McAfee Agent not running correctly on individual cluster nodes

I'm having trouble with the EPO agent running correctly on clustered servers. Since EPO is not cluster aware I have to install the agent on each physical node. The agent deploys and receives commands from the EPO console but is not pulling down scheduled tasks or policies. I've notice that the system(s) aren't receiving an 'agentguid' registry entry and I see error messages in the log files referring to this but I'm having a hard time resolving the issue.

Wk3server EE / SP2

Any help is greatly appreciated!

ERROR LOG SNIPPET:
2009-05-22 11:46:54	E	#4792	Logging	addAgentInfoToLog GUID query error 2
2009-05-22 11:46:56	E	#5776	Logging	addAgentInfoToLog GUID query error 2
2009-05-22 11:46:56	e	#4148	FrmSvc	Failed to start Subsystem <Management>, result=-1
2009-05-22 11:46:56	e	#4148	Agent	Generating private key FAILED
2009-05-22 11:46:56	e	#4148	Agent	Failed to generate Agent Key pair
2009-05-22 11:48:27	E	#648	Logging	isAgentEnabled GUID query error 2
2009-05-22 11:48:27	E	#1108	SpiPkgr	Error trace:
2009-05-22 11:48:27	E	#1108	SpiPkgr	 [Parse SPIPE package of size 367]->
2009-05-22 11:48:27	E	#1108	SpiPkgr	  VerifySign error -2147483640
2009-05-22 11:48:27	E	#648	Logging	isAgentEnabled GUID query error 2
 
AGENT LOG SNIPPET:
2009-05-22 11:46:54	I	#4792	Logging	Create XML
2009-05-22 11:46:54	E	#4792	Logging	addAgentInfoToLog GUID query error 2
2009-05-22 11:46:54	I	#4792	FrmSvc	START cmdline="C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /Service
2009-05-22 11:46:54	I	#4792	FrmSvc	register service
2009-05-22 11:46:54	I	#4792	FrmSvc	Set COM launch permissions and service settings
2009-05-22 11:46:54	I	#4792	FrmSvc	 result = 0
2009-05-22 11:46:54	I	#4792	FrmSvc	END
2009-05-22 11:46:56	E	#5776	Logging	addAgentInfoToLog GUID query error 2
2009-05-22 11:46:56	I	#5776	FrmSvc	START cmdline="C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart
2009-05-22 11:46:56	I	#5776	FrmSvc	ServiceStart
2009-05-22 11:46:56	I	#5776	FrmSvc	Running
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Logging>
2009-05-22 11:46:56	x	#4148	Logging	Subsystem started
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <User Space Controller>
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Management>
2009-05-22 11:46:56	I	#5880	Manage	Mangement plugin watch worker thread started
2009-05-22 11:46:56	I	#4148	Manage	CManage::Start() InitializePolicies() -- failed result=-1(0xffffffff)
2009-05-22 11:46:56	I	#5880	Manage	WorkThread - WaitForMultipleObjects = WAIT_OBJECT_0
2009-05-22 11:46:56	I	#5880	Manage	Mangement plugin watch worker thread terminating
2009-05-22 11:46:56	I	#4148	Manage	call CManage::Deinitialize() -- because result=-1(0xffffffff)
2009-05-22 11:46:56	e	#4148	FrmSvc	Failed to start Subsystem <Management>, result=-1
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Updater>
2009-05-22 11:46:56	I	#4148	updsubs	Starting updater subsystem
2009-05-22 11:46:56	i	#4148	Updater	Subsystem started
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Scheduler>
2009-05-22 11:46:56	I	#4148	Sched	>>--CSchedule::Start
2009-05-22 11:46:56	I	#4148	Sched	Glbs.szMyPlatform: WXPS:5:2:2
2009-05-22 11:46:56	I	#4148	Sched	All the tasks are successfully loaded from the file
2009-05-22 11:46:56	i	#4148	Sched	Scheduler is now running
2009-05-22 11:46:56	I	#4148	Sched	<<--CSchedule::Start
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Agent>
2009-05-22 11:46:56	I	#4148	Agent	Subsystem starting...
2009-05-22 11:46:56	i	#4148	Agent	Generating Agent key pair...
2009-05-22 11:46:56	e	#4148	Agent	Generating private key FAILED
2009-05-22 11:46:56	e	#4148	Agent	Failed to generate Agent Key pair
2009-05-22 11:46:56	I	#1952	Agent	Agent communication thread started
2009-05-22 11:46:56	I	#4720	Agent	Agent event worker thread started
2009-05-22 11:46:56	I	#6092	Agent	Agent Immediate Events worker thread started
2009-05-22 11:46:56	i	#5864	Agent	Agent will connect to Server in randomized 10 minutes interval
2009-05-22 11:46:56	i	#5016	Agent	Next policy enforcement in 5 minutes
2009-05-22 11:46:56	I	#4148	Agent	Subsystem started
2009-05-22 11:46:56	I	#5864	Agent	Agent worker thread started
2009-05-22 11:46:56	i	#5864	Agent	Agent will connect to Server in : 5 minutes and 26 seconds
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Listen Server>
2009-05-22 11:46:56	I	#2516	LstnSvr	CAsyncSocket::StartListening (SOCK_STREAM) LISTENING... TRUE
2009-05-22 11:46:56	x	#4148	LstnSvr	Subsystem started
2009-05-22 11:46:56	I	#4148	FrmSvc	Starting Subsystem <Trusted Connection>
2009-05-22 11:46:56	I	#4148	TrstCon	Start
2009-05-22 11:46:56	I	#4148	FrmSvc	Service started
2009-05-22 11:47:07	i	#5016	Agent	Agent Started Enforcing policies
2009-05-22 11:47:07	I	#5016	Agent	Thread signal occurred
2009-05-22 11:47:07	I	#5016	Agent	Agent policy enforcement failed, result=-1602
2009-05-22 11:47:07	i	#5016	Agent	Agent finished Enforcing policies
2009-05-22 11:47:07	i	#5016	Agent	Next policy enforcement in 5 minutes
2009-05-22 11:47:28	I	#5920	FrmSvc	User SID is S-1-5-21-854245398-1004336348-725345543-89554 and SessionID is 1
2009-05-22 11:47:28	I	#5132	Logging	StartReadingMessages (\\.\mailslot\{76889C92-A0C0-46e3-A4E1-1D6A5439B8DD}00001554, 0x7f57, 4)
2009-05-22 11:47:28	I	#5132	Logging	- using empty 0
2009-05-22 11:48:27	I	#648	LstnSvr	CAsyncSocket::DoAccept for event: FD_ACCEPT
2009-05-22 11:48:27	E	#648	Logging	isAgentEnabled GUID query error 2
2009-05-22 11:48:27	E	#1108	SpiPkgr	Error trace:
2009-05-22 11:48:27	E	#1108	SpiPkgr	 [Parse SPIPE package of size 367]->
2009-05-22 11:48:27	E	#1108	SpiPkgr	  VerifySign error -2147483640
2009-05-22 11:48:27	I	#1108	LstnSvr	Unable to read from the package buffer, GetlastError: 2
2009-05-22 11:48:27	I	#1108	LstnSvr	Bytes received from wakeup call : 367
2009-05-22 11:48:27	I	#648	LstnSvr	CAsyncSocket::DoAccept for event: FD_ACCEPT
2009-05-22 11:48:27	E	#648	Logging	isAgentEnabled GUID query error 2
2009-05-22 11:48:28	E	#4572	SpiPkgr	Error trace:
2009-05-22 11:48:28	E	#4572	SpiPkgr	 [Parse SPIPE package of size 367]->
2009-05-22 11:48:28	E	#4572	SpiPkgr	  VerifySign error -2147483640
2009-05-22 11:48:28	I	#4572	LstnSvr	Unable to read from the package buffer, GetlastError: 2
2009-05-22 11:48:28	I	#4572	LstnSvr	Bytes received from wakeup call : 367

