9 Replies Latest reply: Oct 16, 2013 2:39 AM by dmease729 RSS

    VSE hotfix file version inconsistencies and Agent error 2402

    dmease729

      Hi,

       

      I have recently taken over a number of ePO environments, and have noted the following:

       

      We are constantly receiving 2402 client events from all of our managed systems.  Hotfixes 778101 and 805660 are checked in to the master repository. 


      - Checking the registry location ...\McAfee\DesktopProtection on a managed system I can see an entry for Hotfix_805660.  I cannot see an entry for Hotfix 778101
      - Checking the agent log on a managed system, I can see the source of the 2402 client events:
                 "Update failed to version Hotfix 975"
                 "Generating update event:EventID=2402........"

       

      I have come across KB78396, however this relates to P3 and hotfixes that I am not dealing with at present.  "So...", I think, "...if hotfix 805660 updates the same files that hotfix 78396 does, I should just be able to remove 78396 from the repository - tis probably causing the complaints".  This is where confusion comes in... From the hotfix release notes:

       

      - Hotfix 805660 released 29/01/13
      - Hotfix 778101 released 02/11/12
      - Both hotfixes update exactly the same files (huzzah! makes my life easier! ... ...?)
      - Example file versions:
                 - Hotfix 805660 updates adslokuu.dll to version 15.0.0.468
                 - Hotfix 778101 updates adslokuu.dll to version 15.0.0.476
                 - Hotfix 805660 updates mfeapconfig.dll to version 15.0.0.518
                 - Hotfix 778101 updates mfeapconfig.dll to version 15.0.0.537

       

      Muh?  So the hotfix that was released nearly 3 months earlier updates the files to later versions??

       

      Checking the couple of example files on one of the managed systems returns the following versions:
                - adslokuu.dll = 15.0.0.476
                - mfeapconfig.dll = 15.0.0.537

       

      So as I would appear to be running the later version of the dlls given the two hotfixes combined, I am hypothesising that my next step would be to simply remove hotfix 778101 from the master repository and watch this issue disappear. 

       

      QUESTIONS: Could I possibly have thoughts on my hypothesis, and just to ensure my sanity could anybody explain why the later hotfix contains earlier versions of files?


      Many thanks!

        • 1. Re: VSE hotfix file version inconsistencies and Agent error 2402
          wwarren

          The hotfix package 805660 is fairly unique in terms of what we release for hotfixes, not only because it addresses a vulnerability but because of its installer.

          Hotfixes that include our Syscore code "call out" to another installer that's already present in the VSE installation, passing along appropriate command line options. But due to a limitation in that installer's capability, it cannot invoke 2 separate install functions (that we were needing) in a singular install package.

           

          For this reason, you need 805660 if you ever used the 14.4 version of our Syscore files (explained in SB10034), to adopt the code fix that is built into and invoked by its installer.

          And you still need 778101 to install the newer Syscore files that address stability issues (and as it happens, a different vulnerability too).

          Support should be directing customers to use both as a precaution, but customers may eliminate 805660 if they know they never used 14.4 Syscore//VScore code.

           

          The odd event you're getting from the Agent isn't something I've heard be tied to these hotfixes. If confirmed, that would be of interest so I can inform my team to avoid causing that in future.

          • 2. Re: VSE hotfix file version inconsistencies and Agent error 2402
            dmease729

            Cheers Wwarren,

             

            Sorry - when you say explained in SB10034, I cannot find any reference to v14.4 or Syscore specifically, so I am assuming that earlier versions that when I see 'This vulnerability exists in the following products:', this can also be read as 'The following versions contained the 14.4 syscore code'.   Further to this, from your wording I believe that hotfix 805660 was only required if either version 14.4 code was being used or even if it *has* been used, but is no longer being used?

             

            So for *fresh* installs of VSE8.8P2, hotfix 805660 is never going to be required?
            Could I also ask - given the wording above, does this mean that hotfix 805660 applies a code fix that is not documented in the hotfix release notes?

            Given the timing of the releases - if I had applied the hotfixes as they came out (release times above), why does the later hotfix have earlier versions of all of the files?

             

            My current problem is is that the current file versions that I have stated above seem to imply that hotfix 778101 has been applied, but the registry entry to state this is not present.  The registry entry for hotfix 805660 is, however there, which leads me to believe that the errors in the agent log correspond to hotfix 778101.  Have you any ideas of what could have happened here as from the file versions and the 805660 registry entry, it would appear that both hotfixes have been applied.  What would be the worst case scenario if I remove the hotfixes from the master repository (with the exception of new hosts not receiving them - I will deal with later).

             

            cheers,

            • 3. Re: VSE hotfix file version inconsistencies and Agent error 2402
              dmease729

              if it helps, the following is also seen in the agent logs:

              "Product(s) already running the latest hotfix 805660".  So if this is the only hotfix that had run, we would be on version 15.0.0.468 of the 'first lot' of files listed in the release notes.  As the versions on the managed systems are actually 15.0.0.476 this would imply that hotfix 778101 has been applied, so I am not sure where the hotfix failure messages are coming from, and also why hotfix isnt shown in the registry.  Is only the latest hotfix shown in the registry?  Are the file version numbers in the release notes definitely correct?

              • 4. Re: VSE hotfix file version inconsistencies and Agent error 2402
                wwarren

                First paragraph - Yes. Your understanding is clear.

