Hi minion, are you using special characters in your username or password?
If you're using credentials from AD (domain\user) then it may fail. You should use the built-in admin user or create a new epo local user.
- what OS you're using?
- Do you try a inplace upgrade (same server) or "upgrade" to a new server (move)
- McAfee ePO services need to be running for the upgrade
- are you sure you've followed the kb? (sorry for that, but I find the kb not so clear what to do...). e.g. if your server is 64 bit - you have to copy the "Remote-Client" folder to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\ , I think. But it also could be that there's some hard coded path - so even on 64bit it has to be "...\program files\..."? Who knows ... just give it a try.
Thanks for your reply see my answers in bold below:
- what OS you're using? server 2008 r2
- Do you try a inplace upgrade (same server) or "upgrade" to a new server (move) restored ovf template from original server on test server
- McAfee ePO services need to be running for the upgrade yep they are running
- are you sure you've followed the kb? (sorry for that, but I find the kb not so clear what to do...). e.g. if your server is 64 bit - you have to copy the "Remote-Client" folder to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\ , I think. But it also could be that there's some hard coded path - so even on 64bit it has to be "...\program files\..."? Who knows ... just give it a try. i have tried copying it to all possible locations
Not sure if this will help but open a command prompt on your ePO server run the command "netstat -an". At the bottom of the list you should see [::]:8005, if not that means that the ePO is not listening on port 8005 which is the port the installer is passing the command to verify the Global Admin credentials. I'm sure there's a way through the config files to open another listener for the ePO on 8005 if you've change it due to security controlls, but I didn't go that route. Instead I used netcat (part of nmap) to open a new listener and forward it to port 8007. To do this follow these steps:
1. Download NMAP (http://www.nmap.org)
2. Install it to the server
3. Open a command prompt as administrator
4. Go to the install directory
5. Run the command ncat --sh-exec "ncat <ip of your ePO (not loop back)> <port used to connect>" -l 8005 --keep-open (http://nmap.org/book/ncat-man-examples.html gives examples)
6. Install the patch
7. Break out of the proxy
8. Remove NMAP from the system
This worked for me after beating my head against the wall.
Update: While the above fix was able to get past the credential issue the patch still failed. Looking into this secondary hurdle.
Update: The failure I'm now receiving occurs when the patch attempts to start the McAfee services. Still no clue why this is happening, but will continue to look.
Update: I get the idiots award for this one. Forgot to disable HIPS on the ePO server. Once HIPS, OAS, and Access Protection were disabled and the port was forwarded both the patch and the HF went without issue. Finally the nightmare is over.
Okay after various checks in install log (EPO450-Install-MSI.LOG, I was able to see a line that looked something like this: SERVERNAME:8443 "<username>" "<password>" https post
I was racking my head against the wall to figure out why this would not work. I continually received the invalid credential error as everyone else that is having this problem. Based on this error, I am assuming it was trying to log onto the server via port 8443. We are using custom ports in our ePolicy configuration. So after configuring non complex passwords for accounts, then ensuring accounts had proper ownership to the db, to no avail, I figured I would try something else. These are the steps I did.
1. Back up server.xml file (c:\prog~\mcafee\epolic~\server\conf)
2. Modify server.xml where it states: "Define a SSL HTTP/1.1 Connector on port 8443" if the "port="####" " is anything different than 8443 then the upgrade will fail. So change the "####" to "8443".
3. Save the file.
4. You can either restart the services or restart the server (I restarted the server)
5. Run your setup.exe file again
6. Enter the credentials of your Global Administrator and it should run through perfectly.
7. After completion change your server.xml file back to the original
8. Restart your server.
This worked for me....
I was having the same issue, and I just got 4.6.7 to install. I took Stylzz suggestion as far as the server.xml file needing to be changed. However, my line item "Define a SSL HTTP/1.1 Connector on port 8443" said that, but my "port='####" said 8005. I noticed while running netstat that there was a connection trying to go to 8007 vice 8005 while trying to install. I changed the 8005 to 8007, and changed my shortcut url and it installed.