7 Replies Latest reply on Dec 29, 2016 10:13 PM by ahawke

    ePO Agents stopped communication

    i.m.c960

      Hi all,

       

      My ePO Server has been working well all the time until recent when my co-worker discovered all clients communication stopped two weeks ago (only 8 out of 375 clients are still running though).

       

      We attempted to recover via rebooting both clients and server but to no avail. The only solution which my guys derived is reinstalling the agent again which can be very tedious as all clients are located at different places.

       

      I did some preliminary testing on my own and discovered when i run the netstat command in cmd, the working ones vs not working ones are showing different foreign address. So what i did was i amended the /etc/hosts file to locally point it to my ePO Server and to my anticipation, it worked!

       

      The underlying question still reminds, it has been working well for the past 16 months and all the sudden all clients decided to go on strike.

       

      FYI, my ePO Server is also hosting the SQL and we do not have any DNS server.

       

      Please help.

        • 1. Re: ePO Agents stopped communication
          Moe Hassan

          i.m.c960, Are these systems being manged by other tools? Or they are completely standalone systems in a workgroup? Is ePO able to wake up agents? For your case, I would recommend making this change first:

           

          ePO : server settings > agent contact method : 1) IP Address 2) Fully Qualified Domain Name 3) NetBIOS Name

           

          Now, in order to update hosts file on each system, you can use a script like this one: Modify HOSTS File Remotely–PowerShell Script

           

          There are some other utilities that might come handy: Hosts File Editor v.1.2.4

           

          Before changing hosts file on every single machine, I suggest doing some additional detective work. Run "nslookup x.x.x.x", then "nslookup yourEPOserver", also "nestat -o" and "nestat -an". You can do "ping -a x.x.x.x" from a problematic client. Make a note of those and then run "ipconfig /flushdns" and then "ipconfig /registerdns". Can you ping your ePO server by name and IP from the problematic system? These will give you more clues and may help you find an easier solution. Was there a recent network change? How about Windows patching?

          • 2. Re: ePO Agents stopped communication
            i.m.c960

            Hi Moe,

             

            Thank you for getting back to me on this matter.

             

            I tried to search around in my ePO server but wasnt able to find this agent contact method. I have two ePO servers at different location (both are isolated). The newer ePO 5.3 (which does not belong to me) has the "agent contact method" which you mentioned but I realized in the ePO which i am currently having difficulties with (5.1.0 Build 509) does not have such parameters under Sever Settings.

             

            In my network we do not have any DNS running so all that command wont work.

             

            agent server communication port 80

            agent server communication secure port 443

             

            Whenever i trigger a check policy or some sort on my client or trigger a wake up (wake up only work on certain clients) call from my epo, netstat on my client will open EPOSVR:https. In additional, i also try to do a telnet epo_ip 80 follow by get in cmd and i will receive 403 error. I came across an article saying that its normal for this but 1 thing i do notice is, all successfully communication begin with 443 first only after handshake then they proceed with 80. In my case, 443 didnt get through.

             

            This is very confusing, i am facing different scenarios with an underlying problem of communication failure to ePO

            • 3. Re: ePO Agents stopped communication
              ahawke

              Be careful configuring your agent contact method to:

              ePO : server settings > agent contact method : 1) IP Address 2) Fully Qualified Domain Name 3) NetBIOS Name

               

              Unless your entire environment is statically assigned, you are introducing risk of sending tasks to the wrong clients in a case where DHCP lease expires and ip of endpoint changes. 

               

              I'd use the default config:

              1)FQDN 2) IP 3) NetBios

               

              As for your issue, is the problem on Windows machines too or just linux/unix?

               

              When you say foreign add is different when you do a netstat, are you identifying the incorrect IP based on the connected port?

              For the non-working, is the IP being used for ePO communication constant across the board?

              Do you have a test/dev epo environment?

               

              Hopefully the answers to the last 2 questions are yes... if thats the case, id look into the possibility of someone transferring your systems to another ePO instance.

              • 4. Re: ePO Agents stopped communication
                i.m.c960

                Hi ahawke,

                 

                Mine is static network, but do you know where i can find that option in 5.1?

                 

                All clients are windows. When i test on my testing environment, no such issue at all. McAfee contacted me already on installing MER.exe, have to seek approval now....

                 

                 

                Hi all,

                 

                I just discovered something strange. I went to the WORKING agent and looked at its SiteList.xml and its showing the ip address of my ePO Server as opposed to the NOT WORKING agent which reflect [::1]:80 instead.

                 

                I thought there was something wrong with my installer so i installed a fresh client and checked its SiteList.xml is correct.

                 

                Any idea what would be the cause that changed the SiteList.xml?

                • 5. Re: ePO Agents stopped communication
                  ahawke

                  Are you using IPv6?

                  • 6. Re: ePO Agents stopped communication
                    i.m.c960

                    Hi ahawke,

                     

                    Nope, we dont.

                     

                    Also, any idea what would trigger the server to update its sitelist? My observation is this, something mustve triggered a change to occur within the ePO server to update its "Server IP" parameters, and as per all client polled, the initially <correct ip> has now been updated into the <[::1]:80> which caused the once smart agents to go berserk

                    • 7. Re: ePO Agents stopped communication
                      ahawke

                      Updating the sitelist from the ePO IPv4 address to the IPv6 loopback isn't something I have seen the ePO server trigger.

                      I wouldn't rule out the possibility of it being something other than the ePO server.

                       

                      That said...

                      On the ePO server, can you check the following key in the registry:

                      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

                       

                      To disable all IPv6, including loopback, the value should be : 0x01

                       

                      Let me know what yours is set to and we can go from there.

                       

                      What level of customer support do you have?