2 Replies Latest reply on Apr 17, 2012 6:16 AM by Sailendra Pamidi

    Accept connections only from the ePO server

      Hi Folks,

       

      Can anyone explain to me what is the purpose of the "Accept connections only from the ePO server " option that can be found on the general tab of the Agent/Super Agent policy in ePO? I had a SuperAgent that always fails to replicate for serveral weeks now (Failed to upload SiteStat.xml, Connection time out, etc) and after unchecking this option, the replication ha been a succcess. I'm happy with the result, but I want to know, what was the root cause and how unchecking the said option helped.

       

      Thank you,

        • 1. Re: Accept connections only from the ePO server
          tao

          Just a thought and not really sure if it applies here but the MA4.6 had a issue with the SuperAgents:

           

          Release Notes - McAfee Agent 4.6.0

           

          Issue — When Accept connections only from the ePO server is selected in General policy, replication from SuperAgent might fail in a cluster ePolicy Orchestrator environment. (Reference: 647962)

           

          Workaround — Deselect Accept connections only from the ePO server in General policy, then perform agent-to-server communication and replicate SuperAgent.

           

          As for the "root cuase" of the actual issue....hmmm, not sure....

          • 2. Re: Accept connections only from the ePO server
            Sailendra Pamidi

            Please check KB73208. The explanation seems closer to what you mention:

             

             

            Problem

            With ePolicy Orchestrator (ePO) 4.6, replication to SuperAgent Repositories fails and you see the following error:

             

            error code 5 (Access is Denied)

             

             

            Cause

            An agent handler assignment rule was added that excludes the ePO server from the site list. When the ePO server tries to contact the agent to perform replication, the agent cannot tell it is the ePO server as it isn't listed in the site list. In this scenario the Accept connections only from the ePO server policy forbids the connection.