7 Replies Latest reply on Oct 4, 2016 6:59 AM by epoadmins@intrum.com

    MDE 7.1.3 and MA 5.0.3

    kapaaian

      Has anyone else tried to deploy MDE with MA 5.0.3? I'm noticing activation issues on newly imaged systems with this combination. Errors recieved are similar to these. Downgrading to 5.0.2 seems to resolve.

       

       

      userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

      2016-05-24 14:39:43,087 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::is_sso_enabled: 256: [0xEE120008] no system policy set

      2016-05-24 14:39:43,087 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::is_sso_enabled: 261: [0xEE120008] no system policy set

      2016-05-24 14:39:43,087 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::is_logon_active: 198: [0xEE120008] no system policy set

      2016-05-24 14:39:43,087 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::is_logon_active: 203: [0xEE120008] no system policy set

      2016-05-24 14:39:43,087 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::is_logon_managed_autoboot_enabled: 1166: [0xEE120008] no system policy set

      2016-05-24 14:39:43,087 WARNING MfeEpeCredentialProviderServiceV2 ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::is_logon_managed_autoboot_enabled: 1171: [0xEE120008] no

        • 1. Re: MDE 7.1.3 and MA 5.0.3
          feeeds

          I saw this today on one of my laptops which had 5.0.3.    We have not made 5.0.3 our production agent yet, and we may stick with 5.0.2 for a while.

          • 2. Re: MDE 7.1.3 and MA 5.0.3
            aguzman

            I am having the same issue lately. When ever a new system is imaged it seems as if the PBFS is not updated with the user file. Every time we build a new laptop, only the user who was logged in during the encryption activation is able to login to the PBA. This log seems to keep repeating:

            2016-07-25 22:44:13,601 INFO    EpoState                             == Start of policy enforcement ==

            2016-07-25 22:44:13,603 INFO    StatusService                        Policy enforcement has started

            2016-07-25 22:44:13,603 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

            2016-07-25 22:44:13,604 INFO    EpoPlugin                            policyHandler: handling EnforcePolicy event

            2016-07-25 22:48:40,447 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,453 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,460 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,480 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,484 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,491 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,492 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,497 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:40,502 WARNING EpoMaLpcLog                          Service not available

            2016-07-25 22:48:42,843 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,843 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,845 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,845 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,846 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,846 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,847 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,847 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,848 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,848 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,849 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,849 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,849 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,850 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,850 ERROR   StatusService                        Failed to receive data for assigned users

            2016-07-25 22:48:42,851 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,851 ERROR   EpoPlugin                            userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type

            2016-07-25 22:48:42,852 ERROR   StatusService                        Failed to receive data for assigned users

            ...

             

            Also, I have noticed this log entry...

            2016-07-26 15:58:46,358 WARNING OpalProvider                         Disk configuration is unsupported for Opal. All disks must be Opal disks in order to activate with the Opal provider.

            2016-07-26 15:58:54,998 ERROR   MfeEpeServiceLPCServer               One or more LPC channels failed to unsubcribe

            2016-07-26 15:58:54,999 WARNING MfeEpeServiceLPCServer               LPC channel subscriptions failed: [0xEE000007] Unexpected IPC error. Please ensure MA/Point Product service is running.

             

            We are not using Opal drive and the MA service is running. The only way we have been able to get it to work is if we do an Encryption Recovery and boot into windows. This seems to but the activation status into a recovery mode and forces the PBFS to rebuild. Afterwards, the user file is downloaded and appears to function normally.

             

            I will try to downgrade to MA 5.0.2 and see if this fixes the problem.

            • 3. Re: MDE 7.1.3 and MA 5.0.3
              kapaaian

              I had opened a case about it and the answer seemed to be that the agent to agent communication features were not compatible with 7.1.3. This seemed to resolve it for me, but my help desk is still having trouble. No matter what I can't recreate it, but they get it....

               

              Where is MDE 7.1.4 with full 5.0.X support?

              • 4. Re: MDE 7.1.3 and MA 5.0.3
                aguzman

                So you still have issues with 5.0.2? I really hope I don't have to make this recovery boot step part of the encryption process.

                • 5. Re: MDE 7.1.3 and MA 5.0.3
                  kapaaian

                  Sorry, mistype, but it is a little weird.

                   

                  Apparently certain features of 5.0.x were only turned on (or turned on by default) in 5.0.3.x, so that's why the problems showed up then.

                  • 6. Re: MDE 7.1.3 and MA 5.0.3
                    aguzman

                    Looks like McAfee has finally acknowledged the issue...

                     

                    If you assign a large number of users to a system, the system may fail to add users to the client system.

                         MfeEpe.log records one of the following errors (client log):

                    • "userHandler: failed to process user updates/acknowledgement: [0xEE000005] Failed to deserialize type”

                    OR

                    • “userHandler: failed to deserialize GetAllUsers response: [0xEE000005] Failed to deserialize type”

                     

                    For further details on this issue, including workarounds, refer to KB87365:
                    https://kc.mcafee.com/corporate/index?page=content&id=KB87365

                    An ePO deployable hotfix for MA is currently under development to address this issue. The KB article will be updated when the hotfix is available. Until then, customers with Drive Encryption 7.1.X should not upgrade to MA 5.0.3.

                    Just an FYI...The wrokaround for downgrading to 5.0.2 worked for me. However, after downgrading I still had to perform an emergency boot so the system could rebuild the PBFS. After that completed all the users were updated and worked normally during the PBA.
                    • 7. Re: MDE 7.1.3 and MA 5.0.3
                      epoadmins@intrum.com

                      I can confirm that upgrading to 5.0.4 also resolves