1 of 1 people found this helpful
Are you using remote agent handlers, and which agent version are you using on this machine?
What appears to be happening is that there is a user-based policy assigned to this machine, but the LDAP server for the domain is not reachable, meaning the UBP cannot be determined. The relevant chunk of the server log is:
20131016101030 I #08344 NAIMSERV Calculating policies for user eschq\usgsupport
20131016101030 E #08344 NAIMSERV UserRuleAssignments.cpp(1365): Failed to connect to the LDAP server 2
20131016101030 E #08344 NAIMSERV UserRuleAssignments.cpp(1407): There was an error looking up 'belongs to' based OU data.
20131016101030 E #08344 NAIMSERV UserRuleAssignments.cpp(1165): Failed to get the object IDs from the policy rules. Some of the rules appear to be invalid.
20131016101030 E #08344 NAIMSERV UserRuleAssignments.cpp(733): Failed to look up and cache distinguished names.
20131016101030 E #08344 NAIMSERV UserRuleAssignments.cpp(990): Failed to get the GUID to DN map object. This is needed to evaluate the User Based Policy rules.
20131016101030 E #08344 NAIMSERV policy.cpp(988): Failed to generate policy for user eschq\usgsupport, error 0x80004005
check that the registered LDAP server for this domain (eschq) is available - from the server log it looks like this is affecting more than just this one machine.
Been working with McAfee support the past few days, looks like a "minor" bug in 5.0.1 and my organization being ripe for having that big bite us is the problem - you were on the right path, though. It stems from multiple LDAP servers not being supported correctly in 5.0.1 and the ePO server having 3 LDAP servers before the upgrade this past weekend.
It's been escallated.
Ah, OK - sounds good.
Do you have an SR number for the case? I'd like to keep an eye on it for my own information...
Turns out it was the number of LDAP servers we had before the upgrade. Level 2 tech remoted in, edited some SQL tables related to the LDAP servers directly and any users associated with servers that were removed and things started processing again.