Solved

McAfee EPO 4.6, updates failed

Posted on 2014-03-22
1
3,622 Views
Last Modified: 2014-03-27
Dear All,

I'm new to McAfee EPO & have trouble as end-users machine auto update says "updated failed"

EPO version is 4.6
McAfee Agent 4.8
VSE 8.8 Patch 1 or Patch 4

We have some superagent servers, the machines in the particular location tries to contact superagent servers and it says "Valid repository not found" when I do a update. If i check the Mcscript logs, it says the catalog version is not upto-date. There are also other errors, that says connecting to a particular ip & it fails. However, on the auto-repository list if i i place a check mark other than repository server to connect to internet, it downloads successfully (after manually changing proxy on McAfee Agent itself). I do not understand few things as why does Superagent servers catalogs are not upto date. Is my understanding is right that superagent servers gets updates from central EPO server, which then passes to end-devices at respective location? Also as per the agent settings, it has to use internet explorer proxy, but why it didn't connect to internet unless i manually went &changed the proxy to match that in IE? Why it didn't take IE settings?

What is the other way of getting updates from super agent server? Is there a way to mention UNC path on superagent servers so if primary method fails, it can contact secondary?
0
Comment
Question by:basraj
1 Comment
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39950123
The guide will really help to understand the agent better, but also lengthy to go all round reading it. We have to understand some key objectives (pardon me for being "naggy")

- SuperAgent is guaranteed to only store content required by the agents assigned to it because it does not pull any content from the McAfee ePO server until requested from a client. While the SuperAgent is retrieving content from the Master Repository, client system requests for that content will be paused.

- Agents configured to use the SuperAgent as their repository will receive the content cached in the SuperAgent repository instead of directly from the McAfee ePO server. If the SuperAgent is reconfigured to use a new repository, the cache is updated to reflect the new repository.

- When a SuperAgent receives a request for content that might be outdated, the SuperAgent attempts to contact the McAfee ePO server and other sites listed in Sitelist.xml to see if new content is available. If the connection attempts time out, the SuperAgent will distribute content from its own repository instead. This is done to ensure the requester receives content even if that content might be outdated.

http://www.mcafee.com/us/resources/misc/guides/ms-mcafee-agent-product-guide.pdf

Coming back to the issue "Valid repository not found" which is the key one and I assume the Superagent has found the cache invalid and refreshing to the configured site server to get the update, some checks to further isolate

- SiteStat.xml is the first file the update process looks for. SiteStat.xml is used to validate that the repository is correct and updated. Proxy servers such as Microsoft ISA Server often require authentication. By default, VSE attempts to use Internet Explorer proxy settings. However, this is sometimes insufficient.

> Need to check IE proxy which I supposed you already done that. Use the most recent version of IE because certain IE dynamic link libraries are required for the update process. McAfee suggested IE8 above

> Need to check McAfee update side on Proxy settings in the Repository menu. There is need to have a valid account too.

If the xml file is not present or has a status of Disabled, the attempt to the next possible repository on the list proceeds. If we met with error and factor may be
a) likely it cannot connect or in the midst of replication e.g. status gets changed to Disabled to protect file integrity to ensure a matched set of files; or
b) file get corrupted or changed with non reachable new sites (that are not tested and verified in past); or
c) the site does not have latest catalog version e.g. ePO sent the CatalogVersion that is older compared to agent existing version
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now