Hi evreybody !
I use McAfee NAC 3.2 (126.96.36.1994) with EPO 4.5 (patch 3).
The implementation of our ePO server consists of two separate clusters, one for the application server and the other for the database, for a total of four separate servers that are actually four virtual machines vmare.
Earlier this month we began the deploy nac windows client about 2000 targets, which have the agent 4.5-4.6 and virusscan 8.8-8.7.
Installation from consoles (EPO deployment tasks) is successful and the NAC client scans occur regularly, while in epo console with various queries we analyze the state of health restored by NAC. The initial helath policy, audit-only mode, provides through four distinct benchmarks, control of virus signatures, version v, the state of the access scanner and the presence of the ms KB958644.
All is right.
We then proceeded to install the client in other nac 3000 target and we realized that these machines even if the client has installed nac (pa 5.2 agent as early as 2000), does not really work, and scanning does not return any results (on target -->show nac status --> The requested systems do not have a Network Access Control status), or new clients are detected in any of the queries for the nac, nac summary for example.
Instead, if the target filter system in the root directory of the tree epo, the client nac 188.8.131.524 is present in more than 5000 targets.
In the log paagent.log the Program Files \ McAfee \ MNAC scanner \ Engine \ windows client of any nac not working with the error appears
2011-Jan-14 12:25:24 XCCDFProcessor INFO: Call to db.open
2011-Jan-14 12:25:24 INFO AuditEngine: ContentDatabase:: open ()
2011-Jan-14 12:25:24 AuditEngine ERROR: 3 Error Preparing statements created: no such table: Benchmark
2011-Jan-14 12:25:24 INFO XCCDFProcessor: Error getting benchmarks for-9E06-4A05-C5B8FD84 B35F-062A6FFCBC55
The recognition of this error mcafee kb stating to do the Update Engine McAfee Content Audit to the most recent release for the Both Policy Auditor Server and Agents.
We performed this update on the server (Audit Engine Content 1071 and Findings Content 1007 ) and some clients, but the situation does not change and the NAC will not correctly scanned.
We tried, without success, to reinstall the client nac, epo agent, we tried to redo the benchmarks in various modes and the initial health policy too, but the 3000 NAC client does not function while the first 2000 work well.
I noticed that the log of Scanner_out.log Program Files \ McAfee \ MNAC scanner any more windows client not working with NAC appears at the beginning this' error:
12-28-11 14:30:02,110  DEBUG Scanner <> - Reloading configuration for Scanner Service.
12-28-11 14:30:02,141  WARN Scanner.ServerCom <> - SSLKeysException while loading keys from keystore: Failure reading keystore:: Could not find object or property.
12-28-11 14:30:02,563  DEBUG Scanner.ServerCom <> - Loading DLL agent utility
12-28-11 14:30:02,906  Scanner.ServerCom ERROR <> - Unable to query key value for Agent: Can not find the file specified.
12-28-11 14:30:02,906  WARN Scanner.ServerCom <> - Unable to generate cert request headers to authenticate. Cert request will be attemped later.
12-28-11 14:30:17,843  INFO Scanner.ScanEngine <> - **** Completed PAStartScan ...
12-28-11 14:30:17,843  Scanner.ScanEngine ERROR <> - PAStartScan returned error: 5: Scan Has Been Canceled calculated previously.
12-28-11 14:30:17,843  DEBUG Scanner.ScannerComm.Enforcement <> - Complete remediation called: 0
12-28-11 14:30:17,843  DEBUG Scanner.ScannerComm.Enforcement <> - Called NAPSHA_remediation, rpending: 0
12-28-11 14:30:17,843  DEBUG Scanner.ScanEngine <> - results: Scan Results -
Health Level: 0
Scan Status: SCAN_FAILED_SCRIPT_ERROR
Next Scan: 2011-12-29T14: 30:17.000 +01:00
What can you do?
Happy new year to evreybody