2 Replies Latest reply on Nov 1, 2015 1:02 AM by rgc

    McAfee Agent 5.0.2 Not Communicating

    carnold

      Just rebuilt the ePO server due to lost SQL DB. ePO 5.3.1 on server 2012 R2. We have a remote location that is not making contact with the ePO server. From this remote location, i can reach http://DNS address:81 and https://DS name:7443 (i get a you do not have permission to access /). This agent cannot send events or collect props. The agent does have the correct DNS name and ip address. Outbound traffic is allowed through the firewall. Other remote McAfee agents ARE contacting the ePO server (some 4.8 and some 5.0.x). How do i go about finding more detailed logs on where it is failing? On the client, c:\programdata\mcafee\agent\agentevents\upload xml files have the correct info in them. My packet monitor on our firewall shows 7443 traffic from that ip making it to the ePO server, nothing dropped. Windows firewall on the ePO server is off.


      So i just looked at the agent version on those that are contacting the ePO and they are ALL 4.8.0.1500. No 5.0.2 agents are contacting the ePO server. How do i check the 5.0.2 agent on the server to see if something is missing or incorrect?


      I installed the 5.0.2 agent on a laptop that is on the same domain as the ePO server. This agent will NOT process the VSE deployment task and will not send events to the ePO server

       

      System Information 

      Computer Name: TEK-LAP

        

      McAfee Agent 

      Version number: 5.0.2.132

      Status: Managed

      SuperAgent: Peer to Peer

      Last security update check: Unknown

      Last agent-to-server communication: Unknown

      Agent to Server Communication Interval (every): 1 hour

      Policy Enforcement Interval (every): 1 hour

      Agent ID: {ab971fcc-58f5-4840-aaa0-7c19beef40ff}

      ePO Server/Agent Handler 

      DNS Name: av.domain.tld

      IP Address: 69.110.174.178

      Port Number: 7443


      Could this be a master key issue? My master key shows the old server that we migrated from:

       

      Capture.PNG

       

      Should it show the current server, eposrv?

        • 1. Re: McAfee Agent 5.0.2 Not Communicating
          carnold

          Found this is the masvc log:

           

          Agent communication session started

          2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Agent is connecting to ePO server

          2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Initiating spipe connection to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759 -4321-A44E-D1A4288223D2.

          2015-10-30 18:02:00.850 masvc(2420.5924) ahclient.Info: connection initiated  to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759 -4321-A44E-D1A4288223D2.

          2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.

          2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Agent handler reports server busy. response code 503.

           

          Found this on the server side apache log:

           

          2015-10-30 02:16:11,545 INFO  [scheduler-TaskQueueEngine-thread-2] command.SnapshotServerCmd  - Successfully saved server snapshot to the database

          2015-10-30 02:16:43,922 ERROR [scheduler-TaskQueueEngine-thread-3] services.DownloadService  - SQL Exception trying to update products strings.

          java.sql.SQLException: Violation of PRIMARY KEY constraint 'PK_EPOSoftwareCatalogStrings'. Cannot insert duplicate key in object 'dbo.EPOSoftwareCatalogStrings'. The duplicate key value is (1, label, 1033).

            at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:373)

            at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2985)

            at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2418)

            at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(TdsCore.java:668)

            at net.sourceforge.jtds.jdbc.JtdsStatement.processResults(JtdsStatement.java:614)

            at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL(JtdsStatement.java:573)

            at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.execute(JtdsPreparedStatement.j ava:787)

            at sun.reflect.GeneratedMethodAccessor654.invoke(Unknown Source)

            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:43)

            at java.lang.reflect.Method.invoke(Method.java:497)

            at com.mcafee.orion.core.db.sqlserver.JtdsStatementRetryInvocationHandler.invoke(J tdsStatementRetryInvocationHandler.java:87)

            at com.sun.proxy.$Proxy21.execute(Unknown Source)

            at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedS tatement.java:172)

            at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedS tatement.java:172)

            at com.mcafee.epo.softwaremanager.dao.ProductStringsDAO.update(ProductStringsDAO.j ava:81)

            at com.mcafee.epo.softwaremanager.services.DownloadService.validateAndStoreProduct Strings(DownloadService.java:1507)

            at com.mcafee.epo.softwaremanager.services.DownloadService.DownloadProductStrings( DownloadService.java:1338)

            at com.mcafee.epo.softwaremanager.command.DownloadSoftwareCatalogCmd.invoke(Downlo adSoftwareCatalogCmd.java:140)

            at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1312)

            at com.mcafee.orion.core.cmd.CommandInvoker.invokeCommand(CommandInvoker.java:1037 )

            at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1006)

            at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:983)

            at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:437)

            at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:474)

            at com.mcafee.orion.scheduler.chainable.Chain.invokeChain(Chain.java:383)

            at com.mcafee.orion.scheduler.chainable.Chain.invoke(Chain.java:64)

            at com.mcafee.orion.core.cmd.CommandInvoker.invoke(CommandInvoker.java:1312)

            at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runTask(ScheduledTa skManagerImpl.java:1556)

            at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runValidatedTaskInv ocation(ScheduledTaskManagerImpl.java:1527)

            at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.runValidatedTaskInv ocation(ScheduledTaskManagerImpl.java:1481)

            at com.mcafee.orion.scheduler.service.ScheduledTaskManagerImpl.execute(ScheduledTa skManagerImpl.java:1292)

            at com.mcafee.orion.task.queue.TaskQueueEngine.runTask(TaskQueueEngine.java:913)

            at com.mcafee.orion.task.queue.TaskQueueEngine.runTask(TaskQueueEngine.java:895)

            at com.mcafee.orion.task.queue.TaskQueueEngine.access$1000(TaskQueueEngine.java:50 )

            at com.mcafee.orion.task.queue.TaskQueueEngine$3.run(TaskQueueEngine.java:864)

            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

            at java.util.concurrent.FutureTask.run(FutureTask.java:266)

            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

            at java.lang.Thread.run(Thread.java:745)

          • 2. Re: McAfee Agent 5.0.2 Not Communicating
            rgc

            Hi Carnold,

             

            As per your inputs, I understand the EPO is configured with Public IP or you have RAH configured with public Ip: 69.110.174.178

             

            As per the Agent logs: It is trying with DNS name as "IP"

             

            2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Agent is connecting to ePO server

            2015-10-30 18:02:00.834 masvc(2420.5924) ahclient.Info: Initiating spipe connection to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759 -4321-A44E-D1A4288223D2.

            2015-10-30 18:02:00.850 masvc(2420.5924) ahclient.Info: connection initiated  to site https://ip:7443/spipe/pkg?AgentGuid={9cc6bb45-05ef-47c1-b608-bbae656ecb76}&Source=Agent_3.0.0&TenantId=67124F2C-B759 -4321-A44E-D1A4288223D2.

            2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <503>.

            2015-10-30 18:02:01.100 masvc(2420.5924) ahclient.Info: Agent handler reports server busy. response code 503.

             

            Additionally: Error 503 is DNS errors, looks like host name resolution is failing.

             

            Hence, I suggest to remove host name for the public IP configured and try to redeploy the agent and see the logs, is trying to reach IP: 69.110.174.178


            Even after the issue persist, share the logs to see more detailed info

             

            Hope this helps,

             

            Regards,

            RGC