1 Reply Latest reply on Aug 23, 2008 2:07 PM by aleister

    McAfee Agent not communicating on computer with Deep Freeze


      I have an issue with ePO and Deep Freeze. Deep Freeze prevents making persistent changes to a computer, all changes are wiped after a reboot. Once a week the computers boot in a maintenance mode so OS and anti-virus updates can be made permanent. However, after the first reboot of a fresh installation the agent stops communicating with the ePO server. I have found these errors in the server.log:

      20080814134208 E #3304 EPOServer Agent with GUID {676A76CB-09F4-4EEA-9B77-264AA0E6E6BB} sequence number invalid, expected 16 > 29
      20080814134208 E #3304 mod_epo Failed to process agent request

      Apparently ePO logs how many times clients have communicated to the server, but the "sequence number" is of course reset every time a computer with Deep Freeze reboots.

      I have tried installing the Agent Datadir on a "thawed" drive where persistent changes can be written, but that doesn't help. I have also tried to delete the SequenceNumber value in the [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent] registry key, hoping it would be reset, but the agent still "remembers" the sequence number.

      The only workaround I have come up with so far is to create a startup script that deletes the AgentGUID from the registry so a new one is created every time the computer reboots. Thankfully this doesn't create duplicate entries in the console, but I worry I will fill the database with unused GUIDs.

      Does anyone know another workaround, or is there a way to make the server ignore the sequence number?


      Version info:
      ePolicy Orchestrator: 4.0 Patch 2
      Virusscan Enterprise: Patch 6
      OS: XP SP3
      Deep Freeze Enterprise:
        • 1. Possible workaround for lab environment.
          To get around this, I disabled agent-to-server communication under the policy for the machines that have drive protection to prevent them from calling in while they are locked down.

          I then scheduled an Agent Wakeup task to occur when the machines are unlocked. I have these machines set up to unlock prior to opening for business to allow for patching and et cetera. Had to settle for once a day agent communication on these boxes.

          Not ideal, but the easiest solution I've found so far.