1 Reply Latest reply on Dec 4, 2007 10:13 AM by boohbah

    EPo 3.6.0 agent not appearing when deployed to VPN tunnelled Site

    davidvessey
      Hi Guys, got a very strange problem and don't know how to get around it. I have deployed CMA EPo Agent 3.6.0 to 25 sites in our enterprise using EPo v3.6.1.

      Our WAN consists of 75% Orange MPLS, and 25% Cisco VPN tunnel over SDSL. Al porta are open accross the WAN. We have also confirmed Full DNS capability at all sites.

      The problem is, that to all our orange MPLS connected offices, EPo deploys fine, and we get the green tick, but to all our VPN over SDSL connections - it deploys the agent successfully, and we can see the agent pulling policy and definition updates, but it never appears in the EPo console with a green tick!

      I've tried manually installng the agent, adding to EPo by IP rather than by name, checked that DEP and local firewalls are disabled. Nothing seems to work.

      Our network team tells me that the encrypted VPN tunnel does not support Netbios over TCP/IP packets, which is what we believe is preventing the agent from appearing in EPo.

      I pulled this from the FRMInst_servername.log:

      20071203150801 I #3624 Exec Ins Add to Windows Firewall
      20071203150801 E #3624 Cmalib Ins Error trace:
      20071203150801 E #3624 Thread Ins [Main thread]->
      20071203150801 E #3624 Setup Ins [Attempting to perform a setup operation]->
      20071203150801 E #3624 Exec Ins [Setup execution]->
      20071203150801 E #3624 Cmalib Ins [Add to Windows Firewall]->
      20071203150801 E #3624 Cmalib Ins error -2147023143: There are no more endpoints available from the endpoint mapper.

      However this may be a red herring, as windows firewall is not enabled...