Open in new window

CG_HDAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

legalsrlCommented:
Hiya

A 1602 is an Access Denied error.....can you try redeploying the agent with other credentials ?

Cheers
Si
0
CG_HDAuthor Commented:
I'll give that a shot and let you know how it works out.

Thanks!
0
CG_HDAuthor Commented:
I tried redeploying the agent with anthoer admin account and we still have the same problem.
0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

legalsrlCommented:
OK, sorry for the delay, I was on holiday this week....

Let's do a complete removal of the CMA and then try reinstalling it through the ePO console

To resolve this issue, do the following on the affected system(s):
 
Step 1 - Remove CMA 3.6.0

   1.
      Click Start, Run, type: regedit, then click OK.
   2.
      Locate the following registry key:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework]

   3.
      Record the data from the following entries under that key:
          *
            Installed Path
          *
            Data Path

   4.
      Click Start, Run. and type in the following to remove the CMA agent:

      c:\Program Files\Network Associates\Common Framework\FrmInst.exe /forceuninstall

Step 2 - Remove EPOPGPSDK.dll from C:\Windows\System32

   1.
      Navigate to: c:\Windows\System32
   2.
      Right-click on EPOPGPSDK.dll and select Delete.

 
Step 3 - Reboot the server and verify that CMA has been completely removed

   1.
      Reboot the server.
   2.
      Click Start, Run, type: regedit then click OK.
   3.
      In the registry, confirm the following key has been deleted:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework]

   4.
      Confirm that the directories recorded earlier for the following entries have been deleted:
          *
            Installed Path
          *
            Data Path

   5.
      Confirm that EPOPGPSDK.dll has been removed from c:\Windows\System32.

 
Step 4 - Re-install CMA 3.6.0

   1.
      On the ePO server, navigate to:

      c:\Program Files\McAfee\ePO\3.6.x\DB\Software\CURRENT\EPOAGENT3000\INSTALL\0409
   2.
      Copy FramePkg.exe to the affected system(s).
   3.
      Double-click FramePkg.exe.

 
Step 5 - Verify the CMA subsystems restart successfully

   1.
      On the affected system(s), navigate to:

      c:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db

   2.
      Double-click Agent_<computername>.log.
   3.
      Verify the subsystems started successfully.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CG_HDAuthor Commented:
Since this is a front end server and I cannot try the above without official approval (ridged enviroment) I'll need to play this one by the book and contact McAfee. Once the issue has been resolved I'll post my finding here and award points...

more to come.
0
legalsrlCommented:
No probs....completely appreciate the Change Control
Cheers
Si
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.