3 Replies Latest reply: Apr 9, 2013 7:17 PM by dflores RSS

    Local Agent Handler and Event Parser service doesn’t run, but everything else does

    Tom Malmstroem

      While integrating MVM with the ePO 4.6.5, we apparently managed to crash the Apache server, at least the services will not start do to dependencies and the Apache-logs indicates some problems with extensions.

      We are able to login to the console, the database is running with no errors (confirmed in logs), but no communication for the systems.

      Is there any way to repair the Apache without reinstalling?

      The disaster recovery whitepaper says you should have usable backups, but we don’t on the database.

      We have tried to restore the ePO file system from before the crash, with no luck, so this backup isn’t reliable.

      We could dump the database, and make a backup in the state the ePO is at the moment, but is this enough?

      Anyone have a clue ?

        • 1. Re: Local Agent Handler and Event Parser service doesn’t run, but everything else does
          hem

          It will be helpful if you share the message where do you see Apache crash.

          • 2. Re: Local Agent Handler and Event Parser service doesn’t run, but everything else does
            Tom Malmstroem

            Hi, I am sorry, I had to roll back the backup with a restore from the day before the incident, trying to get the ePO running.

            After this restore, which was to another folder, I then stopped all services and processes, and copied the McAfee folder, from the “another” folder to the original McAfee folder, which resulted in the state I am in today.

            Everything works, even the Agenthandler communication, but no communication to, and from the systems (hosts).

            I have recovered all I could, policys, keys, assignments everything possible to export, logs from Apache, logs from DB and windows.

            I am considering reinstalling, and try to connect to the old Database!

            But it is a shame, when the ePO is almost functioning, and just needs a little push !  

            If anybody is interested, and will give it a shot, I can supply the data.

             

            This is the first event when trying to start the Apache:

             

            Log Name:      System

            Source:        Service Control Manager

            Date:          25-03-2013 18:06:29

            Event ID:      7036

            Task Category: None

            Level:         Information

            Keywords:      Classic

            User:          N/A

            Computer:      srvepo.fmh.local

            Description:

            The McAfee ePolicy Orchestrator 4.6.5 Server service entered the stopped state.

            Event Xml:

            <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

              <System>

                <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

                <EventID Qualifiers="16384">7036</EventID>

                <Version>0</Version>

                <Level>4</Level>

                <Task>0</Task>

                <Opcode>0</Opcode>

                <Keywords>0x8080000000000000</Keywords>

                <TimeCreated SystemTime="2013-03-25T17:06:29.525181800Z" />

                <EventRecordID>31674</EventRecordID>

                <Correlation />

                <Execution ProcessID="496" ThreadID="2568" />

                <Channel>System</Channel>

                <Computer>srvepo.fmh.local</Computer>

                <Security />

              </System>

              <EventData>

                <Data Name="param1">McAfee ePolicy Orchestrator 4.6.5 Server</Data>

                <Data Name="param2">stopped</Data>

                <Binary>4D00430041004600450045004100500041004300480045005300520056002F003100000 0</Binary>

              </EventData>

             

            And the second( of two):

             

            Log Name:      System

            Source:        Service Control Manager

            Date:          25-03-2013 18:06:29

            Event ID:      7024

            Task Category: None

            Level:         Error

            Keywords:      Classic

            User:          N/A

            Computer:      srvepo.fmh.local

            Description:

            The McAfee ePolicy Orchestrator 4.6.5 Server service terminated with service-specific error Incorrect function..

            Event Xml:

            <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

              <System>

                <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

                <EventID Qualifiers="49152">7024</EventID>

                <Version>0</Version>

                <Level>2</Level>

                <Task>0</Task>

                <Opcode>0</Opcode>

                <Keywords>0x8080000000000000</Keywords>

                <TimeCreated SystemTime="2013-03-25T17:06:29.525181800Z" />

                <EventRecordID>31675</EventRecordID>

                <Correlation />

                <Execution ProcessID="496" ThreadID="2568" />

                <Channel>System</Channel>

                <Computer>srvepo.fmh.local</Computer>

                <Security />

              </System>

              <EventData>

                <Data Name="param1">McAfee ePolicy Orchestrator 4.6.5 Server</Data>

                <Data Name="param2">%%1</Data>

              </EventData>

            </Event>

             

            I have attached a dropbox link with aditional data:

             

            https://dl.dropbox.com/u/30824952/ePOlogs.rar

            • 3. Re: Local Agent Handler and Event Parser service doesn’t run, but everything else does
              dflores

              We are experiencing the same issue. Anyone has an idea why this is happening? I'm reverting my server in the meantime back to 4.6.4.