This content has been marked as final. Show 9 replies
Try this which is used when you have a server with mutiple NICS and IPs:
[LEFT]When you install ePolicy Orchestrator on a server with multiple network interface cards (NICs),
ensure that ePolicy Orchestrator is bound to the appropriate NIC.[/LEFT]
[LEFT]1 Open the SEVER.INI file. The default location is:
[LEFT]2 Add the following line at the end of the [server] section of the file:
where XXX.XXX.XXX.XXX is the IP address of the NIC to which you want ePolicy Orchestrator
[LEFT]3 Save and close the SERVER.INI file.[/LEFT]
[LEFT]4 Restart all of the ePolicy Orchestrator services.[/LEFT]
[LEFT]NOTE: The server IP address is used by the master repository and for agent-server
communication. If this address is not provided, the IP address of the first NIC in the binding[/LEFT]
order is used.
I put in the Server IP and re created the framepkg.exe but it still tries the old IP first before going to the current one.
I also noticed that on all my servers (2000 and 2003) they are not accepting Patch 3 for 8.5i. My workstation are taking them with no problem.
what version of the agent is installed ? ( from your description, it sounds like the default one that comes with ePO )
the agent stores the connection information for the ePO Server in 2 places : the SiteList.xml within the all users\app data\mcafee or Network Associates\common framework\ folder,
from this source copy, the SiteMapList.xml is made ( it is rebuilt when the timestamp of the SiteList exceeds that of the SiteMapList.
the config is also stored in the registry too, in HKLM\Software\net assoc\ePOlicy Orchestrator\Agent\SPIPEFailover ( the data is stored in HEX but in the viewer you can get an idea of what it says)
but i dont think this key is your problem
when the ePO Svcs start up, they check the IP address the ePO Server is set to use, whether it be automatically chosen, or manually entered using the ServerIP line in server.ini.
if it has changed, this causes the SiteList.xml to be regenerated on the server \ePO\3.x.x\DB\, with a newer timestamp created. when clients check in, they check the timestamp, and if the servers timestamp is newer than theirs, then the agents download the servers sitelist ( which in your case should have the new fixed IP for the ePO Server,
hopefully this gives you a few places to check
things get stranger and stranger.
First, When I look at those two xml files it has my new epo server listed as the master. but it also has a reference to my exisitng (original epo server that i am replacing) epo server.
Second when i look at the reg setting you listed, its all in hex like you said, but i can see some words to the right frame and it lists my epo server that i am replacing even though i am on the new one.
third, the client thats on the new epo server is going to the old epo server for updates. i just checked mine and its going to the new one but i will check the others.
My original problem was immediately after deploying the framepkg.exe file the agent tries to contact the new epo server using an old ip address (i forgot to give it a static and it had a dhcp assigned ip for a couple days before giving it a static). after about a minute or two (im guessing the timeout period) is tries the existing static ip and starts downloading the virusscan 8.5.
But now im concerned that the new epo is listing the old epo in some of its files. ive never told either one about the other. do they just go out peridically and scan for other epo servers?
EDIT: In the all users, app data, mcafee, serversitelist.xml its listing my old (but still running) epo server server. but like i said ive never added any reference to the old one on the new one, or vice versa. so far this is on 2 computers that were previously going to my new epo for updates. so far ive only updates about 10 machines out at 250.
woah, ok i am struggling to follow which ePO Server is being referred to, so you have your "established" ePO Server that contains your estate, but you also have your new ePO 4.0 svr, and this had a dynamic addr, but now has a fixed addr.
the agents that you think should be pointing to the new 4.0 svr - are they still present in the old, established ePO svrs directory ?
it sounds like either the old agent has either been intentionally or accidentally run over the top of the ePO 4.0 agents, causing them to be "repointed" back at the old svr - is this perhaps the case ( if i understand it correctly ?
if this is the case, then just running the 4.0 agent over the top should be enough to repoint them back to the 4.0 svr. none of the binaries will be replaced, but the sitelist will, ( i think) and therefore point it in the right place.
dont be too concerned by the fallback reg key, it is written when epo successfully connects to an ePO Server, and is stored as a "last known good config" - it shouldnt trouble you in this circumstance
failing that, you can uninstall the agents completely using the frminst.exe /forceuninstall command ( from the agent install dir ) then reinstall the agent. but make sure that each computer features in only one of your ePO Servers, not both, so there is no danger of conflicting mgmt.
hope this makes sense, and that i understand correctly !
Thank you. Yes, it does make sense what you are saying and you are correct about my servers.
What i have been doing is uninstalling my current VirusScan 8.0 from the machine from Add/Remove programs then going to cd\program files\network associates\common framework, then doing a frminst /forceuninstall. i then delete the network associates directory, reboot and then run the new framepkg.exe for the new epo 4.0 server. it then downloads and installs virusscan 8.5 and Patch3. However it still tries the old 0.204 ip (this was the ip the server got from dhcp before i changed it) first. after about a minute it then tries the current 0.111 ip, connects and does its thing.
the strange part is the three machines that started going to my old (3.6) epo server were fresh installs. they never had the old 8.0 virusscan or 3.5 agent on them.
today is the day im going to hit all my floors and start updating everyone to the new 4.0 server. I was thinking of stopping the services on the old epo server so that it didnt send any wake up calls or anything but im not sure if i will mess anyting else up.
EDIT: I was re reading your last post boohbah and was wondering, as i start updating the computers should i delete the computers names from the ePO 3.6 directory?
right, ok, i am glad i am clear on whats happenning. - you know, it sounds like the ePO agent FramePkg.exe actually contains the original DHCP assigned address to me....
you can inspect this by opening the following file in winzip ( the .exe is a self extracting sfx archive)
inside is the sitelist.xml - this is the initial starting list used by the agent to "fone home" what is the IP in here for the master site, the old DHCP one or the new fixed IP addr ?
you can force repackaging of this install pkg by deleting it and the framework.z file, and restarting ePO
it sounds like the reason the agents are finding ePO, is because after 6 conection retries of the IP ( which is wrong) the agent will do a DNS lookup of the FQDN which is also in the sitelist from this it finds the ePO Servers true IP addr
when the ePO server svcs start up it should check the IP held by the ePO svr, and update the ServerSiteList.xml on the ePOServer - from this the other sitelists are made,
now, rereading your previous post, i dont know why your old IP is in your new ePO Server - you are effectively poisoning the new agents, subverting them back to your old ePO Server.
agents will download a new sitelist from the ePO Server upon agent connection, if the ePO Server has a sitelist with a higher versioned timestamp than the one the agent already has - the timestamp is stored in the top tags of the sitelist.xml
so when the services start up, if the IP has changed, a new sitelist should be written, with a timestamp of "now" , which the agents will happily download when they check in,
im sure this would make alot more sense if i saw your server :o(
hope this helps give a guide of how it works, and where to look ( maybe)
i really ought to write this up in some kind of easy to follow form i guess....
the deletion of the framepkg.exe and framework.z package helped with the IP issue. it did have the old dhcp assigned IP.
I was only able to do one floor today but should be able to hit the rest tomorrow. still watching to see if any of the computers i just loaded the new 3.6 agent and 8.5 virusscan start going to the old epo server.
EDIT: I think i know why some of the new installs starting going to the old server. I have the agent wake up ports the same on both the new and old server 8081. Im afraid if i change it on the old server it will send out a call and change it on the new ones as well. if i do the old it was send it to the old installs.
its good that you have found the source of the problem. there should be a message in the ePO log when it starts up to the effect of "couldnt create agent SFX package" which might explain why the ePO Server was still pushing out an out of date IP