9 Replies Latest reply on May 21, 2012 7:04 AM by dmease729

    Failed to process the secure communication request (error=12029) after ePO migration

    malware-alerts

      Used KB71078 and KB67060 to migrate a Win2003 ePO server (4.6) to Win2008 R2.

       

      New ePO server has new netbios name and new IP (which is why I partly used KB67060 since KB71078 does not cover changing the ePO servername.)

       

      Everything works A-1 except for one little thing that is more of an annoyance than a problem.

       

      Upon startup of the ePO services, I get the following errors in the SERVER.LOG:

       

      20120416112149          I          #04992          NAISIGN           RSA BSAFE Crypto-C Micro Edition FIPS 140-2 Module 3.0.0.1

      20120416112153          I          #04992          NAIMSRV           Initializing server...

      20120416112153          I          #04992          NAIMSRV           Database initialization: Starting.

      20120416112153          I          #04992          EPODAL            Microsoft SQL Server 2005 - 9.00.5254.00 (Intel X86)

      20120416112153          I          #04992          EPODAL                      Dec 18 2010 23:05:34

      20120416112153          I          #04992          EPODAL                      Copyright (c) 1988-2005 Microsoft Corporation

      20120416112153          I          #04992          EPODAL                      Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

      20120416112153          I          #04992          NAIMSRV           Database initialization: Succeeded.

      20120416112153          I          #04992          NAIMSRV           Policy Manager initialization: Starting.

      20120416112154          I          #04992          NAIMSRV           Policy Manager initialization: Succeeded.

      20120416112154          I          #04992          NAIMSRV           Server state at startup: Enabled

      20120416112154          I          #04992          NAIMSRV           Checking to see if the ePO server is available.  We will try 12 times.

      20120416112156          E          #04992          MCUPLOAD          Failed to send http request

      20120416112156          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112208          E          #04992          MCUPLOAD          Failed to send http request

      20120416112208          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112220          E          #04992          MCUPLOAD          Failed to send http request

      20120416112220          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112233          E          #04992          MCUPLOAD          Failed to send http request

      20120416112233          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112245          E          #04992          MCUPLOAD          Failed to send http request

      20120416112245          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112257          E          #04992          MCUPLOAD          Failed to send http request

      20120416112257          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112310          E          #04992          MCUPLOAD          Failed to send http request

      20120416112310          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112322          E          #04992          MCUPLOAD          Failed to send http request

      20120416112322          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=12029)

      20120416112358          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=401)

      20120416112909          E          #04992          MCUPLOAD          Failed to receive http response

      20120416112909          E          #04992          MCUPLOAD          Failed to process the secure communication request (error=2)

      20120416113342          I          #04992          NAIMSRV           The Agent Handler successfully connected to the ePO server.

      20120416113342          I          #04992          MCUPLOAD          Successfully disabled CA trust options.

      20120416113343          I          #04992          MCUPLOAD          Successfully disabled CA trust options.

      20120416113343          I          #04992          NAIMSRV           Unloading server private keys

      20120416113343          I          #04992          NAIMSRV           ePolicy Orchestrator server started.

      20120416113343          I          #04992          mod_eporepo          Database initialization: Starting.

      20120416113343          I          #04992          mod_eporepo          Database initialization: Succeeded.

       

       

      As you can see, the server does not respond for the first 10-12 minutes upon startup, generating the "Failed to process the secure communication request" error.

       

      If I try opening the console in a browser during these 10-12 minutes upon startup, I get the McAfee logo with the "please wait" twirling icon. Then after 10-12 minutes everything works fine.

       

      I am not using any agent handlers, and I get the same errors on 3 servers I have migrated so far, 2 of these servers have a very limited amount of agents connecting to them (less than 100).

       

      I looked through the KB articles and the community answers but still cannot find an answer to this annoyance.

       

      Any help appreciated!

        • 1. Re: Failed to process the secure communication request (error=12029) after ePO migration
          malware-alerts

          Forgot to mention, These logs come from a server using SQL2005. I also get the very same behavior with another one using SQL2008R2.

          • 2. Re: Failed to process the secure communication request (error=12029) after ePO migration
            Sailendra Pamidi

            Please post these two files from the ePolicy Orchestrator\Server\Conf\Catalina\localhost folder:

             

            dcredirect.xml

            DataChannel.xml

            • 3. Re: Failed to process the secure communication request (error=12029) after ePO migration
              greatscott

              we get kind of a situation like this, where upon startup, the RSD sensors are checking communicating and the server is inaccessable for about 10-15 mins. we can see this in the orion log.

               

              Message was edited by: greatscott on 4/17/12 7:33:32 AM CDT
              • 4. Re: Failed to process the secure communication request (error=12029) after ePO migration
                malware-alerts

                Sailendra:

                 

                DataChannel.xml:

                <Context docBase="E:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Extensions/installed/DataChannel/4.6.0.1029/webapp"

                privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>

                 

                dcRedirect.xml:

                <Context docBase="E:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Extensions/installed/DataChannel/4.5.0.753/webapp-redirect"

                privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>

                 

                I'm guessing the problem I'm having has something to do with both files not pointing to the same version of the DataChannel extention?

