1 2 Previous Next 12 Replies Latest reply on Feb 24, 2012 10:15 AM by hbss_admin

    Nothing is checking in to the ePO server

      We're having a rather bizarre issue with our ePO server.

       

      No agents, including the McAfee agent installed on the ePO server itself, are able to check into the ePO server for the last week.

       

      Any suggestions?

       

      PG

        • 1. Re: Nothing is checking in to the ePO server
          hem

          May I know the error message do you get while checking the pacakge?

          • 2. Re: Nothing is checking in to the ePO server
            Laszlo G

            Hi hbss_admin, that's strange but you should have a look at ePO's services and see if they are up

             

            - McAfee ePO Event Parser

            - McAfee ePO application server

            - McAfee ePO Server

            • 3. Re: Nothing is checking in to the ePO server

              Hem, not sure which package you're referring to?

               

              We aren't trying to install a package; the issue is that clients that can no longer check into the ePO server for any updates, policy changes, DAT files, etc.

               

              One thing, not sure if it's related or not, but maybe significant.

               

              The apache log file directory filled up all available drive space, and the apache service crashed. We deleted a bunch of files out of \program files\mcafee\epolicy orchestrator\apache2\log; all files 12/31/2011 and earlier. Is it possible there was some critical files in that folder that might have broken something?

              • 4. Re: Nothing is checking in to the ePO server
                Tristan

                No there's no config files or anything critical in the log folder. Have you restarted the server since deleting the files?

                 

                The only things preventing a client reporting to the server is if the ports are blocked by a firewall or if the services aren't listening on the ports.

                 

                Basically are the services that Ulyses31 mentions running.

                 

                Message was edited by: Tristan on 20/02/12 17:22:40 GMT
                • 5. Re: Nothing is checking in to the ePO server

                  Yes, restarted the server since then, several times actually.  All services appear to be running fine. Running queries on event logs or audit logs all work fine. We're able to edit HIPS exception policies and save them just fine. Only the system checking in to the ePO server "last communication time" doesn't work

                   

                  I don't see how there could be any kind of network issue. Even the McAfee Agent on the ePO server itself isn't checking in. I removed the HIPS agent itself and rebooted, just in case HIPS was blocking something from working. The SQL backend, and all the agent handlers, are on the same switch; there is no firewall in between any of them.

                  • 6. Re: Nothing is checking in to the ePO server
                    Laszlo G

                    Are you using SQL Express os SQL Server? Which is its size now?

                    • 7. Re: Nothing is checking in to the ePO server
                      Tristan

                      1. test to see if the ports are open on the server

                           - On any client try and telnet to the 'Agent-to-server communication port'. I think the default it port 80. eg from the command prompt "telnet yourEpoIP 80" if the connection times out then it is a port/network issue. If the screen goes blank try typing "GET" and return, if you get html displayed then you know the server is running and accepting communication.

                       

                      2. Check the agent logs of each of the machines. Hopefully they will contain some diagnostic info to be able to investigate further.

                      • 8. Re: Nothing is checking in to the ePO server

                        Here's another thing.

                         

                        In the Windows event logs, the Apache service is generating application errors about every 30 seconds and referencing the "kernelbase.dll" file in each event log as the "faulting module path"

                         

                        kernelbase.dll is in the folder c: \windows\syswow64

                        • 9. Re: Nothing is checking in to the ePO server

                          telnet clients aren't installed on these machines but netstat shows the ports listening, and there are established connections on both 80 and 443, so it's not a question of the ports not listening.

                          1 2 Previous Next