1 2 Previous Next 10 Replies Latest reply on May 29, 2009 2:13 PM by David.G

    Remote log: 403 error

      you are not authorized to view this page - Forbidden: 403
      when i choose: "Show agent log" on the EPO server.

      In the logs on the client it states something like: External log access denied through policy

      As i am sure (checked, double checked etc.) that the policy allows remote log access, im pretty stumped now.
      Agent isn't reporting properties to EPO, agent is latest version (4.0.1345) and because of the problem stated here i think it isn't getting it's policies from the EPO server.

      I already uninstalled and reinstalled the agent (in every way i know of: forced, silent etc.)
      But i can't seem to get the agent to report in, or view logs. Wake-up calls are recieved as seen in the logs, but there it ends.

      Agent has a unique GUID.

      Anyone have any suggestions on how to change the policy the agent uses? (except from the EPO-policy, that doesn't work)

      Hope anyone has seen this before, and can help me on the other 50% of my clients (50% is working as expected)
      Kind regards

      J.J. Retera
        • 1. HTTP Error 403 - Forbidden
          You are not authorized to view this page

          I am having the same problem. Have you found a solution to this problem?

          I also noticed that I am not able to deploy the agent either.

          :mad:
          • 2. RE: 403 error
            Found it...

            So in the policy catalog, under Product McAfee Agent > General > My Default

            Edit...

            Logging tab

            tick the Enable remote access to log.

            :cool:
            • 3. Wish it was that simple ;)
              That policy is configured already, and it is allowed to access the log remotely.

              One of the affected machines had a duplicate GUID, and after we removed the GUID-registry value (AND the MacAddress value) the machine started to communicate after a few days, and i can access the logs remotely.

              Another possibility i encountered is under reporting->queries there's a standard querie that searches the DB for duplicate systems, anyone encountering this problem could try that one, cuz duplicate entries cause a lot of troubles too...

              The problems with the other machines that are affected bij this problem weren't solved by this action, but i'm going to reinstall those, and hope for the best.

              I'm trying to close my case with McAfee about this problem, as i'm not really willing to keep on searching for the problem itself, and thus i hope reinstalling the affected systems will solve all my problems grin
              • 4. RE: Remote log: 403 error
                dominikk



                I received this error when windows firewall is on and there are no rules for port 8081 on client pcs (i use this port in my case).
                • 5. Still having that 403 problem
                  David.G
                  I'm encountering this issue of access denied on 3 servers now (Srv2003 SP2). They don't run any kind of firewall, access is not even possible locally and reinstalling doesn't change anything at all, event after a full scrub of any previous McAfee trace.

                  In addition, these systems with this problem also fail to perform the engine and dat update after a fresh installation and patching.

                  If any one has another solution/suggestion, it would be welcome.

                  Thanks.
                  • 6. my suggestion :)
                    Try going to the webpage on port 8082 instead of 8081.
                    Its possible that 8081 is used for something else.

                    And confirm the agents have a unique GUID (no cloned machines etc.).
                    Removing the proper reg-keys for this one, and rebooting will generate a new GUID.


                    If this doesn't help, i would try to uninstall the agent, and reinstall...


                    Good luck!
                    • 7. RE: my suggestion :)
                      There is a differance between getting a 403 and a firewall problem. If the firewall is dropping your connection you won't even get a 403.

                      Be aware that reinstalling the agent when the GUID is duplicate solves nothing. You have to delete the AgentGUID key from registry to get it working again. I have lots of duplicated GUID because of system reinstalls and images used by the tech suport of certain deparments.

                      To determine the real cause you should check your agent log in <users dir>\All Users\Application Data\McAfee\Framework\DB\<hostname.log>

                      The actual path depends on where it is Vista or XP and whether you upgraded from a 3.6 install or not. The above is just to give you an idea where to look.
                      • 8. Logs are full of errors but none that lead to an explanation
                        David.G
                        It's all cryptic. I've looked at the agent logs and here's a sample of it content:

                        Agent Subsystem 5/22/2009 9:57:18 AM Info Next policy enforcement in 5 minutes
                        Agent Subsystem 5/22/2009 9:57:18 AM Info Agent finished Enforcing policies
                        Management 5/22/2009 9:57:18 AM Info Enforcing Policies for McAfee Agent
                        Management 5/22/2009 9:57:18 AM Info Enforcing Policies for EPOAGENT3000
                        Management 5/22/2009 9:57:18 AM Info Enforcing Policies for EPOAGENT3000META
                        Management 5/22/2009 9:57:18 AM Info Enforcing Policies for VIRUSCAN8600
                        Agent Subsystem 5/22/2009 9:57:18 AM Info Agent Started Enforcing policies
                        Agent Monitor 5/22/2009 9:57:18 AM Detail Enforcing policies
                        Agent Subsystem 5/22/2009 9:57:07 AM Error Structured Exception caught: Function CAgentWork::PerformASCI(), exception code 0xc0000096, address 0x7c365550
                        Agent Subsystem 5/22/2009 9:57:07 AM Info Agent started performing ASCI
                        Agent Monitor 5/22/2009 9:57:07 AM Detail Collecting Properties
                        Agent Monitor 5/22/2009 9:57:02 AM Detail Sending Events...
                        Agent Subsystem 5/22/2009 9:56:54 AM Info Agent started performing ASCI
                        Agent Subsystem 5/22/2009 9:52:44 AM Info Next policy enforcement in 5 minutes
                        Agent Subsystem 5/22/2009 9:52:44 AM Info Agent finished Enforcing policies
                        Management 5/22/2009 9:52:44 AM Info Enforcing Policies for McAfee Agent
                        Management 5/22/2009 9:52:44 AM Info Enforcing Policies for EPOAGENT3000
                        Management 5/22/2009 9:52:44 AM Info Enforcing Policies for EPOAGENT3000META
                        Management 5/22/2009 9:52:44 AM Info Enforcing Policies for VIRUSCAN8600
                        Agent Subsystem 5/22/2009 9:52:44 AM Info Agent Started Enforcing policies
                        Agent Subsystem 5/22/2009 9:52:03 AM Error Structured Exception caught: Function CAgentWork::PerformASCI(), exception code 0xc0000096, address 0x7c365550
                        Agent Subsystem 5/22/2009 9:52:02 AM Info Agent started performing ASCI
                        Agent Monitor 5/22/2009 9:52:02 AM Detail Collecting Properties
                        Agent Monitor 5/22/2009 9:51:59 AM Info Agent service is running


                        Any time an agent-to-server communication it attempted, an error is recorded. Also, the DAT/Engine won't update. No details in that update log. It just says update failed on the console and no errors in the log.

                        I've scratched all traces of McAfee on each of those systems affected and the result remains the same after a full reinstall. I used the McAfee batch job for the manual clean to get all of it out. This usually fixes all issues, but not this one. And these internal servers aren't running any firewall at all.

                        I also tried a different port, but no luck either. Not sure where to go from here...

                        Thanks for any help.
                        • 9. RE: Logs are full of errors but none that lead to an explanation



                          Did you erase the registry keys as well? As stated above, a reinstall doesn't change the GUID.
                          1 2 Previous Next