1 2 Previous Next 11 Replies Latest reply on Sep 24, 2013 12:05 PM by davidhey

    Master Repoistory Update not Working

    davidhey

      Hello Everyone

      I have just joined the community and hope I can get some help and hopefully help others once my knowledge starts to build. McAfee e.P.O was installed by a 3rd party contractor and I have more or less now been handed the system to support. The system has been running fine for years without incident but now I am having a devil of a time trying to get my e.P.O to automatically download the daily DAT file. I have searched through Community support forums but not really got anywhere with the issue. I am running e.P.O 4.5 and when I run the Master update I get the error message

       

      "Failed to download file catalog.z from site update.nai.com:80, error code 403"

       

      The pull has been workng ok for years but has stopped last week for no apparent reason I can do a manual pull and it checks into e .P.O OK.

      The error messages are

       

      HTTP Session initialized

      20130909111844 I #5724 naInet   Connecting to HTTP Server using Microsoft WinInet

      20130909111844 I #5724 naInet   Trying to connect to Proxy Server proxy.internet.point:8080 using INTERNET_OPEN_TYPE_PROXY

      20130909111844 I #5724 naInet   Connected to Server: update.nai.com on Port: 80 using WinInet

      20130909111844 I #5724 SIM_InetMgr Started download session 1 for site McAfeeHttp

      20130909111844 I #5724 SiteMgr  MirrorThreadProc: Downloading file catalog.z from McAfeeHttp

      20130909111844 I #5724 SIM_InetMgr Downloading file catalog.z from session 1, LocalDir=C:\WINDOWS\TEMP\nai39.tmp\00000000, RemoteDir=

      20130909111844 I #5724 naInet   Open URL: http://update.nai.com:80/Products/CommonUpdater/catalog.z

      20130909111844 I #5724 naInet   Trying to download using Microsoft WinInet library

      20130909111844 I #5724 naInet   Conneting to Proxy Server proxy.internet.point:8080 using INTERNET_OPEN_TYPE_PROXY

      20130909111844 I #5724 naInet   No resume download needed, calling InternetOpenUrl

      20130909111844 I #5724 NAINET   Resolving name proxy.internet.point to address

      20130909111844 I #5724 NAINET   Name resolved to 10.10.214.33

      20130909111844 E #5724 naInet   HTTP Server returned Error : 403

      20130909111844 I #5724 naInet   Failed to download the URL /Products/CommonUpdater/catalog.z using Wininet

      20130909111844 I #5724 naInet   Trying to download using windows socket library

      20130909111844 I #5724 naInet   Connecting to Real Server: update.nai.com on port: 80

      20130909111844 I #5724 naInet   Connecting to Proxy Server: proxy.internet.point on port: 8080

      20130909111844 I #5724 naInet   Connected to Proxy Server: proxy.internet.point on port: 8080

      20130909111844 I #5724 naInet   Sending HTTP GET Request Header. No Authentication used

      20130909111844 I #5724 SIM_InetMgr Download file catalog.z failed in session 1, nainet ret=403

      20130909111844 e #5724 SiteMgr  MirrorThreadProc: Download file catalog.z from McAfeeHttp failed, hr=-2147467259

      20130909111844 I #5724 SrvEvtInf Generating Event

      20130909111844 I #5724 naInet   HTTP Session closed

       

      I have also tried FTP site as well but this also fails. I need to find out if the connection is being blocked by business firewall or there are issues with the proxy server or if my problem is with e.P.O itself So any faulting tips to try to estblish as line of demarcation wiuld be great. The Mcafee download site is supposed to be on a passthrough on business proxy server I have checked proxy settings in ie explorer and e.P.O both set the same.

       

      Message was edited by: davidhey on 09/09/13 06:22:36 CDT

       

      Message was edited by: davidhey on 09/09/13 06:24:08 CDT
        • 1. Re: Master Repoistory Update not Working
          Tristan

          Your problem is the result of internet connectivity or lack of.

           

          Does http://update.nai.com/Products/CommonUpdater/catalog.z work from a web browser on the ePO server?

