7 Replies Latest reply on Apr 18, 2008 8:37 AM by zen0

    Clients not updating (ePO 3.5)

      Hi

      I'm in the situation where 500+ clients out of about 700 are just not updating to the latest DATs. I'm also in the unfortunate position of finding out what's going on :confused:

      Some machines are still running NT4.0, some are on XP, all running Virusscan 7. The server is 3.5.0.

      There don't seem to be any errors in the updating process other than 'update list doesn't exist or is empty. Performing one-click update...' - and if I'm right, this alone shouldn't stop the update from happening anyway. The clients just don't seem to recognise there's a newer DAT on the server

      I've tried various things that have been posted about similar problems, like copying those ".dat" files from a working machine (no effect) and manually removing the agent and re-pushing it (this actually throws the client back to an even earlier DAT than before!). Installing the latest SuperDAT on individual machines also seems to do nothing

      Yet another concern is that when I first had a look at all this, the ePO server was completely unpatched. Now it has patch 6, but now the numbers of '5 or more versions out of date' clients is growing by the day, almost as if the patch has made things worse!

      I will also state that even though we are expected to find a fix, my company is REALLY unlikely to update ePO or Virusscan to their latest versions as a new solution is apparently on the way.

      Nothing seems amiss in the console itself - the repository looks to be keeping itself current, and indeed many clients are updating themselves fine. So the system's not totally broken...

      Any (more) ideas from anyone? Thanks in advance!
        • 1. RE: Clients not updating (ePO 3.5)
          tonyb99
          The error message may just be informational (see below)
          Update list doesn't exist or is empty. Performing one-click update http://https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType= kc&externalId=KB40756&sliceId=SAL_Public&dialogID=28158477&stateId=1 0 28162116 0 28162116

          Can you pick an agent that is not updating and provide:
          OS version with patch level
          CMA version
          VSE version with patch level
          DAT and engine level of PC
          EPO server version and SP level
          Also try a manual update from the systray icon and then post the relevant bit of the agent log so we can see what going on.

          I guess your company are not paying Mcafee for support anymore, and havnt been for a long time to still be running these versions, do you not have access to patch fixes?
          • 2. RE: Clients not updating (ePO 3.5)
            Hi, thanks for the response :)

            The ePO server is 3.5.0 patch 6.

            As an example client log:

            OS: NT4 SP6
            CMA: 3.5.0.412
            VSE: 7.0.0.511Wrk
            Engine: 5.2.00
            DAT 4.0.5269

            Logfile section:

            20080416153632 I #316 Updater OnDemand update started.
            20080416153632 I #316 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080416153632 I #319 Script Searching for first available site.
            20080416153632 i #319 Script Checking update packages from repository TQGWSMS2SEC.
            20080416153633 I #319 Script CheckSiteStatus: Downloading file SiteStat.xml from site TQGWSMS2SEC
            20080416153633 I #319 InetMgr Downloading File: -->
            20080416153633 I #319 InetMgr <filename = SiteStat.xml>
            20080416153633 I #319 InetMgr <dwFlags = 0x4>
            20080416153633 I #319 InetMgr <localdir = c:\temp\nai19>
            20080416153633 I #319 InetMgr <remotedir = \>
            20080416153633 I #319 InetMgr <sitename = TQGWSMS2SEC>
            20080416153633 I #319 InetMgr Connecting to site = TQGWSMS2SEC,
            20080416153633 I #319 InetMgr server = tqgwsms2sec
            20080416153633 I #319 InetMgr UNC Session initialized
            20080416153633 W #319 InetMgr Connecting to UNC Server: tqgwsms2sec
            20080416153633 I #319 InetMgr Domain name=BWHO, User name=S_EPO_SERVER
            20080416153633 I #319 InetMgr Mapping network share \\tqgwsms2sec\NAI$ using NetUseAdd
            20080416153633 I #319 InetMgr Network Share \\tqgwsms2sec\NAI$ mapped
            20080416153633 W #319 InetMgr Connected to UNC Server: tqgwsms2sec
            20080416153633 I #319 InetMgr Trying to download from site = TQGWSMS2SEC, server
            20080416153633 I #319 InetMgr localfile = c:\temp\nai19\SiteStat.xml, remotefile = \SiteStat.xml
            20080416153633 W #319 InetMgr Downloading file: \\tqgwsms2sec\NAI$\SiteStat.xml from UNC Server
            20080416153633 I #319 InetMgr Downloaded file \SiteStat.xml successfully
            20080416153633 I #319 InetMgr After calling download()
            20080416153633 I #319 InetMgr return code = 0
            20080416153633 I #319 InetMgr Disconnecting UNC Server \\tqgwsms2sec\NAI$ using NetUseDel(), Force = 1
            20080416153633 I #319 InetMgr NetUseDel() returned 0
            20080416153633 I #319 InetMgr Network share \\tqgwsms2sec\NAI$ deleted successfully(1)
            20080416153633 I #319 InetMgr UNC Session closed
            20080416153633 I #319 InetMgr ------------------------------------------------------------
            20080416153633 I #319 Script TQGWSMS2SEC site is valid and available.
            20080416153634 i #319 Script Initializing update...
            20080416153634 i #316 Script Verifying catalog.z.
            20080416153634 i #319 Script Extracting catalog.z.
            20080416153634 i #316 Script Loading update configuration from: Catalog.xml
            20080416153635 i #319 Script Update list doesn't exist or is empty. Performing one-click update.
            20080416153635 i #316 Script Update Finished
            20080416153705 i #324 Script Closing the update session.