                Second paragraph - Correct, fresh installs don't need it - but we tell you to run it anway because you can't distinguish a fresh install from an upgrade very easily.

                The wording of the hotfix is accurate.

                The timing of the releases is irrelevant. If 778101 is installed first you still need to run 805660 because the fix is run by its installer, the file versions don't matter. This need is due to the limitation I mentioned earlier; 778101 could not both install its updated drivers and close the vulnerability solved by 805660.

                 

                What you've described is an installation of 778101 that did not complete for some reason, i.e. it didn't write the Hotfix_778101 registry value. Odd that all the files would get replaced and it not manage to write the registry value. You could try working with Support to see if that can be figured out.

                • 5. Re: VSE hotfix file version inconsistencies and Agent error 2402
                  dmease729

                  Hi Wwarren,

                   

                  Your responses are seriously appreciated, but I think I need to hold my hands up and say this is not truly mapping in my head.  Moving forward I am going to:

                  - investigate the 778101 install issue with support

                  - just accept the above :-)

                   

                  Just one last little question (sorry...) - if a hotfix could not close a vulnerability and update drivers, then I am not understanding why drivers are listed in hotfix 805660 when it is definitely doing the former.  And I definitely dont understand why the timings are inaccurate - if 805660 was a unique installer and could do both then I dont see why it didnt include the latest driver versions.  MIND = BLOWN.

                  • 6. Re: VSE hotfix file version inconsistencies and Agent error 2402
                    wwarren

                    Mind=Blown, indeed . Your line of questioning is encroaching on the complexities of what our QA team have to deal with internally. We like to keep the curtain closed so you don't see the wizard and your brain melt instantly, but to the inquisitive and observant mind it's difficult to do! Thankfully we have this "That's proprietary info" card we can play when we really need to. Haha.

                    It was the event 2402 that sent you on this path, so that was of interest to me to identify cause and squish - and it may be tied to that 778101 not completing the install completely... that certainly wasn't meant to happen.

                    • 7. Re: VSE hotfix file version inconsistencies and Agent error 2402
                      dmease729

                      No problem - I appreciate that there are times when that card needs to be played, thanks for your feedback on this!

                      • 8. Re: VSE hotfix file version inconsistencies and Agent error 2402
                        cakeboss

                        Did you ever find out what was causing the 2402 error?  I'm seeing the same thing on many systems while attempting to apply patch 2 and the two hotfixes.

                        • 9. Re: VSE hotfix file version inconsistencies and Agent error 2402
                          dmease729

                          Hi,

                           

                          Never got to the bottom of it - the issue was on a project that I am no longer on.  I *did* test the deployment of the hotfixes in my lab, and tested deployments with the hotfixes applied in different orders and all tests worked fine with no issues (my 'raw' log notes below).  Note that this was a quick test as I didnt have access to a server build at the time (my key was used on a server in another lab environment!), so I cannot confirm at present if the issue only presents on > Win7/Win2k8 systems.  Unfortunately my work load at present is rather substantial, so the priority of this has lowered.

                           

                          ==============RAW NOTES=============

                          XPPro SP3
                          Installed VSE8.8P2

                           

                          Registry key check (HKLM\Software\McAfee\DesktopProtection) = no entry for any hotfix
                          File version check:
                          adslokuu.dll: 15.0.0.466
                          mfeapconfig.dll: 15.0.0.515

                           

                          Hotfix 778101 checked into ePO, and client update task run.  Hotfix update successful.

                           

                          Agent log shows: "update succeeded to version hotfix 778101"

                           

                          New value 'Hotfix_778101' shown in registry.

                           

                          File version check:
                          adslokuu.dll: 15.0.0.476
                          mfeapconfig.dll: 15.0.0.537

                           

                          Rerun hotfix update again (may seem wierd, but just to confirm...):

                           

                          Agent log shows: "product(s) running the latest hotfix 778101"

                           

                          Hotfix 805660 checked into ePO, and client update task run. 

                           

                          Agent log shows: "product(s) running the latest hotfix 778101" (aesthetically displeasing, as it is most certainly not running the latest hotfix, rather 778101 is the latest hotfix it is running), "Starting hotfix update", "update succeeded to version hotfix 805660"

                           

                          New value 'Hotfix_805660' shown in registry
                          Existing value 'Hotfix_778101' still present in registry.

                           

                          File version check:
                          adslokuu.dll: 15.0.0.476
                          mfeapconfig.dll: 15.0.0.537

                           

                          =====reverted back to original state (pre hotfix deployment on both ePO and managed endpoint to avoid sequencing errors in next test)=====

                           

                          Confirmed hotfix registry values removed, and file versions were older versions

                           

                          Hotfix 805660 checked into ePO, and client update task run.  Hotfix update successful.

                           

                          Agent log shows: "update succeeded to version hotfix 805660"

                           

                          New value 'Hotfix_805660' shown in registry

                           

                          File version check:
                          adslokuu.dll: 15.0.0.468
                          mfeapconfig.dll: 15.0.0.518

                           

                          Hotfix 778101 checked into ePO, and client update task run.

                           

                          Agent log shows: "product(s) running the latest hotfix 805660", "Starting hotfix update", "update succeeded to version hotfix 778101"

                           

                          New value 'Hotfix_778101' shown in registry

                           

                          File version check:
                          adslokuu.dll: 15.0.0.476
                          mfeapconfig.dll: 15.0.0.537

                           

                          ==============RAW NOTES=============