someone could help out. This is netstat -abn output
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING 2568 tlntsvr.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 740 RpcSs [svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System]
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 460 [lsass.exe]
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 864 TrkSvr [svchost.exe]
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING 2608 [tssdis.exe]
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1992 [sqlservr.exe]
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING 2136 [ntfrs.exe]
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1600 [jqs.exe]
TCP 127.0.0.1:42424 0.0.0.0:0 LISTENING 1340 [aspnet_state.exe]
TCP 22.214.171.124:139 0.0.0.0:0 LISTENING 4 [System]
TCP 127.0.0.1:5152 127.0.0.1:1085 CLOSE_WAIT 1600 [jqs.exe]
TCP 126.96.36.199:1157 188.8.131.52:80 TIME_WAIT 0
UDP 0.0.0.0:4500 *:* 460 [lsass.exe]
UDP 0.0.0.0:1434 *:* 2416 [sqlbrowser.exe]
UDP 0.0.0.0:500 *:* 460 [lsass.exe]
UDP 0.0.0.0:445 *:* 4 [System]
UDP 127.0.0.1:1086 *:* 2696 [iexplore.exe]
UDP 127.0.0.1:1027 *:* 864 TrkSvr [svchost.exe]
UDP 127.0.0.1:1035 *:* 864 RemoteAccess
UDP 127.0.0.1:123 *:* 848 W32Time [svchost.exe]
UDP 127.0.0.1:1036 *:* 864 RemoteAccess [svchost.exe]
UDP 184.108.40.206:137 *:* 4 [System]
UDP 220.127.116.11:138 *:* 4 [System]
UDP 18.104.22.168:123 *:* 848 W32Time [svchost.exe]
As a follow up comment. I an the Mcafee Virtual Technician to diagnose possible known issues. When MVT tries to connect to Internet it states that is has no Internet service on that machine and it cannot connect to Internet.
This is not true since I was online to download the MVT software from mcafee.com and I went into microsoft´s support site to look for the event IDs. Alson I was online in www.mcafee.com to download the stinger software, which by the way did not find any threats.
I don´t really know if I´m posting in the right area, since I have not received a single reply, not even one from the moderator stating I'm talking to myself...
Anyway, it seems like ePO 4.6 is no as stable as I would've wanted it. It turns out that due to the glitch that happened right before the updates were suspended, the MCAFEETOMCATSRV250 service and registry entry are gone, nowhere to be found in the computer.
This defenitely is causing the ePO 4.6 Mcafee EPO Event Parser and the Mcafee ePO Orchestrator 4.6 server to fail when loading.
I was mistaken to name the Mcafeee Orchstrator Server (Apache2) Mcafee Server as the possible root cause when it is because of the missing dependency MCAFEETOMCATSRV250 that everything seems to be failing.
Question: Is there anywhere I can look at the registry and check what the tomcat service is setup? So I may try to work things out before re-installing?
The only solution I found was to re-install ePO.
I followed the Corporate KnowledgeBase ID: KB66616 to the letter. It worked.
TIP. I recommend installing SQLServer2005_SSMSEE for better management of the ep04 database. You could also do it through the CLI, but just to make life easier.
Best of luck to whomever finds him or herself in this situation.
Hello I have similar issue with Event Parser. Service won't start with following warn: mcafee event parser started then stopped... Cause of this issue is mismatch SQLServer TCP/IP port in McAfee configuration. I resolved this issue in the following way:
- run cmd.exe and enter netstat -an
- find sqlserver.exe and check listening port
- other method to find TCP/IP port in MSSQL 2008 is registry editor:
go to branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll and look for value at TcpDynamicPorts attribute (this value is your TCP/IP port of SQLServer)
- run your favourite browser and enter mcaffe epo address for example: https://mcafee:8443/core/config-auth then provide your credentials
- now check whether Database server port in your epo config is matching with sqlserver.exe TCP/IP port (in registry or netstat as I describe above)
- if port doesn't match - change it in epo configuration apply and restart your server