5 Replies Latest reply on Jan 27, 2016 1:59 PM by JoeBidgood

    Agent Handler woes

    meciar

      Hi, I'm trying to get my dmz systems working on my agent handler, but I keep running into issues. I have the Agent Handler installed correctly and it can talk with my main ePO server. I've done telnet tests to make sure I have all of the required ports open correctly. I have been manually installing the McAfee agents on these dmz systems and it works out of the box and can connect to the agent handler, get dat updates, etc. As soon as I check for new policies, it downloads a new repository and then fails to connect back to my agent handler.

       

      The Agent handler does not show up in my repository list for my agent repository policy. Any suggestions on how I can get this setup properly? I would have thought the AH would show up in the repository list. If not, should I use a UNC Path, local path or what? I had this setup and working beforehand (then we upgraded to the new ePO and for complicated reasons had to remove the Agent Handler and start over again). I never had to manually put in the AH as a repository.

       

      Suggestions appreciated. Thx

        • 1. Re: Agent Handler woes
          JoeBidgood

          Just to clarify a point - are we talking about repositories, which provide content like DAT updates, or the ability to communicate with ePO in order to get policies and tasks? (Or possibly both?)

          These are effectively two separate functions in ePO, both of which can be provided by an agent handler.

           

          If the problem is that the agents can talk to the AH and get policies, but are unable to see it to get DAT updates and so on, then make sure that the master repository is enabled in the agent policy. As far as agents are concerned an AH is the same as the ePO server - that's what they think they're talking to - so the master repo needs to be enabled if the agents are to get content from the AH.

           

          If the problem is that the agents talk to the AH once, and then don't communicate after that, then they must be getting a sitelist which no longer contains the AH. In that case you need to check the assignment rules for the AH: it sounds like the machines are being assigned the wrong sitelist by ePO, after which they can no longer find anything to talk to.

           

          HTH -

           

          Joe

          • 2. Re: Agent Handler woes
            meciar

            Hi Joe, thanks for the quick response. To clarify, yes I would like the agent handler to provide both of those functions (repository and policy updates, etc to the systems in the dmz).

             

            I have the second problem you list - the agents talk to the AH once and then don't communicate. I've confirmed they try to communicate with the main ePO server directly after a policy update (which fails because those clients don't have direct access to that server). I've checked my assignment rules and I have a handler priority in place for my DMZ systems so that they will use a custom handler list - first to go to my dmz AH, then to ePO. Do I need to put the Agent Handler into the Agent Repository policy? It does not show up as one of the repositories in my list. I also note that when I send an agent wake-up call it says it is successful, but I do not see an update in my ePO server to say that it has recently communicated.

            • 3. Re: Agent Handler woes
              JoeBidgood

              meciar wrote:

               

              Hi Joe, thanks for the quick response. To clarify, yes I would like the agent handler to provide both of those functions (repository and policy updates, etc to the systems in the dmz).

               

              I have the second problem you list - the agents talk to the AH once and then don't communicate. I've confirmed they try to communicate with the main ePO server directly after a policy update (which fails because those clients don't have direct access to that server). I've checked my assignment rules and I have a handler priority in place for my DMZ systems so that they will use a custom handler list - first to go to my dmz AH, then to ePO.

               

              That sounds like a problem with the handler assignment rules. Can you post a screenshot of your rules? That might give us an idea of what's happening.

              Do I need to put the Agent Handler into the Agent Repository policy? It does not show up as one of the repositories in my list.

               

              No, you just need to make sure that the master repository is enabled in the policy - it will be listed with the name of the ePO server, and usually is of type Global. However, this problem is secondary: if the clients are being given the wrong sitelist, then they won't be able to update from the AH because they don't know where it is, so we need to fix the first problem first, which may well solve both.

               

              HTH -

               

              Joe

              • 4. Re: Agent Handler woes
                meciar

                Well, I re-checked my handler assignment rules and that was exactly the problem. I had the ePO as the priority 1 handler and my dmz as priority 2. When I switched these around so that our DMZ was priority 1 (applied to the tree that has the dmz systems), that fixed the problem. Thanks for all your help Joe

                • 5. Re: Agent Handler woes
                  JoeBidgood

                  That would do it   Glad it's sorted out now.

                   

                  Regards -

                   

                  Joe