6 Replies Latest reply on Sep 15, 2014 3:51 AM by ansarias

    Remote Agent Handler Issues and Ports.txt File

    Scott Sadlocha

      Hello Everyone,

      We have a remote agent handler set up in our DMZ, and recently, it stopped working as an AH. I am trying to troubleshoot the issue and get it working again. At the point it stopped working, a firewall change was occurring, and I immediately thought this might be the issue. However, my firewall admin assured me it isn't, so I am troubleshooting from the perspective that perhaps the install or configuration got messed up because of the lack of connectivity. I can say that computers outside of the network can see the AH, and the AH is communicating to ePO as a client, just not as an AH. I know that the McAfee Agent uses a different port than the AH most likely, but just mentioning it.

       

      I have already done a reboot of the server. I did notice that the two services have interesting behavior. The Event Parser service is not running. When I attempt to start it, it starts and then immediately stops and gives a message indicating that some services are made to run this way or something similar. It seems like the ePO Server process has some issues stopping and starting, taking quite a while. There was a service hang message after the reboot, but it eventually started. I also noticed an error in the Windows Application Logs, but according to McAfee this error is not really an error? https://kc.mcafee.com/corporate/index?page=content&id=KB82260&ePO0814

       

      Lastly, at C:\McAfee, I found a ports.txt file. This file has a ton of entries pertaining to the ports. It has a heading stating "Active Connections", and it has quite a few items that are concerning. Of particular interest are entries related to Java. In the document, there are a great number of entries such as this:

       

      [java.exe]

        TCP    127.0.0.1:PortNumber       ServerName:AdjacentPortNumber  ESTABLISHED     1320

       

      In all cases, the port numbers listed in both are adjacent to each other, and there are dozens and dozens of entries. When I log into the server, I am prompted regarding a java update. While there are other ports and services listed, I find it alarming that there are so many listed for Java.

       

      Has anyone had any experience this issue? Any suggestions would be greatly appreciated. I have looked at logs, but there are so many, and they present so much information, I am not sure what I am looking at. I am verging on attempting a reinstall of the AH package, but figured I would ask here first.