      Heres the Agent_servername.log

      20071203150748 I #1712 Logging Create XML
      20071203150748 I #1712 FrmSvc START cmdline=/Service
      20071203150748 I #1712 FrmSvc register service
      20071203150748 I #1712 FrmSvc Set COM launch permissions and service settings
      20071203150749 I #1712 FrmSvc result = 0
      20071203150749 I #1712 FrmSvc END
      20071203150802 E #1456 Logging addAgentInfoToLog GUID query error 2
      20071203150802 I #1456 FrmSvc START cmdline="C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart
      20071203150802 I #1456 FrmSvc ServiceStart
      20071203150802 I #1456 FrmSvc Running
      20071203150802 I #1068 FrmSvc Starting Subsystem <Logging>
      20071203150802 x #1068 Logging Subsystem started
      20071203150802 I #1068 FrmSvc Starting Subsystem <Internet Manager>
      20071203150802 i #1068 InetMgr Subsystem started
      20071203150802 I #1068 FrmSvc Starting Subsystem <User Space Controller>
      20071203150802 I #1068 FrmSvc Starting Subsystem <Management>
      20071203150802 I #3916 Manage Mangement plugin watch worker thread started
      20071203150803 I #1068 Cmalib Referencer 1 VIRUSCAN8000
      20071203150803 x #1068 Manage Subsystem started
      20071203150803 I #1068 FrmSvc Starting Subsystem <Script>
      20071203150803 i #1068 Script Subsystem started
      20071203150803 I #1068 FrmSvc Starting Subsystem <Updater>
      20071203150803 i #1068 Updater Subsystem started
      20071203150803 I #1068 FrmSvc Starting Subsystem <Scheduler>
      20071203150803 I #1068 Sched >>--CSchedule::Start
      20071203150803 I #1068 naCmnLib Random seed = 0x9bb4****
      20071203150803 I #1068 Sched Glbs.szMyPlatform: WXPS:5:2:2
      20071203150803 I #1068 Sched All the tasks are successfully loaded from the file
      20071203150803 i #1068 Sched Scheduler is now running
      20071203150803 I #4056 naCmnLib Random seed = 0xce8d****
      20071203150803 I #1068 Sched <<--CSchedule::Start
      20071203150803 I #1544 naCmnLib Random seed = 0xd4b1****
      20071203150803 I #1068 FrmSvc Starting Subsystem <Agent>
      20071203150803 I #1068 Agent Subsystem starting...
      20071203150803 i #1068 Agent Generating Agent key pair...
      20071203150803 i #1068 Agent Generating Agent ID...
      20071203150803 I #3884 Agent Agent communication thread started
      20071203150803 I #3552 naCmnLib Random seed = 0xe2ae****
      20071203150803 i #3552 Agent Agent will connect to the ePO Server in 1678049280 minutes and 277 seconds.
      20071203150803 I #1068 Agent Subsystem started
      20071203150803 i #3884 Agent Agent will connect to the ePO Server in 60 minutes and 0 seconds.
      20071203150803 E #3552 Cmalib Error trace:
      20071203150803 E #3552 Cmalib [Add to Windows Firewall]->
      20071203150803 E #3552 Cmalib error -2147023143: There are no more endpoints available from the endpoint mapper.
      20071203150803 I #3552 Agent Agent worker thread started
      20071203150803 i #3552 Agent Agent will connect to Server in : 228 seconds
      20071203150803 I #3632 Agent Agent event worker thread started
      20071203150803 I #1140 Agent Agent Immediate Events worker thread started
      20071203150803 i #1980 Agent Next policy enforcement in 5 minutes
      20071203150803 I #1068 FrmSvc Starting Subsystem <Listen Server>
      20071203150803 I #1068 InetMgr IP address for ePO Server =172.20.0.26
      20071203150804 I #416 InetMgr IP address for ePO Server =172.20.0.26
      20071203150804 I #416 LstnSvr CAsyncSocket::Socket() m_hSocket=1244, this=0x010662e8
      20071203150804 I #416 LstnSvr CAsyncSocket::AttachHandle hSocket=1244 ,pSocket = 0x010662e8, bRet=1
      20071203150804 x #1068 LstnSvr Subsystem started
      20071203150804 I #1068 FrmSvc Starting Subsystem <Trusted Connection>
      20071203150804 I #1068 TrstCon Start
      20071203150804 I #1068 FrmSvc Service started
      20071203150809 i #1980 Agent Agent Started Enforcing policies
      20071203150809 I #1980 Agent Thread signal occurred
      20071203150809 I #1980 Manage Enforcing policies
      20071203150809 i #1980 Manage Compiling policies
      20071203150809 i #1980 Manage Enforcing Policies for VIRUSCAN8000
      20071203150809 I #1980 Manage CManage::EnforcePolicies() - FAILED - "VIRUSCAN8000" Error(-1207)
      20071203150809 i #1980 Manage Enforcing Policies for EPOAGENT3000META
      20071203150809 I #1980 Manage CManage::EnforcePolicies() - FAILED - "EPOAGENT3000META" Error(-1207)
      20071203150809 i #1980 Manage Enforcing Policies for EPOAGENT3000
      20071203150809 I #1980 Manage CManage::EnforcePolicies() - FAILED - "EPOAGENT3000" Error(-1000)
