Solved

ePolicy 4.5 - Autodetect new systems

Posted on 2010-11-10
33
6,289 Views
Last Modified: 2013-12-09
Hi

I'm looking to configure my installation of ePo 4.5 to automatically detect any new systems on our network, and then deploy the agent to these. What is the best way to do this? i've seen on a few forums that the Rogue System Detection is the way to go, but can't find any docs on how to configure it. I also have an AD sync running daily, so this might be another avenue to explore.

Any help would be greatly appreciated.
0
Comment
Question by:ITUCIRL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 14
  • 2
  • +1
33 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 34101095
i simply add the subnet to the collection - then it will detect the machiens as they come online
0
 

Author Comment

by:ITUCIRL
ID: 34101109
Thanks Pete

Would it be too much trouble to ask you to explain how i'd go about that?

I'm pretty much a novice with ePo!

Brian
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34101227
Brian,
Are you looking to simply add machines to your ePO installation when they are joined to the network, or are you looking to be alerted of any machines connecting to your network ?

What you will need to do at a base level would be to do this;

1.  Go to My Organisation and highlight your AD domain
2.  Click Group Details, then Synchronisation Type
3.  Configure the Sync settings as required
4.  Push Agents to new systems when they are discovered

Once you have set this up, set up a Client Task at the root of your AD Group to deploy the AV etc and set that to run immediately

What I also do is to run a query every day for machines that have not communicated back to ePO within 3 days and then use those results to deploy a new agent to them

let me know if you need anything else

Cheers
Si


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ITUCIRL
ID: 34102529
cool

I have that set up now. I'll add a new machine to the group tomorrow, and let you know how it goes.

Thanks!
0
 

Expert Comment

by:BusinessSolutions
ID: 34249688
Thank you for the above,I have done the above, managed to get EPO to discover the machine and I have the deloyment (McAfee Agent) Client task set to run immediately. Left it over night, the machine is on the network and switched on, but the agent isnt being pushed out to the client.

Any ideas?
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34249761
Probably because epo already knows about it

Is it a new machine ?
Ta
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34249854
Yes i've just added it to the domain and EPO has found it after I did an AD sync. But it's not pushing out the Mcafee client agent even though there is client task for the container to deloy the agent.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34249902
OK, let's start by checking whether the credentials in the Synch Task with Deploy new agents are configured with the correct credentials


Can you dump the server task output for me ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34250006
Here you go, doesnt really give you much info.
Server-Task-Log.csv
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34255952
OK, let's check some basics to rule them out...

Can you browse to the C$ share of the machine from the ePO server ?
Is the firewall turned on ?
Can you deploy an agent to the machine manually from ePO ?
Can you browse to http://machinename:8081 ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34256034
Ive managed to browse the C$ share of the machine i want to push the agent out to from the EPO server.

No firewall is turned on on the machine.

Yes if i manually deloy it deloys no problem.

From the EPO server i cannot browse to it via browser, but i can ping the hostname or ip address.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34256083
Autodeployment Screenshot Push Agent Screenshot
OK, I've attached 2 screenshots of how it should be configured, does yours match mine ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34256103
Yup, all matching.
0
 

Expert Comment

by:BusinessSolutions
ID: 34256436
when i manually try to wake up the agent i look in the report and it says failed, when drilling down to find out why on the extended task details it says 1, waking up agent TESTRC2 using NetBIOS, 2, Unknown error contacting agent. 3, Wakeup agent failed.

But ive installed wireshark on the client in question and when i click on the wakeup agent, wireshark is picking up packets from my "EPO server ip":8080 and the client is sending back ACK's to it. So guessing it's not a layer 2 or 3 problem? Might be wrong though.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34256596
Ahhhhh....

Have you created a Server Task to actually RUN the synchronisation ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34256662
Yeh in my Server tasks there is an AD sync,  see screenshot, or are you referring to some other sync?
server-tasks.JPG
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34257815
Nope, that's the one.....

If you drill down in to the AD Sync Task from the Server Task Log, can you post what it says under the task ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34258042
Here you go, the OU that the PC's im testing are in my organization\Test group
server-task-details.JPG
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34258090
OK, looks interesting....the sync is working fine, but the autodeployment is not....