                 

                The DataChannel extention installed on all servers with this issue is 4.6.0.1029

                 

                Thanks.

                • 5. Re: Failed to process the secure communication request (error=12029) after ePO migration
                  Sailendra Pamidi

                  malware-alerts wrote:

                   

                  I'm guessing the problem I'm having has something to do with both files not pointing to the same version of the DataChannel extention?

                   

                  The DataChannel extention installed on all servers with this issue is 4.6.0.1029


                   

                  Yes.

                   

                  Stop the ePO services.

                   

                  Edit the dcRedirect.xml to reflect the 4.6.0.1029 version like so:

                  dcRedirect.xml:

                  <Context docBase="E:/Program Files (x86)/McAfee/ePolicy Orchestrator/Server/Extensions/installed/DataChannel/4.6.0.1029/webapp-redirect "

                  privileged="true" antiResourceLocking="false" antiJARLocking="false"></Context>

                   

                  Start the ePO services and check if the messages go away.

                  1 of 1 people found this helpful
                  • 6. Re: Failed to process the secure communication request (error=12029) after ePO migration
                    malware-alerts

                    Sailendra,

                     

                    Made the change, I still get the same error upon startup but it doesn't take as long to be able to login to the ePO console (4 minutes compared to 10-12 before):

                     

                    20120418143908          I          #05676          NAISIGN           RSA BSAFE Crypto-C Micro Edition FIPS 140-2 Module 3.0.0.1

                    20120418143909          I          #05676          NAIMSRV           Initializing server...

                    20120418143909          I          #05676          NAIMSRV           Database initialization: Starting.

                    20120418143910          I          #05676          EPODAL            Microsoft SQL Server 2005 - 9.00.5254.00 (Intel X86)

                    20120418143910          I          #05676          EPODAL                      Dec 18 2010 23:05:34

                    20120418143910          I          #05676          EPODAL                      Copyright (c) 1988-2005 Microsoft Corporation

                    20120418143910          I          #05676          EPODAL                      Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

                    20120418143910          I          #05676          NAIMSRV           Database initialization: Succeeded.

                    20120418143910          I          #05676          NAIMSRV           Policy Manager initialization: Starting.

                    20120418143911          I          #05676          NAIMSRV           Policy Manager initialization: Succeeded.

                    20120418143911          I          #05676          NAIMSRV           Server state at startup: Enabled

                    20120418143911          I          #05676          NAIMSRV           Checking to see if the ePO server is available.  We will try 12 times.

                    20120418143930          E          #05676          MCUPLOAD          Failed to process the secure communication request (error=401)

                    20120418144440          E          #05676          MCUPLOAD          Failed to receive http response

                    20120418144440          E          #05676          MCUPLOAD          Failed to process the secure communication request (error=2)

                    20120418144856          I          #05676          NAIMSRV           The Agent Handler successfully connected to the ePO server.

                    20120418144856          I          #05676          MCUPLOAD          Successfully disabled CA trust options.

                    20120418144856          I          #05676          MCUPLOAD          Successfully disabled CA trust options.

                    20120418144857          I          #05676          NAIMSRV           Unloading server private keys

                    20120418144857          I          #05676          NAIMSRV           ePolicy Orchestrator server started.

                    20120418144857          I          #05676          mod_eporepo          Database initialization: Starting.

                    20120418144857          I          #05676          mod_eporepo          Database initialization: Succeeded.

                    • 7. Re: Failed to process the secure communication request (error=12029) after ePO migration
                      Sailendra Pamidi

                      Good to know that the situation improved. I think the original problem of the 12029 errors having to do with Datachannel communication went away.

                      For the remaining errors, the error=2 points to proxy communication attempt -

                       

                      Do you have any proxy defined in your IE connection settings?  Please check if you have the option to 'bypass proxy for local connections' option checked. If not, please check it. Also, enable debug level 8 log and see if it retuns more detail. If all else fails, we may need to capture a wireshark trace at the time of service startup to see what is going on.

                      • 8. Re: Failed to process the secure communication request (error=12029) after ePO migration
                        malware-alerts

                        Sailendra,

                         

                        Indeed the ePO servers go through a proxy in order to get to the intetrnet. This can sometimes be problematic when the servers try to synch with HTTP or FTP to McAfee servers.

                         

                        At this point I'll simply get a bypass rule in place to let the ePO servers connect directly to the internet without going through the proxy, this will most probably get rid of any communication issues on startup.

                         

                        Thanks for your help!

                        • 9. Re: Failed to process the secure communication request (error=12029) after ePO migration
                          dmease729

                          Hi,

                           

                          As per https://community.mcafee.com/message/240928, I am looking to upgrade from 4.0 to 4.6 on a new server with new name and IP - would it be possible for you to provide a quick summary of the order of the steps you carried out, and which ones you specifically used from KB67060?  I assume that the relevant steps were 9,13, 16-18 and 20 from what I can see (the other steps look to be cluster specific).  Also, were these steps carried out after the DB restore in KB71078?

                           

                          cheers,