      20071203150809 i #1980 Manage Enforcing Policies for ePolicy Orchestrator Agent
      20071203150809 I #1980 Agent CePOAgent::EnforcePolicy priority=-2
      20071203150809 I #1980 Agent Enforcing policies
      20071203150809 I #1980 LstnSvr Enforcing Policies
      20071203150809 I #1980 InetMgr IP address for ePO Server =172.20.0.26
      20071203150809 I #1980 Logging Enforcing policies
      20071203150809 I #1980 Manage Enforcing policies
      20071203150809 I #1980 Script Enforcing policies
      20071203150809 I #1980 Updater Enforcing policies
      20071203150809 I #1980 UsrSpCt Enforcing policies
      20071203150809 I #1980 UsrSpCt Token not found. Will try to get it from shell
      20071203150809 I #1980 UsrSpCt Found shell token
      20071203150809 I #1980 FrmSvc User SID is S-1-5-21-574165081-3770831800-4219732492-1134 and SessionID is 0
      20071203150809 I #1980 UsrSpCt Try to Launch UdaterUI Again
      20071203150809 I #1980 UsrSpCt UpdaterUI won't be launched for Terminal Services client session (sessionID=1)
      20071203150809 I #1980 Sched >>--CSchedule::EnforcePolicy
      20071203150809 I #1980 Sched <<--CSchedule::EnforcePolicy
      20071203150809 i #1980 Agent Agent finished Enforcing policies
      20071203150809 i #1980 Agent Next policy enforcement in 5 minutes
      20071203151053 I #3468 FrmSvc User SID is S-1-5-18 and SessionID is 0
      20071203151053 I #3468 FrmSvc User SID is S-1-5-18 and SessionID is 0
      20071203151151 i #3552 Agent Agent started performing ASCI
      20071203151151 I #3552 Agent CAgentWork::IsMacAddressComputerNameChanged priority=-2
      20071203151151 i #3552 Agent Checking MAC address...
      20071203151151 I #3552 Agent CAgentWork::GetMacAddressList priority=-2
      20071203151151 I #3552 Agent CAgentWork::GetMacAddressList4NT GetIpAddrTable() reports: 2 ip addresses on the system (including the loopback address)
      20071203151151 I #3552 Agent Checking IP address @ index: 0
      20071203151151 I #3552 Agent szMacAddrList=00142237DD0C;szMacAddr=00142237DD0C;
      20071203151151 I #3552 Agent Checking IP address @ index: 1
      20071203151151 i #3552 Agent Checking Computer Name...
      20071203151151 I #3552 Agent Collecting IP address using InternetManager
      20071203151151 I #3552 InetMgr HTTP Session initialized
      20071203151151 I #3552 InetMgr Connecting to HTTP Server in socket-mode
      20071203151151 I #3552 InetMgr Connecting to Real Server: 172.20.0.26 on port: 2000
      20071203151152 I #3552 InetMgr Connected to Real Server: 172.20.0.26 on port: 2000. No Proxy used!
      20071203151152 I #3552 InetMgr HTTP Session closed
      20071203151152 I #3552 InetMgr ------------------------------------------------------------
      20071203151152 I #3552 Agent Sending Agent public key to ePO Server
      20071203151152 I #3884 Agent Started processing a package..
      20071203151152 I #3884 naCmnLib Random seed = 0xc1d0****
      20071203151152 I #3884 Manage Collecting Properties
      20071203151152 I #3884 Manage CEnforceProperties::LoadPropFiles() - Properties file not found, creating new
      20071203151152 i #3884 Manage Collecting Properties
      20071203151153 I #3884 Agent Preparing Agent Key Package
      20071203151153 I #3884 Agent Getting IP address for public key from InternetManager
      20071203151153 I #3884 InetMgr HTTP Session initialized
      20071203151153 I #3884 InetMgr Connecting to HTTP Server in socket-mode
      20071203151153 I #3884 InetMgr Connecting to Real Server: 172.20.0.26 on port: 2000
      20071203151153 I #3884 InetMgr Connected to Real Server: 172.20.0.26 on port: 2000. No Proxy used!
      20071203151153 I #3884 InetMgr HTTP Session closed


      Any help appreciated - has anyone come accross this problem before?

      Thanks
        • 1. RE: EPo 3.6.0 agent not appearing when deployed to VPN tunnelled Site
          im not sure that netbios is the issue, could be wrong, but it isnt the first place i would look.

          im wondering if on a network level, all traffic is coming ( to the ePO Server) from the same MAC address - that of the tunnel. ePO looks at the MAC address first, to individually tell one computer from another.

          a quick test would show if this is the problem - create the reg key DisableMACSearch ( search the readme for the instructions for how to create this key)

          this will cause ePO to ignore the source MAC address, and instead use the Agent GUID as the unique identifier,

          please let us know if this is the problem , you will know within the hour, as machines should start checking in with green ticks....