           

          Options

           

          1. Check IP, username, password settings for proxy server. menu -> Configuration -> Server Settings -> Proxy Settings

          2. Check DNS to make sure update.nai.com is being resolved correctly

          3. Bypass the proxy server and give your ePO server a direct connection to the internet (firewalled or NATed obvoiusly but not proxied)

          .

          • 2. Re: Master Repoistory Update not Working
            davidhey

            Hi Thanks for quick reply

            I can get access using web browser connection however I have to use my username and password to get past the proxy server,  up until last week e.P.O was able to get through on a special bypass set up on the proxy  server as far as I know nothing has been changed on the network. I cannot check DNS as nslookup does not work on the server I presume this facility is disabled or blocked. If I disable proxy on e.P.O I get the error:

             

            "Failed to download file catalog.z from site update.nai.com:80, error code 11001 ( No such host is known. )"

            I need to prove the problem is not on the server as the usual reply using netwrok support is must be something wrong with the server.  Thanks for advice.

            • 3. Re: Master Repoistory Update not Working
              Laszlo G

              Hi davidhey, did you try to set the proxy credentials under ePO settings and test if it works?

              • 4. Re: Master Repoistory Update not Working
                davidhey

                Hi Laszio

                Yes I have made sure the e.P.O proxy is set exactly the same in epo as internet explorer I get still get

                "Failed to download file catalog.z from site update.nai.com:80, error code 403" every time when I run master repository update.

                if I use internet explorer I can get to update.nai.com and look at  the update directory, I have to put in my user name and password before connection is allowed as would be expected. The e.P.O server application has a passthrough on the proxy  so did not require credentials it was updating automatically without any problems for some time until last week I really have to prove that its not down to my server before I take it to networks and proxy server support. Does anyone have any ideas about how to do this?

                • 5. Re: Master Repoistory Update not Working
                  Laszlo G

                  This is strange because the 403 code is a Forbidden error so your ePO server can reach the page but is not authorized to see it.

                   

                  In fact if you browse yourself with your username and password to http://update.nai.com/products/commonupdater/ you should be able to download the catalog.z file, is that right?

                  • 6. Re: Master Repoistory Update not Working
                    davidhey

                    Yes that is correct I can download the catalog.z using ie explorer which is why I am usure if the problem is to do with server, is there some kind of encryption or secure connection e.P.O uses when it tries to connect through to update.nai.com  the server is set to connect anonymously in the source sites configuration.

                     

                    Message was edited by: davidhey on 09/09/13 14:52:48 CDT
                    • 7. Re: Master Repoistory Update not Working
                      rackroyd

                      A wireshark trace would allow your network team to verify the proxy response, and if the correct credentials were being presented by ePO (for example). You should discuss that with them.

                       

                      You might want to try switching ePO to use Winsock2 instead of WinInet (see support article KB71126, it says for MyAvert but I suspect the change is actually for more than that.).

                      Either way it's a simple and reversible test.

                       

                      Finally, and not necessarily related - please bear in mind ePO 4.5 is end of life Dec 31st 2013.

                      You need to upgrade to 4.6 or later by then to maintain support.

                      1 of 1 people found this helpful
                      • 8. Re: Master Repoistory Update not Working
                        davidhey

                        Hi rackroyd

                        Thanks for the EOL heads up on 4.5. Developing news. I have found that the Master pull is not completely broken, it occasionally works. I have scoured google and forums and tried a number of things, renaming hosts file, opening a command box and using ipconfig /flushdns ipconfig /registerdns very incosistent results the pull would appear to start working but then stops working again.  I think all the things I have done have not influenced the issue it was just coincidence that the pull started to work. So back to the beginning when the server connects successfully I get this in the  epoapsrv.log I am using the test credentials facility in the source site set up. I have changed the address of the proxy server to a false one

                         

                        Created instance of Site Manager

                        20130913080435 I #3136 SiteMgr  SetEPOMode: SiteMgr enter ePO mode, server=CSS-EPO, port=8443, EPOUser=, Password=********