            ...this log is typical of all which fail to update.

            Another even more bizarre thing is that there are many clients whose locally reported DAT version is different to that reported in the ePO console (both being very out of date!) , for example 4.0.5115 in ePO and 4.0.5216 on the client.

            Agent wakeup calls generate this kind of thing:

            20080416160634 I #3184 LstnSvr CAsyncSocket::DoCallBack for event: FD_ACCEPT
            20080416160634 I #3184 LstnSvr CAsyncSocket::AttachHandle hSocket=1384 ,pSocket = 0x003faa98
            20080416160634 I #2840 naCmnLib Random seed = 0x573f****
            20080416160634 I #1224 LstnSvr CAsyncSocket::DoCallBack for event: FD_CLOSE
            20080416160634 I #2840 LstnSvr CAsyncSocket::DetachHandle hSocket=1384
            20080416160634 I #3988 Agent Started processing a package..
            20080416160634 i #3988 Agent Agent wakeup call received
            20080416160634 i #3988 Agent Agent wakeup call for FULL PROPS received
            20080416160634 I #3988 naCmnLib Random seed = 0x7220****
            20080416160634 i #2952 Agent Agent started performing ASCI
            20080416160634 i #3988 Agent Agent will connect to the ePO Server in 120 minutes and 0 seconds.
            20080416160634 I #2952 Agent Collecting Properties
            20080416160634 I #2952 Agent Collecting IP address using InternetManager
            20080416160634 I #2952 InetMgr HTTP Session initialized
            20080416160634 I #2952 InetMgr Connecting to HTTP Server in socket-mode
            20080416160634 I #2952 InetMgr Connecting to Real Server: 10.64.118.32 on port: 80
            20080416160634 I #2952 InetMgr Connected to Real Server: 10.64.118.32 on port: 80. No Proxy used!
            20080416160634 I #2952 InetMgr HTTP Session closed
            20080416160634 I #2952 InetMgr ------------------------------------------------------------
            20080416160634 I #2952 Manage Collecting Properties
            20080416160634 i #2952 Manage Collecting Properties
            20080416160635 I #2952 Agent Agent is sending FULL PROPERTIES
            20080416160635 I #3988 Agent Started processing a package..
            20080416160635 I #3988 naCmnLib Random seed = 0x6efe****
            20080416160635 I #3988 Agent Preparing Props Package
            20080416160637 I #3988 naCmnLib Random seed = 0xb933****
            20080416160637 I #2952 Agent Forwarding all events
            20080416160637 I #2952 Agent Forward all events request received
            20080416160637 I #1144 Agent Agent event wakeup, processing events
            20080416160637 i #1144 Agent Agent is looking for events to upload
            20080416160637 I #1144 Agent Agent did not find any events to upload
            20080416160637 I #1144 Agent Agent did not find any events to upload
            20080416160637 I #1144 Agent Agent did not find any events to upload
            20080416160637 I #1144 Agent Agent did not find any events to upload
            20080416160638 i #3988 Agent Agent communication session started
            20080416160638 i #3988 Agent Agent is sending FULL PROPS package ePO server
            20080416160638 i #3988 Agent Agent is connecting to ePO server
            20080416160638 I #3988 InetMgr UploadFile/package to ePO Server: -->
            20080416160638 I #3988 InetMgr Connecting to site = ePO_CORPEPOSVR,
            20080416160638 I #3988 InetMgr Connecting to ePO Server using IP address: 10.64.118.32
            20080416160638 I #3988 InetMgr HTTP Session initialized
            20080416160638 I #3988 InetMgr Connecting to HTTP Server in socket-mode
            20080416160638 I #3988 InetMgr Connecting to Real Server: 10.64.118.32 on port: 80
            20080416160638 I #3988 InetMgr Connected to Real Server: 10.64.118.32 on port: 80. No Proxy used!
            20080416160638 I #3988 InetMgr Uploading package to ePO Server...trial 1 / 6
            20080416160638 I #3988 InetMgr Uploading file C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Unpack\pkg00128528319958660000_18837.spkg to ePO Server...
            20080416160638 I #3988 InetMgr Connecting to Real Server: 10.64.118.32 on port: 80
            20080416160638 I #3988 InetMgr Connected to ePO Server: 10.64.118.32
            20080416160638 I #3988 InetMgr Uploading SPIPE HTTP header
            20080416160638 I #3988 InetMgr Uploading data in bytes: 5196
            20080416160638 I #3988 InetMgr Reading acknowledgement from ePO Server
            20080416160638 I #3988 InetMgr No package to receive from ePO Server, HTTP return code: HTTP/1.0 202 OK

