1 2 Previous Next 14 Replies Latest reply: May 13, 2014 4:21 PM by uhaba RSS

    setup cannot connect to epo server although global admin details used

    minion

      Hi there,

       

      When trying to upgrade EPO 4.6.6 to EPO 4.6.7. I get message "Setup cannot connect to the EPO server with the credentials you provided". I can login to the EPO with these details and the account is global admin account. I also followed KB77892 (https://kc.mcafee.com/corporate/index?page=content&id=KB77892&impressions=false& act=RATE&actp=search&viewlocale=en_US&newguid=73a41053bfaf42cfbc1e8dc8f90ecaf1) and it does not resolve the problem. Any suggestions?

       

      Message was edited by: minion on 3/10/14 9:43:58 AM CDT
        • 1. Re: setup cannot connect to epo server although global admin details used
          Laszlo G

          Hi minion, are you using special characters in your username or password?

           

          If you're using credentials from AD (domain\user) then it may fail. You should use the built-in admin user or create a new epo local user.

          • 2. Re: setup cannot connect to epo server although global admin details used
            minion

            Hi Lazlo.

             

            No special characters and using new global admin (epo authenication) user I created. I tried investigating the install log but can't see much from that why it fails.

            • 3. Re: setup cannot connect to epo server although global admin details used
              meforum

              hi minion,

               

              - what OS you're using?

              - Do you try a inplace upgrade (same server) or "upgrade" to a new server (move)

              - McAfee ePO services need to be running for the upgrade

              - are you sure you've followed the kb? (sorry for that, but I find the kb not so clear what to do...). e.g. if your server is 64 bit - you have to copy the "Remote-Client" folder to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\ , I think. But it also could be that there's some hard coded path - so even on 64bit it has to be "...\program files\..."? Who knows ... just give it a try.

              • 4. Re: setup cannot connect to epo server although global admin details used
                minion

                Hi meforum,

                 

                Thanks for your reply see my answers in bold below:

                 

                - what OS you're using? server 2008 r2

                - Do you try a inplace upgrade (same server) or "upgrade" to a new server (move) restored ovf template from original server on test server

                - McAfee ePO services need to be running for the upgrade yep they are running

                - are you sure you've followed the kb? (sorry for that, but I find the kb not so clear what to do...). e.g. if your server is 64 bit - you have to copy the "Remote-Client" folder to C:\Program Files (x86)\McAfee\ePolicy Orchestrator\ , I think. But it also could be that there's some hard coded path - so even on 64bit it has to be "...\program files\..."? Who knows ... just give it a try. i have tried copying it to all possible locations

                • 5. Re: setup cannot connect to epo server although global admin details used
                  allyb585

                  Minion,

                   

                  I am having the same problem when trying to upgrade to 4.6.7. Have you figured anything out? I've checked permissions, created a new global admin, and I was just able to upgrade to 4.6.6 with the same credentials just a month ago.

                  • 6. Re: setup cannot connect to epo server although global admin details used
                    minion

                    Nope not yet, call logged with McAfee. Will post feedback here as soon as they get back to me.

                     

                    Message was edited by: minion on 3/17/14 1:37:17 AM CDT

                     

                    Message was edited by: minion on 3/17/14 2:17:38 AM CDT
                    • 7. Re: setup cannot connect to epo server although global admin details used
                      ravencross

                      Not sure if this will help but open a command prompt on your ePO server run the command "netstat -an". At the bottom of the list you should see [::]:8005, if not that means that the ePO is not listening on port 8005 which is the port the installer is passing the command to verify the Global Admin credentials. I'm sure there's a way through the config files to open another listener for the ePO on 8005 if you've change it due to security controlls, but I didn't go that route. Instead I used netcat (part of nmap) to open a new listener and forward it to port 8007. To do this follow these steps:

                       

                      1. Download NMAP (http://www.nmap.org)

                      2. Install it to the server

                      3. Open a command prompt as administrator

                      4. Go to the install directory

                      5. Run the command ncat --sh-exec "ncat <ip of your ePO (not loop back)> <port used to connect>" -l 8005 --keep-open (http://nmap.org/book/ncat-man-examples.html gives examples)

                      6. Install the patch

                      7. Break out of the proxy

                      8. Remove NMAP from the system

                       

                      This worked for me after beating my head against the wall.

                       

                       

                       

                      Update: While the above fix was able to get past the credential issue the patch still failed. Looking into this secondary hurdle.

                       

                      Update: The failure I'm now receiving occurs when the patch attempts to start the McAfee services. Still no clue why this is happening, but will continue to look.

                       

                      Update: I get the idiots award for this one. Forgot to disable HIPS on the ePO server. Once HIPS, OAS, and Access Protection were disabled and the port was forwarded both the patch and the HF went without issue. Finally the nightmare is over.

                       

                      Message was edited by: ravencross on 3/18/14 7:26:02 AM CDT
                      • 8. Re: setup cannot connect to epo server although global admin details used
                        Will E. Stylzz

                        Okay after various checks in install log (EPO450-Install-MSI.LOG, I was able to see a line that looked something like this: SERVERNAME:8443 "<username>" "<password>" https post

                        I was racking my head against the wall to figure out why this would not work. I continually received the invalid credential error as everyone else that is having this problem. Based on this error, I am assuming it was trying to log onto the server via port 8443. We are using custom ports in our ePolicy configuration. So after configuring non complex passwords for accounts, then ensuring accounts had proper ownership to the db, to no avail, I figured I would try something else. These are the steps I did.

                         

                        1. Back up server.xml file (c:\prog~\mcafee\epolic~\server\conf)

                        2. Modify server.xml where it states: "Define a SSL HTTP/1.1 Connector on port 8443" if the "port="####" " is anything different than 8443 then the upgrade will fail. So change the "####" to "8443".

                        3. Save the file.

                        4. You can either restart the services or restart the server (I restarted the server)

                        5. Run your setup.exe file again

                        6. Enter the credentials of your Global Administrator and it should run through perfectly. 
                        7. After completion change your server.xml file back to the original

                        8. Restart your server.

                         

                        This worked for me....

                         

                        -- Will

                        • 9. Re: setup cannot connect to epo server although global admin details used
                          allyb585

                          I was having the same issue, and I just got 4.6.7 to install. I took Stylzz suggestion as far as the server.xml file needing to be changed. However, my line item "Define a SSL HTTP/1.1 Connector on port 8443" said that, but my "port='####" said 8005. I noticed while running netstat that there was a connection trying to go to 8007 vice 8005 while trying to install. I changed the 8005 to 8007, and changed my shortcut url and it installed.

                          1 2 Previous Next