                        20130913080435 I #3136 SiteMgr  DALInit: Connected to DAL successful

                        20130913080435 I #3136 SiteMgr  SetEPOMode: Set ePO mode successful

                        20130913080435 I #3136 naInet   HTTP Session initialized

                        20130913080435 I #3136 naInet   Connecting to HTTP Server using Microsoft WinInet

                        20130913080435 I #3136 naInet   Trying to connect to Proxy Server proxy.internet.point:8080 using INTERNET_OPEN_TYPE_PROXY

                        20130913080435 I #3136 naInet   Connected to Server: update.nai.com on Port: 80 using WinInet

                        20130913080435 I #3136 naInet   Open URL: http://update.nai.com:80//Products/CommonUpdater/Test.ini

                        20130913080435 I #3136 naInet   Trying to download using Microsoft WinInet library

                        20130913080435 I #3136 naInet   Conneting to Proxy Server proxy.internet.point:8080 using INTERNET_OPEN_TYPE_PROXY

                        20130913080435 I #3136 naInet   No resume download needed, calling InternetOpenUrl

                        20130913080435 I #3136 NAINET   Resolving name proxy.internet.point to address

                        20130913080435 I #3136 NAINET   Name resolved to 10.10.214.33

                        20130913080436 I #3136 naInet   HTTP Session closed

                         

                        When it fails to pull I get

                         

                        HTTP Session initialized

                        20130913081815 I #3132 naInet   Connecting to HTTP Server using Microsoft WinInet

                        20130913081815 I #3132 naInet   Trying to connect to Proxy Server proxy.internet.point:8080 using INTERNET_OPEN_TYPE_PROXY

                        20130913081815 I #3132 naInet   Connected to Server: update.nai.com on Port: 80 using WinInet

                        20130913081815 I #3132 naInet   Open URL: http://update.nai.com:80//Products/CommonUpdater/Test.ini

                        20130913081815 I #3132 naInet   Trying to download using Microsoft WinInet library

                        20130913081815 I #3132 naInet   Conneting to Proxy Server proxy.internet.point:8080 using INTERNET_OPEN_TYPE_PROXY

                        20130913081815 I #3132 naInet   No resume download needed, calling InternetOpenUrl

                        20130913081815 I #3132 NAINET   Resolving name proxy.internet.point to address

                        20130913081815 I #3132 NAINET   Name resolved to 10.10.214.33

                        20130913081815 E #3132 naInet   HTTP Server returned Error : 403

                        20130913081815 I #3132 naInet   Failed to download the URL //Products/CommonUpdater/Test.ini using Wininet

                        20130913081815 I #3132 naInet   Trying to download using windows socket library

                        20130913081815 I #3132 naInet   Connecting to Real Server: update.nai.com on port: 80

                        20130913081815 I #3132 naInet   Connecting to Proxy Server: proxy.internet.point on port: 8080

                        20130913081815 I #3132 naInet   Connected to Proxy Server: proxy.internet.point on port: 8080

                        20130913081815 I #3132 naInet   Sending HTTP GET Request Header. No Authentication used

                        20130913081815 I #3132 naInet   HTTP Session closed

                         

                        I have tried to force the server to not use winInet using the KB1126 but this does not appear to work I still get the server trying to use winInet to connect through. It also appears that when the winInet connection fails then it never seems to work using the other connection is this because the site returned error 403 if I set the source site to use credentials what credentials should I use.

                        • 9. Re: Master Repoistory Update not Working
                          rackroyd

                          Personally at this point i'd consider looking at the proxy logs and/or running some wireshark traces between client & proxy to see if the cause of the 403 error can be determined.

                          You need to work out if ePO is always presenting the right credentials (and being rejected by proxy) or not.

                           

                          If ePO always presents the right credentials and is rejected then the issue is something with the proxy, but if ePO sometimes presents the wrong (or no) credentials for reasons unknown you have grounds to open a McAfee support case so the cause can be identified.

                          1 2 Previous Next