1 Reply Latest reply on Jul 15, 2013 10:00 AM by JoeBidgood

    ASCI fails after renaming workstation when "User Based Policy" is assigned to a local account

    konovalovgy

      Server: ePO 4.6.4

      Workstation: Dell Latitude E6230, Windows 7 Enterprise SP1

       

      Installed Products:    

      McAfee Agent 4.6.0.3122,

      Data Loss Prevention 9.2.200.56,

      Endpoint Encryption for Files and Folders 4.1.1.150,

      McAfee ePO Deep Command Detection Plugin 1.0.0.329,

      Product Coverage Reports 4.8.0.887,

      VirusScan Enterprise 8.8.0.975.Wrk

       

      After renaming workstation, agent communication fails. The Agent_<workstation_name>.log contains entries similar to the following:

       

      2013-07-14 16:18:01    i    #2288    Agent    Agent communication session started

      2013-07-14 16:18:01    i    #2288    Agent    Agent is sending INC PROPS package to ePO server

      2013-07-14 16:18:01    i    #2288    Agent    Agent is connecting to ePO server

      2013-07-14 16:18:02    I    #2288    imutils    Trying with site: xxx.xxx.xxx.xxx:800

      2013-07-14 16:18:02    I    #2288    naInet    HTTP Session initialized

      2013-07-14 16:18:02    I    #2288    imsite        Upload from: C:\ProgramData\McAfee\Common Framework\Unpack\pkg00130182778810720000_1107612698.spkg

      2013-07-14 16:18:02    I    #2288    imsite        Upload response target: C:\ProgramData\McAfee\Common Framework\Unpack\pkg00130182778817430000_1286549877.spkg

      2013-07-14 16:18:10    I    #2288    naInet    failed to receive package..server is busy

      2013-07-14 16:18:10    I    #2288    imsite    NaInet library returned code == 12

      2013-07-14 16:18:10    I    #2288    naInet    HTTP Session closed

      2013-07-14 16:18:10    e    #2288    Agent    Agent failed to communicate with ePO Server

      2013-07-14 16:18:10    i    #2288    Agent    Agent communication session closed

      2013-07-14 16:18:10    I    #2288    Agent    Agent communication failed, result=-2400

      2013-07-14 16:18:10    I    #2288    Agent    Exponential retry in 120 seconds, error=-2400(Unable to connect to ePO Server)

      2013-07-14 16:18:10    i    #2288    Agent    Agent will connect to the ePO Server in 2 minutes and 0 seconds.

       

      The corresponding ePO server server.log contains entries similar to following:

       

      20130714161840    X    #04128    EPOLDAP     Connected to LDap session 0x0db3d164

      20130714161840    I    #04128    EPOLDAP     Connected to Server 'xxx.xxx.xxx.xxx' resolved from 'xxx.xxx.xxx.xxx'

      20130714161841    I    #04128    EPOLDAP     Binding user msk-lo\sql4epo to ldap succeeded

      20130714161841    X    #04128    EPOLDAP     LDAP search pages complete, 1 items found for search 'objectClass=*'

      20130714161841    X    #04128    EPOLDAP     LDAP search pages complete, 0 items found for search '(servicePrincipalName=LDAP/*/dhmwjx1)'

      20130714161841    X    #04128    EPOLDAP     Unbinding from LDap session 0x0db3d164

      20130714161841    X    #04128    EPOLDAP     Initialized LDap session 0x0db3d164

      20130714161841    X    #04128    EPOLDAP     Connected to LDap session 0x0db3d164

      20130714161841    I    #04128    EPOLDAP     Connected to Server 'xxx.xxx.xxx.xxx' resolved from 'xxx.xxx.xxx.xxx'

      20130714161841    E    #04128    EPOLDAP     Bind failed, error = Invalid Credentials (49), user DOMAIN\admin_x, server xxx.xxx.xxx.xxx, port 389

      20130714161841    X    #04128    EPOLDAP     Unbinding from LDap session 0x0db3d164

      20130714161841    X    #04128    EPOLDAP     Failed to get LDAP login information for domain {OLD NAME WOKRSTATION} (2).

      20130714161841    E    #04128    NAIMSRV     There was a failure when getting the ldap server.  Failing asci (2)

      20130714161841    E    #04128    NAIMSRV     Failed to generate policy for user {OLD NAME WOKRSTATION}\administrator, error 0x80140066

      20130714161841    X    #04128    NAIMSRV     Rule Based Policies took 4 seconds (4313 ms) to process

      20130714161841    E    #04128    NAIMSRV     Failed to process props response for agent {NEW NAME WOKRSTATION}

      20130714161841    E    #04128    NAIMSRV     Failed to process agent request

      20130714161841    X    #04128    mod_epo     epo request processed, rc=503, session ID=844686, session time=4328ms

       

       

      p.s. Just found -

      User admin_x - disabled in AD

       

      Message was edited by: konovalovgy on 7/14/13 7:45:45 AM CDT

       

       

      Agent_<workstation name>_error.log:

       

      2013-07-15 09:24:11.152    E    #2944    Util    Error trace:

      2013-07-15 09:24:11.152    E    #2944    Cmalib     [Add CMA to Windows Firewall]->

      2013-07-15 09:24:11.152    E    #2944    Util     [CoCreateInstance,{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}]->

      2013-07-15 09:24:11.152    E    #2944    Util      error -2147023143: There are no more endpoints available from the endpoint mapper.

      2013-07-15 09:24:11.152    E    #2944    Util    Error trace:

      2013-07-15 09:24:11.152    E    #2944    Cmalib     [Add CMA to Windows Firewall]->

      2013-07-15 09:24:11.152    E    #2944    Util     [CoCreateInstance,{F7898AF5-CAC4-4632-A2EC-DA06E5111AF2}]->

      2013-07-15 09:24:11.152    E    #2944    Util      error -2147023143: There are no more endpoints available from the endpoint mapper.

      2013-07-15 09:24:56.526    e    #3636    Agent    Agent failed to communicate with ePO Server

      2013-07-15 09:27:11.999    e    #3636    Agent    Agent failed to communicate with ePO Server

      2013-07-15 09:27:17.384    e    #3636    Agent    Agent failed to communicate with ePO Server

      2013-07-15 09:30:24.277    E    #7760    Logging    drop 1 [\\.\mailslot\VSECMA-{B1A5B08C-88BC-4B0F-9F6D-E13899F11816}] file not found

      2013-07-15 09:32:01.654    e    #3636    Agent    Agent failed to communicate with ePO Server

      2013-07-15 09:32:07.067    e    #3636    Agent    Agent failed to communicate with ePO Server

       

      Message was edited by: konovalovgy on 7/15/13 1:06:16 AM CDT