            20080416160638 I #3988 InetMgr
            20080416160638 I #3988 InetMgr Received response [202 OK] from ePO Server
            20080416160638 I #3988 InetMgr client:no package to receive
            20080416160638 I #3988 InetMgr Uploaded file : C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Unpack\pkg00128528319958660000_18837.spkg to Server successfully
            20080416160638 i #3988 InetMgr Upload success and no package to receive
            20080416160638 I #3988 InetMgr HTTP Session closed
            20080416160638 I #3988 InetMgr ------------------------------------------------------------
            20080416160638 I #3988 InetMgr Adding site ePO_CORPEPOSVR to failover list.
            20080416160638 I #3988 InetMgr After calling UploadFileResponse()
            20080416160638 i #3988 Agent No package received from ePO Server
            20080416160638 i #3988 Agent Agent communication session closed
            20080416160638 i #3988 Agent Agent will connect to the ePO Server in 75 minutes and 28 seconds.


            This is all confusing stuff. Also, since Patch 6 was installed on the ePO server, there are now only about 100 machines which ARE updating properly - there's a load stuck at around 5115, and now a big new batch which won't update past 5269 sad so that '5 or more versions out of date' pie chart isn't going to look too good pretty soon.

            If it was my choice, I'd upgrade everything and probably build a server from scratch and start again (it's worked for others who have posted similar stories). Unfortunately it's not my choice, so any help with the environment I'm stuck with would be much appreciated;)
            • 3. RE: Clients not updating (ePO 3.5)
              tonyb99
              You have additional repositories dont you superagents/http etc
              Not all the machines are connecting to the main server.

              Check your agent policies and see what other repos you have configured and set them all to connect to the main server, wake all the agents, check they are communicating. If not then resend the agent installer from the directory.
              • 4. RE: Clients not updating (ePO 3.5)
                Hi...

                In the ePO console it shows one master repo (type 'spipesite', does that sound right?) and 3 distributed, one of which is local to this site (TQGWSMS2SEC), so I have overridden the inheritance on a couple of clients so that they only point to this one. The only others available in the list are NAIhttp and NAIftp.

                I have also tried removing all traces of McAfee from the computer and the record from ePO, redeploying the agent and VS from scratch. So I end up with ye olde engine 4.2.40, defs 4249.

                Doing 'update now' from the client does not update anything, but if I then push it a SuperDAT update task, this updates the engine to 5200 and the defs to 5115, which is promising. But then, trying a normal DAT update produces this:

                20080417122921 i #1096 Sched Scheduler: Invoking task [AutoUpdate - ePO]...
                20080417122921 I #2520 Sched >>--RunTask
                20080417122921 I #2520 Manage Running task SoftwareID:EPOAGENT3000, TaskID:201
                20080417122921 E #2520 Sched Failed to run the task: error -1000, TaskGUID = 201, SoftwareID = EPOAGENT3000
                20080417122921 E #2520 Sched <<--RunTask hr=-1000(0xfffffc18)
                20080417122921 I #1096 Sched Failed to invoke task AutoUpdate - ePO due to unexpected error -1000
                20080417122921 I #1096 Sched AutoUpdate - ePO - Last run time(local) is Thu Apr 17 12:29:21 2008
                20080417122921 I #1096 Sched
                20080417122921 I #1096 Sched End of invoking the task



                The repos ARE quite happily replicating and engine 5200.2160 and DAT 5275 are sitting in there. AND there are still a minority (about 100) machines which are updating perfectly.

                In summary, my brain still hurts :confused: but thanks for your help!
                • 5. RE: Clients not updating (ePO 3.5)
                  tonyb99
                  It does pretty much come back to upgrade upgrade upgrade...
                  None of the products are in support anymore (for good reason) and it sounds like the entire system needs a radical overhaul and install from scratch.
                  • 6. RE: Clients not updating (ePO 3.5)
                    I was beginning to think the same, thanks for your help anyway.

                    I did actually find a pattern (though not a solution!) - the clients which DO update correctly are still running CMA 3.1.1.184 - so if the server had enforced 3.5.0.412 as was intended, I guess none of the machines would be up to date!
                    • 7. It's working now!
                      It was this:

                      https://knowledge.mcafee.com/article/101/7241542_f.SAL_Public.html

                      As soon as the old packages were removed from the repository everything started updating properly!