Can we delete the test machine from AD, run the Server Sync Task and then join the machine to the domain under a different name ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34258736
Ok deleted machine from AD, removed client from domain, ran EPO server sync task. Renamed the client placed the client in the test OU within AD, ran the sync again and EPO is showing the new machine name TESTRC3.  (see screenshots)

But yet again autodeployment is not working. ive made sure that windows firewall is turned off and made sure the windows fireewall/Internet connection sharing (ICS) service is stopped.
server-audit-log.JPG
system-tree.JPG
0
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
ID: 34259140
OK, I've just re-read this post again for the nth time and found this

Thank you for the above,I have done the above, managed to get EPO to discover the machine and I have the deloyment (McAfee Agent) Client task set to run immediately. Left it over night, the machine is on the network and switched on, but the agent isnt being pushed out to the client.

This Client task needs to be VirusScan Enterprise deployment, not McAfee Agent (something I missed earlier)

Can you just check that there is no McAfee directory on the client under C:\Program Files ?

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34259262
Hi,

Im looking at the client task now and ive got (see screenshots) no VirusScan enterprise deployment
client-task.JPG
0
 

Expert Comment

by:BusinessSolutions
ID: 34259271
and here are my current client tasks under my test group.
client-tasks.JPG
0
 

Expert Comment

by:BusinessSolutions
ID: 34259277
sorry for the 3rd post, didnt mean to submit each time,

I have no mcafee directory within my C:\program files\
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34265027
OK, on the page after the Product Deployment (McAfee Agent), presumably you have the option to choose what software needs to be deployed....this is where I'd expect to see VirusScan Enterprise as an option.....

Go back in to the Server Task Log and in to the AD Sync task that added the new machine and click on the Subtasks button (next to where it says Log Messages) and drill down in to the next tasks and drag the logs out of all of the tasks that you see

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34265472
Yeh sorry i got McAfee agent for windows 4.0.0 Install, HIPS Install and VirusScan Enterprise 8.5.0 Install all are set to install under my client task.

Interesting ive drilled down and ive found this but im on the EPO server and i can browse to the client's C$ share. see screenshot, ive also attached screenshot of the failed to push agent to my client.
remote-network-path.JPG
failed-to-push-agent.JPG
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34265551
Interesting.....

This is normally a firewall issue but you can ping the client, and access the C$ Share....can you access the ADMIN$ share ?

Can you retype the credentials that you use to deploy the Agent in the Sync Task setting

What Client OS are we talking ?

Cheers
Si


0
 

Expert Comment

by:BusinessSolutions
ID: 34265579
yes to the admin$ share yes to the C$ share. Client is running win xp sp3.

Interesting, ive removed it from the domain, changed the name of the client to TESTRC5 and placed back on the domain and now it's deployed the agent? What would have changed for EPO to push out the client now?
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34265711
ePO might have already known about it's SID, or GUID of the machine.....

The way it's set  up should work for all new machines....

Remove the agent from it

Run NewSid on the machine

and give it a new name and  new SID and then join it to the domain again

Let me know what happens

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34265798
It seems like it will try to add it once and never try to add the agent to the client again after it's failed. Because when i readd it to the domain as a new name and SID it pushes it out just fine. I have set the client task to run immediately and have ticked it to run at every windows enforcement. but it only tries the once.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34265813
Yes, that's correct......the task will only run once when it's sync'd...

To combat this, I normally write a query to deploy a new agent to machines that haven't checked in to ePO ever and then deploy a new agent on the back of that query

Glad it's working normally though :-)

Cheers
Si
0
 

Expert Comment

by:BusinessSolutions
ID: 34266028
I have found the solution!!!!!!!

Basically when i place a machine on the domain it takes a few mins to flush the dns on the EPO server. I found that when it was trying to push out the agent to the client I couldnt ping the client name only the address so figured it was a dns issue, sure enough when i flushed the DNS on the EPO it ping'd the client name it resolved the IP. The reason i didnt figure this out before was because when i was pinging the client after EPO tried to push out the agent the dns had added this entry already.

So now ive scheduled a task on the EPO server to flush the DNS every 5 mins.

Thank you for all your help Legalsrl, you have been more than helpful!!!!!!!! You're a star!
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 34266040
No worries, well spotted.....glad it all works :-)

Cheers for the points
Ta
Si
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question