6 Replies Latest reply on Apr 30, 2014 4:05 AM by Laszlo G

    Help with fixing non-compliant systems

    uhaba

      Looking for guidance dealing with systems falling out of compliance. Mainly I'm finding they are running 4.6 agents which I would like to upgrade to the latest 4.8 I have uploaded to ePO. When I try running a client task to update the agent, they always fail. How do I get them to successfully update?

       

      Also, I'm presuming that when I update the agents to the later versions they will then go out and pull the latest engines and dats? All 4.6 agenst look to be running 5400 engines with a 74XX DAT version.

       

      Running on ePO 4.6.6.

       

      I'm new to this so I appreciate any guidance you can provide.

       

      TIA

        • 1. Re: Help with fixing non-compliant systems
          Laszlo G

          McAfee Agent 4.8 is not a requirement to upgrade to 5600 engine so there might be some other issue like you didn't set an update task selecting the engine check bax along with DAT and BOF DAT.

           

          As for the agent upgrade how are you trying to upgrade from 4.6 to 4.8, with a deployment task or maybe a Run Client Task Now...?

          • 2. Re: Help with fixing non-compliant systems
            uhaba

            Yes, I have a set of agents that need to basically be brought up to the latest agent and/or engine as well. I noticed most of the target systems have the following errors in the deloyment log:

             

            • Failed to authenticate with remote system, system error: The network path was not found. 
            • Failed to authenticate with remote system, system error: Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path 

             

            After reading some other posts, I believe this may be caused by an endpoint misconfiguration where it's missing the admin$ share for example. What do you think?

            • 3. Re: Help with fixing non-compliant systems
              djjava9

              how are these agents accessing the repositores?  are you using UNC repositories?  if so that may be your problem.  Make sure you are using superagent repos which are less likely to fail when your clients are downloading content. 

              https://kb.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 24000/PD24875/en_US/ePO_500_best_practices_en-us.pdf  page 76

              • 4. Re: Help with fixing non-compliant systems
                uhaba

                Yes, that is correct. We are using UNC. Do I need to have a dedicated host at each branch? Some locations are only mobile workstations that may not be always available. 4.5k endpoints across 8 locations in lower 48 states. Connectivity speeds varies depending on location.

                • 5. Re: Help with fixing non-compliant systems
                  akill

                  Try to change all those UNC repositories to SuperAgents better and use that superagents as repositories....that is the best option they way that this works improve so much the update flow and network performance

                  • 6. Re: Help with fixing non-compliant systems
                    Laszlo G

                     

                    • Failed to authenticate with remote system, system error: The network path was not found. 
                    • Failed to authenticate with remote system, system error: Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path

                    This makes me think that you are using the Deploy Agents option instead of using a regular client task.

                     

                    The Deploy Agents option  tries to push McAfee Agent to computers as if they weren't managed so it does it through admin$ share and remote registry.

                     

                    But if your computers are already managed by ePO then you have to set a regular deployment task soit will be mcafee agent (on target computers) that will pull new mcafee agent version from repository and install it instead of pushing it fromepo through the admin share