1 2 3 Previous Next 22 Replies Latest reply on Jun 19, 2017 11:49 PM by brett.gilbertson

    Download Software Product List - Failing

    sgrechtman

      This has been failing for the last couple months now, and I'm not sure why.  I checked with our network engineers to make sure some of the web filtering wasn't blocking anything and it doesn't appear to be.  I also looked at KB74029 and this doesn't appear to be the same issue we are having.  I checked the certificates on our EPO server and they are correct.  Here is the error event log:

       

      12/12/16 12:12:35 PM     Started: Download Software Product List

      12/12/16 12:12:35 PM     Downloading product list.

      12/12/16 12:12:35 PM     Downloading file D:\PROGRA~1\McAfee\EPOLIC~1\DB\licensed_products_list.xml.tmp.

      12/12/16 12:12:35 PM     Downloading file D:\PROGRA~1\McAfee\EPOLIC~1\DB\trial_products_list.xml.tmp.

      12/12/16 12:12:35 PM     Failed to download file D:\PROGRA~1\McAfee\EPOLIC~1\DB\licensed_products_list.xml.tmp. There was an error connecting to the server (-2146893018).

      12/12/16 12:12:35 PM     Failed to download file D:\PROGRA~1\McAfee\EPOLIC~1\DB\trial_products_list.xml.tmp. There was an error connecting to the server (-2146893018).

      12/12/16 12:12:35 PM     Failed to connect to the Software Catalog server.

      12/12/16 12:12:35 PM     Downloading Translation Strings

      12/12/16 12:12:35 PM     Downloading file D:\PROGRA~1\McAfee\EPOLIC~1\DB\product_strings.xml.tmp.

      12/12/16 12:12:35 PM     Failed to download file D:\PROGRA~1\McAfee\EPOLIC~1\DB\product_strings.xml.tmp. There was an error connecting to the server (-2146893018).

      12/12/16 12:12:35 PM     Failed to connect to the Software Catalog server.

       

       

      Any ideas?  Anything else I can check?  Thanks!

        • 1. Re: Download Software Product List - Failing
          tao

          McAfee software updates server (s-download.mcafee.com), McAfee license server (lc.mcafee.com), and McAfee Product Compatibility List (epo.mcafee.com) - all need port 443 opened - Possible that it's blocked?

           

          Not sure if you are able to test access from the server to: https://epo.mcafee.com/ProductCompatibilityList.xml.

          • 2. Re: Download Software Product List - Failing
            sgrechtman

            tao,

             

            That XML URL fails when trying to view it on the server (This is from IE7 and Server 2003 R2 x64).  Not sure if that means it's being blocked from the network side or not.  I have reached out to them to see what they can find out.  We do have filters in place on https traffic, but the last time I spoke with them they couldn't see anything being explicitly blocked from our ePO box.

             

            And actually doing more testing, it seems that most McAfee related https is failing through the browser:  https://mcafee.com    fails to redirect.

            http://www.mcafee.com does load, but obviously that's not https.

            • 3. Re: Download Software Product List - Failing
              tao

              Pulled from an old post - Failed to connect to the Software Catalog server  and from -

              Ports needed by ePolicy Orchestrator for communication through a firewall Technical Articles ID:   KB66797 Last Modified:  11/10/2016

              McAfee Corporate KB - kb66797

              • 4. Re: Download Software Product List - Failing
                kkamelot01

                I have exactly the same problem. I investigate (using wireshark) that problem occurs when client sends a "client hello" message that lists cryptographic information and protocol version and server responds "Handshake Failure". This means that the client using wrong protocol version (TLS1.2 needed??) or not acceptable cipher.

                This problem began 01-12-2016.

                 

                ***************************** CLIENT

                Secure Sockets Layer

                    TLSv1 Record Layer: Handshake Protocol: Client Hello

                        Content Type: Handshake (22)

                        Version: TLS 1.0 (0x0301)

                        Length: 72

                        Handshake Protocol: Client Hello

                            Handshake Type: Client Hello (1)

                            Length: 68

                            Version: TLS 1.0 (0x0301)

                            Random

                                gmt_unix_time: Dec 15, 2016 10:46:10.000000000 ┼Ürodkowoeuropejski czas stand.

                                random_bytes: fc771c371121ef0abc08c9cc313da6f1efdaaf63fc4cfc47...

                            Session ID Length: 0

                            Cipher Suites Length: 22

                            Cipher Suites (11 suites)

                                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)

                                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

                                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

                                Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)

                                Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)

                                Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)

                                Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)

                                Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)

                                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

                                Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)

                                Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)

                            Compression Methods Length: 1

                            Compression Methods (1 method)

                                Compression Method: null (0)

                            Extensions Length: 5

                            Extension: renegotiation_info

                                Type: renegotiation_info (0xff01)

                                Length: 1

                                Renegotiation Info extension

                                    Renegotiation info extension length: 0

                 

                 

                ***************************** SERVER

                Secure Sockets Layer

                    TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)

                        Content Type: Alert (21)

                        Version: TLS 1.0 (0x0301)

                        Length: 2

                        Alert Message

                • 5. Re: Download Software Product List - Failing
                  tao

                  By default, McAfee Agent 5.x communicates using TLS 1.2 if the ePO server/Agent Handler supports TLS 1.2. If the server does not support TLS 1.2, McAfee Agent switches to TLS 1.1 and then to TLS 1.0.

                   

                  Perhaps confirm ports 8443 or 8444 are open - by default TLS 1.0 and/or TLS 1.1 for the ePO Application Server service (Tomcat) listens on port 8443 or 8444

                   

                  Policy Orchestrator Sustaining Statement (SSC1512011) - McAfee Agent and ePolicy Orchestrator support for TLS 1.2 Technical Articles ID:   KB86318 Last Modified:  6/13/2016

                  McAfee Corporate KB - ePolicy Orchestrator Sustaining Statement (SSC1512011) - McAfee Agent and ePolicy Orchestrator sup…

                  • 6. Re: Download Software Product List - Failing
                    kkamelot01

                    I have EPO 4.6.4 (build 202), Windows 2003 Server, I can access https://epo.mcafee.com by Firefox but not by IE8. It is mean that Firefox using TLS 1.2 and server responds with a "server hello", but IE8 using TLS 1.0 and server redponds "Handshake Failure". I'm almost sure that server epo.mcafee.com do not accept TLS 1.0 since 01.12.2016.

                    • 7. Re: Download Software Product List - Failing
                      tao

                      You may have a hard time downloading the HF's for ePO 4.6.X (EOL 12/15) - still worth reviewing the following:

                       

                      McAfee Security Bulletin – OpenSSL Heartbleed vulnerability patched in McAfee products Security Bulletins ID:   SB10071 Last Modified:  12/5/2016

                      McAfee Corporate KB - McAfee Security Bulletin – OpenSSL Heartbleed vulnerability patched in McAfee products SB10071

                      • 8. Re: Download Software Product List - Failing
                        sgrechtman

                        Maybe I'm not understanding the process correctly.  What does the agent version have anything to do with the issue that I stated?  We are using Agent 4.8 Patch 3.  I'm trying to successfully update the Software Product List in the Software Manager.  I don't think the agent has anything to do with this process.  It should be direct HTTPS web traffic between where ever the list is download from ( https://epo.mcafee.com/ProductCompatibilityList.xml ) and the ePO web console.  Is https://epo.mcafee.com no longer supporting connections from Server 2003 and/or ePO 4.x?

                        • 9. Re: Download Software Product List - Failing
                          tao

                          I wonder if it's as simple as this ... try editing the task (without changing anything) save and run.

                          1 2 3 Previous Next