Link to home
Create AccountLog in
Avatar of ITUCIRL

asked on

ePolicy 4.5 - Autodetect new systems


I'm looking to configure my installation of ePo 4.5 to automatically detect any new systems on our network, and then deploy the agent to these. What is the best way to do this? i've seen on a few forums that the Rogue System Detection is the way to go, but can't find any docs on how to configure it. I also have an AD sync running daily, so this might be another avenue to explore.

Any help would be greatly appreciated.
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

i simply add the subnet to the collection - then it will detect the machiens as they come online
Avatar of ITUCIRL


Thanks Pete

Would it be too much trouble to ask you to explain how i'd go about that?

I'm pretty much a novice with ePo!

Are you looking to simply add machines to your ePO installation when they are joined to the network, or are you looking to be alerted of any machines connecting to your network ?

What you will need to do at a base level would be to do this;

1.  Go to My Organisation and highlight your AD domain
2.  Click Group Details, then Synchronisation Type
3.  Configure the Sync settings as required
4.  Push Agents to new systems when they are discovered

Once you have set this up, set up a Client Task at the root of your AD Group to deploy the AV etc and set that to run immediately

What I also do is to run a query every day for machines that have not communicated back to ePO within 3 days and then use those results to deploy a new agent to them

let me know if you need anything else


Avatar of ITUCIRL



I have that set up now. I'll add a new machine to the group tomorrow, and let you know how it goes.

Thank you for the above,I have done the above, managed to get EPO to discover the machine and I have the deloyment (McAfee Agent) Client task set to run immediately. Left it over night, the machine is on the network and switched on, but the agent isnt being pushed out to the client.

Any ideas?
Probably because epo already knows about it

Is it a new machine ?
Yes i've just added it to the domain and EPO has found it after I did an AD sync. But it's not pushing out the Mcafee client agent even though there is client task for the container to deloy the agent.
OK, let's start by checking whether the credentials in the Synch Task with Deploy new agents are configured with the correct credentials

Can you dump the server task output for me ?

Here you go, doesnt really give you much info.
OK, let's check some basics to rule them out...

Can you browse to the C$ share of the machine from the ePO server ?
Is the firewall turned on ?
Can you deploy an agent to the machine manually from ePO ?
Can you browse to http://machinename:8081 ?

Ive managed to browse the C$ share of the machine i want to push the agent out to from the EPO server.

No firewall is turned on on the machine.

Yes if i manually deloy it deloys no problem.

From the EPO server i cannot browse to it via browser, but i can ping the hostname or ip address.
User generated image User generated image
OK, I've attached 2 screenshots of how it should be configured, does yours match mine ?

Yup, all matching.
when i manually try to wake up the agent i look in the report and it says failed, when drilling down to find out why on the extended task details it says 1, waking up agent TESTRC2 using NetBIOS, 2, Unknown error contacting agent. 3, Wakeup agent failed.

But ive installed wireshark on the client in question and when i click on the wakeup agent, wireshark is picking up packets from my "EPO server ip":8080 and the client is sending back ACK's to it. So guessing it's not a layer 2 or 3 problem? Might be wrong though.

Have you created a Server Task to actually RUN the synchronisation ?

Yeh in my Server tasks there is an AD sync,  see screenshot, or are you referring to some other sync?
Nope, that's the one.....

If you drill down in to the AD Sync Task from the Server Task Log, can you post what it says under the task ?

Here you go, the OU that the PC's im testing are in my organization\Test group
OK, looks interesting....the sync is working fine, but the autodeployment is not....

Can we delete the test machine from AD, run the Server Sync Task and then join the machine to the domain under a different name ?

Ok deleted machine from AD, removed client from domain, ran EPO server sync task. Renamed the client placed the client in the test OU within AD, ran the sync again and EPO is showing the new machine name TESTRC3.  (see screenshots)

But yet again autodeployment is not working. ive made sure that windows firewall is turned off and made sure the windows fireewall/Internet connection sharing (ICS) service is stopped.
Avatar of Simon Earl
Simon Earl
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account

Im looking at the client task now and ive got (see screenshots) no VirusScan enterprise deployment
and here are my current client tasks under my test group.
sorry for the 3rd post, didnt mean to submit each time,

I have no mcafee directory within my C:\program files\
OK, on the page after the Product Deployment (McAfee Agent), presumably you have the option to choose what software needs to be deployed....this is where I'd expect to see VirusScan Enterprise as an option.....

Go back in to the Server Task Log and in to the AD Sync task that added the new machine and click on the Subtasks button (next to where it says Log Messages) and drill down in to the next tasks and drag the logs out of all of the tasks that you see

Yeh sorry i got McAfee agent for windows 4.0.0 Install, HIPS Install and VirusScan Enterprise 8.5.0 Install all are set to install under my client task.

Interesting ive drilled down and ive found this but im on the EPO server and i can browse to the client's C$ share. see screenshot, ive also attached screenshot of the failed to push agent to my client.

This is normally a firewall issue but you can ping the client, and access the C$ Share....can you access the ADMIN$ share ?

Can you retype the credentials that you use to deploy the Agent in the Sync Task setting

What Client OS are we talking ?


yes to the admin$ share yes to the C$ share. Client is running win xp sp3.

Interesting, ive removed it from the domain, changed the name of the client to TESTRC5 and placed back on the domain and now it's deployed the agent? What would have changed for EPO to push out the client now?
ePO might have already known about it's SID, or GUID of the machine.....

The way it's set  up should work for all new machines....

Remove the agent from it

Run NewSid on the machine

and give it a new name and  new SID and then join it to the domain again

Let me know what happens

It seems like it will try to add it once and never try to add the agent to the client again after it's failed. Because when i readd it to the domain as a new name and SID it pushes it out just fine. I have set the client task to run immediately and have ticked it to run at every windows enforcement. but it only tries the once.
Yes, that's correct......the task will only run once when it's sync'd...

To combat this, I normally write a query to deploy a new agent to machines that haven't checked in to ePO ever and then deploy a new agent on the back of that query

Glad it's working normally though :-)

I have found the solution!!!!!!!

Basically when i place a machine on the domain it takes a few mins to flush the dns on the EPO server. I found that when it was trying to push out the agent to the client I couldnt ping the client name only the address so figured it was a dns issue, sure enough when i flushed the DNS on the EPO it ping'd the client name it resolved the IP. The reason i didnt figure this out before was because when i was pinging the client after EPO tried to push out the agent the dns had added this entry already.

So now ive scheduled a task on the EPO server to flush the DNS every 5 mins.

Thank you for all your help Legalsrl, you have been more than helpful!!!!!!!! You're a star!
No worries, well spotted.....glad it all works :-)

Cheers for the points