4 Replies Latest reply on Oct 31, 2011 12:18 PM by landmissle

    McAfee ePolicy Orchestrator 4.6.0 Application Server (Tomcat) Consistantly Stops

        Hi folks,

       

        Recently I patched our ePO 4.6 and the MSSQL DB server. Both systems are running Windows 2008 R2. Since then, the console has not been accessable. After some trouble-shooting it became clear that the McAfee ePolicy Orchestrator 4.6.0 Application Server (Tomcat) service was stopping. After seval restarts of the service and restarting the DB I was able to get the console to appear with a laundry list of dependecny error messages and the a login message "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.”

       

        We've had that message appear once before when the AD account that access the database had its' password changed. By accessing https://localhost:8443/core/config  we were able to update the credential information and set things right. Unfortunatly, that trick is not working now.

       

         I've confirmed the account information is correct, by accessing the DB with the same credentials with SQL Server Manager Studio, testing the communiations from the /core/config interface, and logging onto a Windows workstation with the same credentials. However, the same message appears at the console and is confirmed by the logs on the MSSQL database.

       

         Things get more complicated though. Anytime I "apply" the settings from /core/config the Tomcat server crashes again. Typically when restarting the DB and then restarting the McAfee services (Apache, parser, and Tomcat) will get the error ridden console to return, but still obviously things are not correct.

       

          I've been working with McAfee support for the last two days. Sent the log files from the MER utility. No luck so far.

       

        Today, based on their advice, I created a new db account on the MSSQL server with SQL credentials (instead of AD)  and gave it DBO rights to the ePO DB. I then added that information to the /core/config inteface on the ePO server. Things got worse. Now, regardless of service and DB restarts, I can no longer access the /core/config interface. The Tomcat service won't stay alive long and immediately crashes whenever someone attempts access the console or /core/config.

       

        The even viewer on the server shows the Tomcast server crashing  all the time with the error;

       

      The Apache service named  reported the following error:

      >>> [Thu Oct 13 16:03:33 2011] [notice] Disabled use of AcceptEx() WinSock2 API     .

       

      Anytime the Paser service is restarted or the server is rebooted the following MSI Installer error shows in the event log;

       

      Detection of product '{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}', feature 'ePOMain', component '{1F34AFB0-1CCC-44E7-B5BB-5BC4C87F2235}' failed.  The resource 'C:\Windows\SysWOW64\msvcr71.dll' does not exist.

       

      Any ideas or suggestions on where to go from here?

       

       

                                                  Best Regards

       

       

       

       

       

        • 1. Re: McAfee ePolicy Orchestrator 4.6.0 Application Server (Tomcat) Consistantly Stops
          Attila Polinger

          Hello,

           

          my sympathy goes for you. I have been having a similar issue of db connection failure for months on 2 of our systems.

          However, I might have a tip for you. You could enabled debug loggin of Apache and that might produce enough information for you to spot the error.

          https://kc.mcafee.com/corporate/index?page=content&id=KB52369&actp=search&viewlo cale=en_US&searchid=1318590503085

           

          As for the AcceptEx()-like error, this is not a real error and signfiies no severe issue (look it up in McAfee KB).

           

          Please by all means try debug logging and post here if you succeeded or failed in recognizing the root cause.

           

          Attila

          • 2. Re: McAfee ePolicy Orchestrator 4.6.0 Application Server (Tomcat) Consistantly Stops

                   I've made some progressand things are looking much better. I took some actions based on the eventviewer error:

             

                  "Detection of product'{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}', feature 'ePOMain', component'{1F34AFB0-1CCC-44E7-B5BB-5BC4C87F2235}' failed.  The resource'C:\Windows\SysWOW64\msvcr71.dll' does not exist."

             

                  I found that the filemsvcr71.dll did not exist, but there was one called msvcr.71.dl1. I made abackup copy of the file and then named it to msvcr71.dll.

             

                  Since then, Tomcat hasbeen completely stable. I’m still having some problems with the Windows accountlogging onto the MSSQL DB as shown below.

             

                

            10/14/2011 11:12:56,Logon,Unknown,Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: XXX.XXX.XXX.XXX]

            10/14/2011 11:12:56,Logon,Unknown,Error: 18452<c/> Severity: 14<c/> State: 1.

            10/14/2011 11:12:56,Logon,Unknown,SSPI handshake failed with error code 0x8009030c<c/> state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.  [CLIENT: XXX.XXX.XXX.XXX].

            10/14/2011 11:12:56,Logon,Unknown,Error: 17806<c/> Severity: 20<c/> State: 14.

            10/14/2011 11:12:56,Logon,Unknown,Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: XXX.XXX.XXX.XXX]

             

             

                  Instead of being an issue at the console (with the list of dependency failures and the failed log in error) the symptom now appears to be an error that’s displayed while the console is up and running. The admin will be navigating around and the screen will go blank with the error;

                 

                  “An Unknown Error HasOccurred.”

             

                  An “Ok” button is at thebottom that you can select. Often times you’ll need to hit the “OK” button numerous times to finally get a stable screen.

             

                 As, mentioned, when the “An Unknown Error Has Occurred.” is displayed, there is a login error recorded inthe DB logs and appears to be repeating about every 10 minutes.

             

                  BTW, this “An UnknownError Has Occurred” was happening prior to the Tomcat stability issue.

             

                  I may attempt to use a DBtest account I created that uses SQL authentication to see if the DB login (and consequently the “Unknown” errors.) errors are reduced.

             

                  Any thoughts?

            • 3. Re: McAfee ePolicy Orchestrator 4.6.0 Application Server (Tomcat) Consistantly Stops
              notime

              i faced that tomcat services stopping so can not restart it or stop it

               

              my was end the process from Task manager so you can start the service again

              • 4. Re: McAfee ePolicy Orchestrator 4.6.0 Application Server (Tomcat) Consistantly Stops

                     Hi all,

                 

                     Ok, just as a follow-up. My post above solved that Tomcat stability issue. That is, a dll file got renamed and I have to change it back. Not sure "why" the file got renamed; my guess is that a patch changed the name and did not complete the process of replacing the file with the latest version.

                 

                     The DB logon issue has been solved also. The problem was that the agent-handler was sending bad credentials. I uninstalled the agent-handler and deregistered it from the ePO console. I then reinstalled the agent-handler on the target server and registered it again.

                 

                     Everything has been working fine since these two measures were implemented.

                 

                      Hope this inforomation helps someone else.