8 Replies Latest reply on Aug 28, 2014 2:13 AM by ansarias

    how to proceed with our rollout ??

    harrinm

      We use CM2012 to deploy our Windows 7 OS.  Within our build process we install McAfee 8.8.     We had a 3rd party vendor running our EPO environment and it was just handed off to us internally.   So we now have hundreds of Windows 7 workstations running McAfeee 8.8 but they don't report to anything.    All of the old EPO servers went away and we are now dealing with orphaned clients.  

       

      How do I get existing McAfee 8.8 clients to report into our new EPO console?

      How do we deploy the EPO virus client to existing/new machines?  Should we do this via GPO & a  login script?  What is the best method given our environment?

        • 1. Re: how to proceed with our rollout ??
          Peter M

          Moved to ePO for better support.

           

          Peter

          Moderator

          • 2. Re: how to proceed with our rollout ??
            harrinm

            More on this topic.  I've tried to setup connect to our Domain and the ePO console does not find it.   I want to target only specific OU's with the McAfee client but the ePO console does not auto-detect our domain.  What can cause that?   Where do I look for answers?  Are there logs, etc....  ???

            • 3. Re: how to proceed with our rollout ??
              Peter M

              Someone with product knowledge will hopefully answer you soon.

              • 4. Re: how to proceed with our rollout ??
                andrep1

                Devices report to McAfee ePO with the help of the McAfee (ePO) Agent. McAfee VirusScan 8.8 talks to the McAfee agent, which then talks to ePO.

                If you have administrative credentials on your target machines, you can push the mcafee agent from the epo console. You ePO server should have McAfee agent 4.8 already checked in. Other options are to push with tools like SCCM or do a startup script install.

                Once the devices have the ePO agent, there will be a short random delay then they will start communicating to ePO.

                 

                Be aware that the ePO agent package is compiled for a specific server. The framepkg.exe you push contains the code and necessary PKI and destination to contain your specific ePO server. You devices probably already have and agent trying to talk to an epo server that doesn't exist anymore.

                 

                If you need more help on how to find stuff, please ask. It is often tricky the first time around in ePO. But do have a look at the McAfee Agent 4.8 product guide and the McAfee ePolicy Orchestrator (ePO) 4.6 or 5.x product guide.

                • 5. Re: how to proceed with our rollout ??
                  ansarias

                  Hello

                   

                  Best option to do it with login script to install McAfee agent of new ePO with command /install=agent /forceinstall

                   

                   

                  I'll recommended to use below 2 conditions in script to install McAfee agent.

                  1. Check if below registry key is not having correct ePO address
                    HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
                    String Value (ePOServerList) is not equal to ePO server name.
                  2. Check file size is 0 KB (0 KB indicates that machine is not communicating to ePO console)
                    File path : C:\ProgramData\McAfee\Common Framework
                    LastPropsSentToServer.xml file size equal to 0 KB
                  • 6. Re: how to proceed with our rollout ??
                    harrinm

                    Ansarias, for number ONE  I did not have any ePOServerList key in this location.   I looked at all keys and there is no server name or IP listed.    For number TWO I do not have any filed named LastPropsSentToServer.xml    You mentioned installing via GPO using this command:   /install=agent /forceinstall     what is the full command line?  \\servername\EXEName.exe ???   

                    • 7. Re: how to proceed with our rollout ??
                      harrinm

                      I've been reading on this and I've discovered the following.   From within the ePO web console click on System Tree. Then click the "New System" button.   I do that it I see many options including "target systems" and "browse for domain"  I see my domain and it does list many machines but not all machines.  Where is it getting this list of machines from?   I have No option to point at the OU of my choice.  and that is really want I want to do.  I want to point the ePO console to the OU of my choice and then push out the "new system package" 

                      how is that done?

                      • 8. Re: how to proceed with our rollout ??
                        ansarias

                        Do you ePO server in your environment?

                         

                        I did not have any ePOServerList key in this location.

                        it means machines are not reporting properly to ePO console.

                         

                        You mentioned installing via GPO using this command:   /install=agent /forceinstall     what is the full command line?  \\servername\EXEName.exe ???  

                        Framepkg.exe /install=agent /forceinstall

                        Now you have to define file path in GPO with command line.