5 Replies Latest reply on Oct 27, 2011 9:14 AM by JoeBidgood

    Agent Handler Difficulties

    townendk

      Hello, to start I'll just explain our ePO infrastructure so that you get an idea what it is I'm trying to achieve.

       

      ePO server - Acts as Agent Handler for its local network. (about 1300 agents)

       

      Agent Handler 1 - Acts as Agent Handler for sister company on another site and their network (about 300 agents)

       

      Agent Handler 2 - Acts as Agent Handler for a seperate network within our main site. Network traffic is highly restricted between our 'main' network and this additional one, but rules are in place to allow bidirectional communication between ePO and AH2. (About 50 agents)

       

      Early this year, the Agent Handlers were updated to v454, and since then - ePO / AH2 communication has been damaged in some way. When going to Configuration -> Agent Handlers within the ePO (4.5) console, I can see the three agent handlers are all set to 'active'. When clicking on the active handlers, I get a list which displays the last communication and the agent count for each agent.

       

      The last communication time for all three handlers is consistent and up to date (a few minutes ago), but the agent count for AH2 displays as a zero. (ePO and AH1 are both listing their correct agent count).

       

      I only got involved with ePO AFTER the 454 upgrade, so I can't say for sure what state ePO was in before that. When I first started looking at this, I immediately realised that ePO and AH2 couldn't communicate with each other (not even ping was working) and the firewall rule which supposedly allowed this communication was set to ANY/ALL traffic. The network team looked into this and it turned out to be a return routing issue, which has since been resolved and now both servers can ping each other.

       

      Before the firewall/routing issue was addressed, the DAT files for the VSE on the AH2 clients was many months out of date, and the sitelist.xml still showed AH2 being v451. I resolved this by producing a new framepkg.exe and distributing that to the client PCs, and their DAT files are now up to date (succesfully downloaded from AH2 according to the log.)

       

      When logging into a client machine on the AH2 network, I can run a VSE update or an agent update and I can see that communications are succesfully going back to AH2 and DAT files are kept up to date - so the agents are most definately being managed by the AH2 now.

       

      Unfortunately, back on ePO on my own network - I still am showing an agent count of zero, and any attempts to deploy an agent to those clients fail.

       

      Can anybody suggest something that I've missed, and what functionality am I losing by having my ePO show an agent count of zero? I know that VSE DATs are up to date from looking at the clients, but I don't know what else we could be missing out on.

       

      Regards,

        • 1. Re: Agent Handler Difficulties
          JoeBidgood

          In the first instance I would look at the server.log and eventparser.log on AH2 - do they indicate any problems? Try restarting the services and then check the logs again - are there any errors during the startup phase?

           

          HTH -

           

          Joe

          1 of 1 people found this helpful
          • 2. Re: Agent Handler Difficulties
            townendk

            Hi Joe, it looks like you may have helped already... at least you've confirmed that there are still communication issues somewhere...

             

            There are a few errors which point towards SQL permissions such as the following:

             

            DESC=The EXECUTE permission was denied on the object 'EPOWorkQueue_HandlerReset', database '(EPO DB)', schema 'dbo',

            Message: The EXECUTE permission was denied on the object 'EPOCore_DeleteTempApacheTomcatUser'

             

            etc etc.

             

            I'll have a chat with our DB guy, but I'm a lot more clued up than I was 20mins ago thanks to you Joe!

            • 3. Re: Agent Handler Difficulties
              JoeBidgood

              Bingo! That'll do it. Permissions issue on the account being used by the AH to access the DB.  We *must* have DBO rights over the db - otherwise we're dead to a greater or lesser degree.

               

              Regards -

               

              Joe

              • 4. Re: Agent Handler Difficulties
                townendk

                High Fives all round! Nice one Joe, you've just solved a mystery.

                 

                The AH is now updating its Agent Count in ePO.

                 

                The reason AH1 and ePO worked fine, is that they use a domain account which had dbo permissions. As the AH2 machine wasn't on the domain, it used a stand alone account with only read/write access.

                 

                Changed this to dbo, and immediately the ePO started updating it's agent count.

                 

                Awesome!

                • 5. Re: Agent Handler Difficulties
                  JoeBidgood

                  No problem  - glad it was comparatively painless

                   

                  Regards -

                   

                  Joe