4 Replies Latest reply on Aug 12, 2013 4:21 PM by ottawa_tech_31

    Agent 4.8 P1 + Agent Handler bug

    ottawa_tech_31

      We are on MA 4.6 P3. We want to upgrade to MA 4.8P1

       

      There is KB article http://kc.mcafee.com/corporate/index?page=content&id=KB78582&actp=search&viewloc ale=en_US&searchid=1375899110862 about how when you upgrade to MA 4.8P1, you lose all handler information.

       

      The only workaround is to update the sitelist.xml, by altering the agent handler assignment rules, to generate a new sitelist file.

       

      My question is, how often do you need to update the sitelist?

       

      Do you do it just once? if I am rolloing out MA 4.8P1 over the course of a few days, do I have to do it daily or just at the end of the week?  do I have to keep updating it to cathc machines that we off while people were on vacation?

       

      The 50 machines I am testing with, are all doing to one handler..the wrong one (of course). They pick it by apparently alphabetical order, so DMZ-AH is right at the top of the agent handler naming list...

       

      The KB article says no fix until MA 4.8 P2, with no date, and no hotfix is mentionned either (sure SEEMS worthy of a hotfix)...

       

      Due to this bug, is it best to skip MA 4.8P1?

        • 1. Re: Agent 4.8 P1 + Agent Handler bug
          rackroyd

          One update should do it. Machines that were off at the time would pick up the change on next connection.

          Master sitelist has a version number, if this is later than the one on the client then the client requests the later copy.

          The reason the KB workround says to make a trivial change to repo or AH assignments in the ePO console is really to trigger a greater version number in the master sitelist so the clients all get a refresh on the next connection.

           

          Please note though, you don't actually lose the AH data, you lose the AH priority so most often attempts connection to the first in the sitelist then in listed order regardless of the actually expected priority.

          All AH are still listed, but you may endup connecting to the wrong one until the sitelist priority values are re-established by the sitelist refresh.

          • 2. Re: Agent 4.8 P1 + Agent Handler bug
            ottawa_tech_31

            But what happens when client machines, in a DMZ, are normally behind a firewall and are assigned to a specific agent handler, try to talk to a different one, and fail?

             

            Does the "defective" agent try one handler and then another, or just the first one and then stop?

             

            Can this bug lead to orphaned agents, if they can't talk to a specific handler?

            • 3. Re: Agent 4.8 P1 + Agent Handler bug
              rackroyd

              It'll walk down the list of enabled sites until it either connects or reaches the end of the list.

              If it can't reach any of them, then yes such a machine would lose contact with ePO.

              This is why it's good practice to try and provide some alternative routes where possible rather than rely on just the one connection as a single point of failure.

              • 4. Re: Agent 4.8 P1 + Agent Handler bug
                ottawa_tech_31

                We've decided to sit out this revision of the agent and wait for patch 2.

                 

                It's only on 50 boxes out of 10,000 anyway

                 

                Is it possible to issue a roll-back of the agent so it goes back to 4.6.0.3122?

                 

                Can we install an older version of the agent on top of a new one?