5 Replies Latest reply on Dec 9, 2016 9:52 AM by tkinkead

    Manually installed agent not joining ePO

    moep

      Hi all

       

      I could need some help with the manual installation of ePO agent  but first things first:

      Our environment is Orchestrator 5.3.1 (Build 188) and everything should be up to date

       

      As most of you probably know Mcafee quit support for Windows XP by end of 2015 (DAT files should still being updated).

      Unfortunately we still have some clients with XP and we can't get rid of them anytime soon.

      In addition, I noticed last week the the agent 5.0.4 cannot be installed anymore on XP (-> Operating system not supported)

       

      My approach was to install an older version (5.0.3.272 or earlier) so that the systems have at least a basic protection.

      In the agent package that I could download with our GRANT number was only a "framepkg_upd.exe" included.

      McAfee is always talking about the "framepkg.exe" in their manuals but I couldn't notice any difference so far.

      What I did notice was that when I open the "frameworkpackage.exe", a bunch of files (including "framepkg.exe") will be extracted.

       

      As suggested I did export the agent-server secure communication master key and the sitelist.xml from our server.

      In my package I use the following parameter to install the agent:

      Call "%Src%\FramePkg.exe" /Install=Agent /ForceInstall /SiteInfo="%Src%\SiteList.xml" /silent

       

      Up to that point everything is fine.

      The agent is there and seems to be working properly but the system will not appear in the Lost&Found section as expected. In fact it does not appear at all.

      I've been trying to

      • send a wakeup call (timed out)
      • force the communication client site (CMDAGENT /p -> agent is in unmanaged mode)
      • set the agent to managed mode with FrmInst.exe /install=agent /siteinfo=sitelist.xml (successful -> CMDAGENT /p -> agent is in unmanaged mode)

       

      When I press on update security I can see the agent is connecting directly to McAfee instead of the servers in my sitelist.

      I have no clue how to proceed or what could be the problem.

       

      I would be grateful for any ideas

       

      best regards

      Chris

        • 1. Re: Manually installed agent not joining ePO
          tkinkead

          It sounds like you downloaded an Agent installer package directly from McAfee and installed it on your client with a SiteList.xml file, right?  Have you tried uploading that Agent package into the ePO repository, build a package in ePO, and then install that package?

          1 of 1 people found this helpful
          • 2. Re: Manually installed agent not joining ePO
            tao

            You should be able to double check locally if the sitelist.xml was actually installed: c:\programdata\mcafee\common framework\serversitelist.xml

             

            Question: the agent version you are using for XP - was it checked in to your master repository?  I know that you have exported sitelist.xml, appropriate keys, using the appropriate commands to inject both during the install - I thought that the agent still needed to be checked in to your master repository. May be waaaay off on that one.

            1 of 1 people found this helpful
            • 3. Re: Manually installed agent not joining ePO
              Moe Hassan

              Chris,

               

              Please go to System Tree view in your ePO server. Select any folder on the left navigation panel. There should be a button named "New Systems". In ePO 4.x, you have to click on the menu on the bottom. When the new screen shows up, select option:

              Then choose appropriate version and agent handler. After clicking the OK button, you will be able to download the FramePkg.exe file which you can use. Copy that file on systems and double click on it to install.

              1 of 1 people found this helpful
              • 4. Re: Manually installed agent not joining ePO
                moep

                Hi all

                 

                Yes indeed I did download the archive directly from McAfee and it has never been checked in - but I tested with my own encryption key and sitelist.xml according to KB73389

                However, your hint was quite interesting since I haven't thought about checking in the older version manually.

                Since I use a server task to deploy the agent I'm fine with this solution.

                 

                Nevertheless I created an agent installation package the old version as well... unfortunately with the same result.

                It almost looks like the sitelist.xml is hard coded in the framepkg,exe.

                But thanks again for your suggestions.

                 

                regards Chris

                • 5. Re: Manually installed agent not joining ePO
                  tkinkead

                  What about trying Agent 4.8 instead of 5.0.3?  While I don't work with XP systems anymore, we do have a few Server 2003 systems, and have reverted almost all of them back to 4.8 instead of using the 5.x series due to various problems.

                   

                  Any chance your XP firewall is enabled?