4 Replies Latest reply on Feb 13, 2013 3:44 AM by tiste

    Re-install epo server 4.5 but no communication with agents

      Hi everybody,

       

      I just reinstalled a new server with epo 4.5 on it.

      My former server was named "eposerver1.domain.com" and my pcs were communicating with it from the agent installed by framepkg from the directory \ProgramFiles\McAfee\ePolicyOrchestrator\DB\....\0409\Framepkg.exe

      I changed the server hardware for a better one and reinstalled from scratch with Server 2008 R2 and EPO 4.5.

       

      The thing is that all my clients are pointing to the old server and i changed the name of the new server but not the ip address!!!!! I would like know the clients to point to "eposerver2.domain.com" but with no chance so far...

       

      So these are the solutions I tried with no success :

      - copied framepkg.exe from new server and installed to clients but it does not update the domain name server when I right click on McAfee Agent - About...

      - synchronised my new epo server with AD but all the clients appeared not managed

      - deployed clients with epo console, no way

      - changed values in clients registry by renaming the character chain with the new eposerver

      - uninstalled all mcafee products on a pc with the command line : "Frminst.exe /forceuninstall" and also with the tool MCPR.exe, and reinstall framepkg with no result in order to deploy HIP and VSE later with EPO

      - tried the command line :  "Frminst.exe /install=agent /siteinfo=c:\...\sitelist.xml" with no result

      - desactivated port 443 on new epo server

      - authorized port 443 in firewall

       

      Meanwhile, I don't understand this thing : when I reactivate the agent from the epo server (actions on systems, agent, reactivate agent), I can see in the agent monitor on the PC that he got the request but when I try to collect informations and update startegies it says "the agent could not communicate with the server" sooooo WTF ??!! I thought it was the firewall, but no.

       

      Please help me, fellow McAfee users, I'm going crazy !!

        • 1. Re: Re-install epo server 4.5 but no communication with agents
          JoeBidgood

          I'm guessing that the problem here is that the new server does not have the agent/server keys from the old one. Did you export the keys from the old server and import them into the new one? If not, then the agents will not be able to communicate, as the new server will not recognise their keys.

           

          However, installing the agent from the new server should definitely allow them to communicate, as this replaces the keys with the ones from the new server.

           

          Try this:

          1) Stop the three ePO services on the ePO server

          2) Under the ...\DB\Software\Current\EPOAGENT3000\Install\0409 folder, delete (or rename) the following two files:

          framepkg.exe

          framework.z

          3) Start the services again

           

          After a short time, the two files should be recreatedd. Copy the new framepkg.exe file to a client machine and run it manually with administrator rights. Once completed, wait for ten minutes, and then check the agent log - hopefully the machine should now be communicating.

           

          HTH -

           

          Joe

          • 2. Re: Re-install epo server 4.5 but no communication with agents

            Ok thanks for your answer, I'll try this in a few moments.

             

            I just forgot to say that I have generated another framepkg.exe from the epo console according to this kb : https://kc.mcafee.com/corporate/index?page=content&id=KB51661

            I copied it on the clients with no result.

             

            Am I too rushed for waiting it to be communicating with the server?

             

            EDIT :

             

            Ok I did what you told me. Now waiting for something to come.

            I would like to add something, maybe the cause is here :

             

            The only difference between my eposerver1 and my eposerver2 is the fact that I removed Rogue Agent Sensor from the default strategy on the new server because it was recognised as a viral alert on my customer network... (the architecture is this : I installed one server and 15 clients in our building, but it is linked directly to our customer by a single SDSL line and completely off my company network).

             

            Ce message a été modifié par: tiste on 08/02/13 03:02:51 CST
            • 3. Re: Re-install epo server 4.5 but no communication with agents
              alexn

              Just to add some more clues!

               

              Please check your agent to server and server to agent com ports with netstat or telnet.

              Attach orion.log to dig further more, here we should go for redeployment agents beacuse DB key store havnt old agent keys

              Try this as well, Create deployment task with \forceinstall switch.

               

              And also make sure the following:

               

               

               

               

              ePolicy Orchestrator (ePO) 4.5 is unable to perform "send agent" or "push agent" installations if the Agent-to-server communication port uses any of the ports below:

              • 21
              • 25
              • 70
              • 110
              • 119
              • 143

               

              When a "send agent" or "push agent " installation is attempted from ePO 4.5, the installation fails. Error messages similar to the example below are recorded in the server.log:

              NAIMSRV     Failed to open http request
              NAIMSRV     Push Agent Installation Program to <computer_name> failed, will not retry

              (Where <computer_name> is the name of the computer where the agent installation was sent)

               

              • 4. Re: Re-install epo server 4.5 but no communication with agents

                Hey guys, here's the way I got into troubleshooting myself :

                 

                First of all, I uninstalled ePO server without selecting "Delete SQL Database" because here was the problem : the cause was the link between SQL 2005 and ePO...

                Secondly, I uninstalled all SQL references (SQL Express 2005, SQL Bacward Compatibility etc...)

                 

                Then I proceeded like this :

                Downloaded and installed all SQL 2005 components 64bits (here is the point, I have 2008 R2 64bits) witch configures itself with 32bits compatibility :

                SQL 2005 Express Edition : http://www.microsoft.com/en-us/download/details.aspx?id=21844

                SQL 2005 Express Edition SP3 64bits : http://www.microsoft.com/en-us/download/details.aspx?id=14752

                SQL 2005 Bacward Compatibility : http://www.microsoft.com/en-us/download/details.aspx?id=15748 (take the SQLServer2005_BC_x64.msi)

                You will also need .NET Framework 4 if your server is not up to date... http://www.microsoft.com/en-us/download/details.aspx?id=17718

                I had to choose the Local System account during the creation of the database named EPOSERVER

                 

                After that, I reinstalled my ePO 4.5 SP1, linking it to the database named EPOSERVER with Windows Authentification as before.

                 

                Then, here is the most important point :

                In ePO console, I exported the security keys in order to force them into my clients to make their agents communicate with my server.

                You can do it in Menu -> Configuration -> Server Properties -> Security Keys and Export the master agent-to-server key (you wil obtain a ZIP file named like srEPOSERVER.zip)

                Once you have this file, unzip it into a temp folder named "tempkeys" for instance.

                Copy the file SiteList.xml (C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB) into the temp folder.

                Copy the tempfolder on disk C: on all the clients.

                 

                On the clients, launch a command line invite with administrator rights and then enter those commands :

                cd C:\Program Files (x86)\McAfee\Common Interface\

                Frminst.exe /siteinfo=c:\tempkeys\SiteList.xml

                That will automatically reinstall the McAfee agent with the good keys to communicate with the server.

                 

                I hope it will help others...

                Thx guys for your clues (and thx google for all the hours spent on searching on a way to get rid of it...)