1 of 1 people found this helpful
If you rebuild ePO, it generates new encryption keys. You will need to repush the agents to your end points.
See that's what I figured, but with the jacked up HIPS / FW install on the clients themselves, would they even allow for the new agents to be pushed since I can't agent wake up to them currently?
The agents just continually report unable to communicate to ePO.
Not a firewall expert, so I won't venture an answer. The agent would try to check in every asci interval as per you agent policy. So you might not be able to wake up the devices but they might still try to communicate back to ePO if the same server was still back there listening. Sorry I can't be much more help, maybe someone with more firewall experience will jump in. BUt it doess look like a visit to each device to reinstall the agent manually (you have to generate a FramePkg.exe in ePO to do the manual install) or using the logon script if they still see the domain
Interesting and something I'll take into account. It certianly looks like there is some sort of firewall problem though, because a wakeup agent fails with unable to communicate to the devices.
I'll try and repackage the framework and see if I can locally install. The other strange thing is, all the machines can see the domain itself.
I have a 20.x.x.x network and a 30.x.x.x network.
ePO is on the 30 network and can get to some of the devices. The 20 network though is a completely different story but I can RDP from 20 to 30 and from 30 to 20. So, I'm not 100% sure where my error lies. I do know though that an agent wakeup from ePO does nothing; regardless of network I'm trying to talk too.
Windows FW is on, but it's set to domain mode allow all on inbound and outbound.