8 Replies Latest reply on Mar 28, 2012 4:41 PM by SafeBoot

    Scripting component

      Hi all,

       

      I've run into a problem when running the following command:

       

      "sbadmcl.exe -command:GetMachineKey -group:*"

       

      When run it produces the following output:

       

      >>> Connecting to "servername"

      >>> Logging on to the database as "username"

      >>> Logon successful

      >>> Group "groupname"

      >>> Machine "machinename0001"

      >>> Getting key..

      >>> Machine "machinename0002"

      >>> Getting key..

      >>> Machine "machinename0003"

      >>> Getting key..

      >>> Machine "machinename0004"

      >>> Getting key..

       

      When I perform the command on a single entity like machinename0001, I received the expected output as displayed in the scripting guide.  The -group:* method simply displays "getting key..." and then moves on without displaying data.  I'd love to get this to work via the command line.  Any ideas?

       

      Thanks!

        • 1. Re: Scripting component
          rbdudani

          I tested the same command in my test environment and it worked for me....

           


          It shows key information at last in "Command Result" before then it show exactly what you have shown above.. once it go through all machines in all group and finish the task it show keys of all machine in Command result"

           

           

          See below output..

           

          McAfee Endpoint Encryption Scripting Tool

          Copyright ⌐ 1991-2010 McAfee, Inc. All Rights Reserved.

           

          Executable version : 5.2.6.0

          DLL version        : 5.2.6.11

           

          >>> Connecting to "McAfee Endpoint Encryption Database"

          >>> Logging on to the database as "sbadmin"

          >>> Logon successful

          >>> Group "SafeBoot Machines"

          >>> Machine "TESTING-PCSB"

          >>> Getting key..

          >>> Machine "TESTING-PCSB0001"

          >>> Getting key..

          >>> Machine "66464"

          >>> Getting key..

          >>> No key found for machine 00000003

           

           

          Connection result:

           

          ResultCode = 0x00000000

          ResultDescription = The operation completed successfully.

           

           

          Command result:

           

          Command = getmachinekey

          ResultCode = 0x00000000

          ResultDescription = The operation completed successfully.

          Machine(Name=TESTING-PCSB, ID=00000001, NetworkName=TESTING-PCSB)

            Key(Size=128) = A2A9DFAF915DA0E1B7D69D9FA60CEFC33ED42C1CA830CC254F69BB064C08AD8A1D70FD57BEB2881 FFC2E8B602D620CD728D95324B61F7EB06557366B48C69E927FEE4B08AFFA2F65862D117AAD04C1C 31743612A21660C4F1ADD76BB2DE86E4B047C9D090D7BE40F0A7C147A9DE11FDE6A9C9AE408CA9EC 392B6F6C7825A04E1

            ConfigEncryption

              Drive(Letter=c:, DiskNumber=0, PartitionNumber=1) = Partial

            ActualEncryption

              Drive(Letter=c:, DiskNumber=0, PartitionNumber=1) = Partial

          Machine(Name=TESTING-PCSB0001, ID=00000002, NetworkName=TESTING-PCSB)

            Key(Size=128) = A2A9DFAF915DA0E1B7D69D9FA60CEFC33ED42C1CA830CC254F69BB064C08AD8A1D70FD57BEB2881 FFC2E8B602D620CD728D95324B61F7EB06557366B48C69E927FEE4B08AFFA2F65862D117AAD04C1C 31743612A21660C4F1ADD76BB2DE86E4B047C9D090D7BE40F0A7C147A9DE11FDE6A9C9AE408CA9EC 392B6F6C7825A04E1

            ConfigEncryption

              Drive(Letter=c:, DiskNumber=0, PartitionNumber=0) = Partial

            ActualEncryption

              Drive(Letter=c:, DiskNumber=0, PartitionNumber=0) = Partial

          Machine(Name=66464, ID=00000003)

            ConfigEncryption

              Drive(Letter=c:) = Partial

          1 of 1 people found this helpful
          • 2. Re: Scripting component

            Works for me as well Andrew. What's the full command line you are running?

            • 3. Re: Scripting component

              Thanks for the responses.  This is the command syntax I was using.

               

              C:\>sbadmcl.exe -command:getmachinekey -group:* -adminuser:xxxxx -adminauth:xxxxx > filename.txt

               

              After reading that it worked for both of you, I did a little more research on other commands where -group is a valid option.  When I ran those commands, such as GetLastCheckinDate, the scripts stopped upon reaching a certain key entry.  Or to be more clear, the script reaches a specific machine name/ID in the database and the script quits.  I'm sensing corruption in the database...but I'm just not sure what next steps should be to test my theory. 

               

              Thoughts?

              • 4. Re: Scripting component

                Add a -help at the end. You are missing a parameter to define where to save the results.

                 

                They are not output to stdio, they are written to a file, but you didn't tell it what file.

                • 5. Re: Scripting component

                  Are you referencing the -xferdb option for GetMachineKey?  If so, I'm not sure I understand how the -xferdb command will help in this instance since a redirect of output is all I require?  If not, please explain what I'm missing?

                   

                  In my case, we have determined that all scripting commands that use the -group:* option fail when the reach a certain DB entry. 

                   

                  Thanks again for the help.

                  • 6. Re: Scripting component

                    my mistake - I'm so used to using the COM version I thought there was a -file parameter you needed to set.

                     

                    You are right though, the api will abort on error, so if you have a bad object you need to clean that out first.

                    Can I ask why you want to dump all the keys for all the machines though? I hope you're going to keep that information VERY secure ;-)

                    • 7. Re: Scripting component

                      No problema,

                       

                      So logically should I be looking for corruption on the next object ID over the whole database or the next object ID in the current group that is being enumerated? 

                       

                      What are they keys for anyhow? (just joking!)

                       

                      Honestly I'm just doing data dumping to manipulate with Perl(because I can't figure out how to use the COM object with Perl).  I will probably be able to grab the data I want using other commands and will not require the keys to be dumped.  One Use Case for this is being able to wrap some logic around creating a list of entries to be removed for key/license recovery.  There are more, but this is an example.

                      • 8. Re: Scripting component

                        yes, the next item in the current group should be the issue.

                         

                        cleanupmachinegroup is probably your friend here.