0 Replies Latest reply on May 13, 2014 3:44 AM by balloo73

    Can´t log on ePO 4.6 console due to certificate error

    balloo73

      I´m having a big issue suddenly..  Last week we checked in and deployed the VSE. 8.8 patch 4, VSE 8.8 with patch 4 included and McAfee Agent 4.8.1500. We checked in the packages and the extentions. After that all worked just as it used to.

       

      But suddelny since four days ago we can´t reach the ePO web console. I don´t think this has anything to do with the new versions mentioned above or the extensions. I suspect it is the SSL Server Certificate... We get different behaviour depending on witch Internet Explorer version we use.. 

       

      IE8 = Internet Explorer cannot display the webbpage

      IE10 and IE11 = First we get the certificate error with the option to continue anyway (this is how it has looked in all IE versions before), but now when we klick to continue we just get a webpage that says: "We recommend that you close this website and do not continue to this website"  And there is no way to continue...

       

       

      This is how it looks in IE10 and 11:

       

       

      First we get this:

      McAfeeCertErrorIE11_01.JPG

       

      And after klicking "Continue..", we get this:

      McAfeeCertErrorIE11_02.JPG

       

       

      Since we can´t reach the console to log on the ePO-server we can´t look at the setup for the server certificate and we can´t choose a new one...  Is there a way to change the server certificate with a command line tool? And is there a way to say without doubt that our problem is due to the server cert?

       

      I have attached the orion log after restarting the ePO Applikation Server Service.

       

      I tried Solution 3 on the following link https://kc.mcafee.com/corporate/index?page=content&id=KB81674But that did not work..

      (it says in step 2 that; "Attempt to log on to the ePO console. If your console logon fails, resolve that before proceeding. NOTE:  You must be able to log on for the rest of the steps to work.)


       

       

      I can´t log on to the ePO-console due to the certificate error . I don´t even get the logon page.


       

       

      I did try the Solution 3 anyway and here´s what the log "ahsetup.log" says:

      (I have deleted the new ssl.cert-folder again and renamed the folder "ssl.cert.old" back to "ssl.cert" and started the server-service and the event patser-service again)


       

       

      20140512114607    I    #02496    AHSETUP      Creating Agent Handler Certs.

      20140512114607    I    #02496    AHSETUP      Checking to see if the ePO server is available.  We will try 5 times.

      20140512114607    X    #02496    MCUPLOAD    Data sent to PostRemoteCommand. nPort 8443, nClientAuthPort 8443, commandName epo.command.isAdmin

      20140512114607    X    #02496    MCUPLOAD    Running remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114607    X    #02496    MCUPLOAD    Attempting run remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114607    X    #02496    MCUPLOAD    Successfully disabled CA trust options.

      20140512114608    E    #02496    MCUPLOAD    Failed to send http request to server E50AP100 for command name epo.command.isAdmin on port 8443. (error=12175)

      20140512114608    E    #02496    MCUPLOAD    Failed to process the secure communication request (error=12175)

      20140512114618    X    #02496    MCUPLOAD    Data sent to PostRemoteCommand. nPort 8443, nClientAuthPort 8443, commandName epo.command.isAdmin

      20140512114618    X    #02496    MCUPLOAD    Running remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114618    X    #02496    MCUPLOAD    Attempting run remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114618    X    #02496    MCUPLOAD    Successfully disabled CA trust options.

      20140512114618    E    #02496    MCUPLOAD    Failed to send http request to server E50AP100 for command name epo.command.isAdmin on port 8443. (error=12175)

      20140512114618    E    #02496    MCUPLOAD    Failed to process the secure communication request (error=12175)

      20140512114628    X    #02496    MCUPLOAD    Data sent to PostRemoteCommand. nPort 8443, nClientAuthPort 8443, commandName epo.command.isAdmin

      20140512114628    X    #02496    MCUPLOAD    Running remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114628    X    #02496    MCUPLOAD    Attempting run remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114628    X    #02496    MCUPLOAD    Successfully disabled CA trust options.

      20140512114628    E    #02496    MCUPLOAD    Failed to send http request to server E50AP100 for command name epo.command.isAdmin on port 8443. (error=12175)

      20140512114628    E    #02496    MCUPLOAD    Failed to process the secure communication request (error=12175)

      20140512114638    X    #02496    MCUPLOAD    Data sent to PostRemoteCommand. nPort 8443, nClientAuthPort 8443, commandName epo.command.isAdmin

      20140512114638    X    #02496    MCUPLOAD    Running remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114638    X    #02496    MCUPLOAD    Attempting run remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114638    X    #02496    MCUPLOAD    Successfully disabled CA trust options.

      20140512114638    E    #02496    MCUPLOAD    Failed to send http request to server E50AP100 for command name epo.command.isAdmin on port 8443. (error=12175)

      20140512114638    E    #02496    MCUPLOAD    Failed to process the secure communication request (error=12175)

      20140512114648    X    #02496    MCUPLOAD    Data sent to PostRemoteCommand. nPort 8443, nClientAuthPort 8443, commandName epo.command.isAdmin

      20140512114648    X    #02496    MCUPLOAD    Running remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114648    X    #02496    MCUPLOAD    Attempting run remote command epo.command.isAdmin on server E50AP100 on port 8443 with clientAuth set to false.

      20140512114648    X    #02496    MCUPLOAD    Successfully disabled CA trust options.

      20140512114648    E    #02496    MCUPLOAD    Failed to send http request to server E50AP100 for command name epo.command.isAdmin on port 8443. (error=12175)

      20140512114648    E    #02496    MCUPLOAD    Failed to process the secure communication request (error=12175)

      20140512114658    W    #02496    AHSETUP      The Agent Handler failed to connect to the ePO server.

      20140512114658    E    #02496    AHSETUP      Failed to connect to the ePO server 'E50AP100:8443'

       

      Really need help with this


       

       

       

       

      Best Regards

       

       

      //Björn

       

      Message was edited by: balloo73 on 5/13/14 3:44:54 AM CDT