9 Replies Latest reply on Nov 5, 2007 4:36 PM by metalhead

    Http blocking snafu EPO/VSE 8.5

      In the upgrade from 8.0 -> 8.5, we lost the simple one check box block downloads from the Access Protection policy.

      In testing the new settings for http blocking, an editing mistake caused the "frameworks*" exclusion to be included and blocked. This policy was applied to around 25 workstations, that can not communicate with the EPO server or receive updates as a result....epo/VSE is blocking effectively itself.

      What's the best way to correct this screwup? Disabling the access protection and running an update fails to pull the new policy that excludes frameworks* from blocking. Disabling the http blocking policy locally and running an update also fails to rest the policy.
        • 1. RE: Http blocking snafu EPO/VSE 8.5
          that does sound bad.

          I cannot believe that turning off the access protection does not allow the systems to download the correct policy.

          Have you tried to uninstall the agent and then reinstall it?
          • 2. RE: Http blocking snafu EPO/VSE 8.5
            Unfortunately it looks like uninstalling the agent is the only effective solution to the problem. I have tried several other configuration options, disabling on access protection, explicitly adding frameworks* and updating but nothing short of removal/reinstall appears to resolve this.
            • 3. RE: Http blocking snafu EPO/VSE 8.5
              luckily it is not on 250 or 2500 nodes.

              I almost want to try this, :).null The policy seems easy enough, it should be interesting.
              • 4. RE: Http blocking snafu EPO/VSE 8.5
                I was able to turn off Access Protection, that is once the console would respond, and do a policy update and it was allowed though.

                ######

                Thursday, November 01, 2007 10:47:27 AM Error Internet Manager Failed to connect to server epo-test.domain.tv. Check the agent log for more details.
                Thursday, November 01, 2007 10:47:27 AM Error Agent Agent failed to communicate with ePO Server
                Thursday, November 01, 2007 10:47:27 AM Info Agent Agent communication session closed
                Thursday, November 01, 2007 10:47:27 AM Info Agent Agent will connect to the ePO Server in 14 minutes and 56 seconds.
                Thursday, November 01, 2007 10:53:52 AM Info Agent Agent started performing ASCI
                Thursday, November 01, 2007 10:53:53 AM Info Agent Agent communication session started
                Thursday, November 01, 2007 10:53:53 AM Info Agent Agent is sending PROPS VERSION package to ePO server
                Thursday, November 01, 2007 10:53:53 AM Info Agent Agent is connecting to ePO server
                Thursday, November 01, 2007 10:53:54 AM Info Agent Package uploaded to ePO Server successfully
                Thursday, November 01, 2007 10:53:54 AM Info Agent Agent communication session closed
                Thursday, November 01, 2007 10:53:54 AM Info Agent Agent received POLICY package from ePO server
                Thursday, November 01, 2007 10:53:54 AM Info Agent New server policy was successfully merged
                Thursday, November 01, 2007 10:53:54 AM Info Agent Enforcing newly downloaded policies
                Thursday, November 01, 2007 10:53:54 AM Info Agent Agent Started Enforcing policies
                Thursday, November 01, 2007 10:53:54 AM Info Agent Agent will connect to the ePO Server in 120 minutes and 0 seconds.


                ####
                • 5. RE: Http blocking snafu EPO/VSE 8.5
                  metalhead
                  Not to offend you but best pratice and also McAfee advise is to change the agent communication port to some other port than 80 when installing ePO. Kepp this in mind when you migrate or reinstall the epo server next time.
                  • 6. RE: Http blocking snafu EPO/VSE 8.5


                    Interesting...we tried the same on two machines and both failed to merge the new policy. Uninstall/reinstall had to be performed as we ran out of testing time.
                    • 7. RE: Http blocking snafu EPO/VSE 8.5


                      No offense taken.. It is what it is and we inherited it.
                      • 8. RE: Http blocking snafu EPO/VSE 8.5
                        same here. Too bad it was not easier to change the port for agents, other than a reinstall; which is not always easy to do. Wonder if doing the agent version trick to move between server would work for this too.
                        • 9. RE: Http blocking snafu EPO/VSE 8.5
                          metalhead
                          You could also only copy the sitelist.xml, sitemaplist.xml and serversitelist.xml from a new servs agent to an "old" agent and it will report to the new server.