Reference
KB65897 - ePO 4.5 - Master list of release support articles
- https://kc.mcafee.com/corporate/index?page=content&id=KB65897
KB66616 - ePO 4.5 and 4.6 server backup and disaster recovery procedure
KB66620 -

Change servername

KB66620 need new certificate
KB66616 Move server to new hardware
KB53284 start sql browser



Error Disable AcceptEx

In event viewver
The Apache service named reported the following error:
[notice] Disabled use of AcceptEx() WinSock2 API
In https://kc.mcafee.com/corporate/index?page=content&id=KB51321 a kb for epo 4.0 says
During normal operations you may receive an Apache error (ID 3299) noting the disabled use of AcceptEx. This is not an actual error, and should be regarded as informational.


epo4.5p3grow logfiles

On epo 4.5 grow files patch SSL_REQUEST_LOG and access_log in
c:\program files\Mcafee\ePolicy Orchestrator\Apache2\logs
all the time and can get gigabyte sizes after a time more info at kb68796
shoudl be fixed in epo45 patch4


Parser error on epo45p3

All event uploaded to epo server get this kind of error
EVNTPRSR server_ProcessXMLFile: Failed to create parser extension for <TaskStatusEvent>, hr=0x80040154
EVNTPRSR server_ProcessXMLFile: Failed to create parser extension for <UpdateEvents>, hr=0x80040154
EVNTPRSR server_ProcessXMLFile: Failed to create parser extension for <VirusDetectionEvent>, hr=0x80040154
No event get parse error on epo 4.5 p3 Build 937

extensions on both a work installtion and a none working installtion, they have same versions.
VS report is 1.1.0.149
Common event is 4.5.3.937

backup of all files and SQL
Remove extension virusreport and restarted epo services
install extension virusreport and restarted epo services

then it begins to work, log after reinstalling virusreports

#4140 EVNTPRSR PerfMon reporting thread started
#4208 EVNTPRSR Initializing Server...
#4208 EVNTPRSR EventParser Started.
#3652 PLUGNMGR Downloading: C:\MCAFEE\EPOLIC~1\DB\PLUGIN\VIRUSCANREPORTS\VSCORBLL.994008.DLL
#3652 PLUGNMGR Registering: C:\MCAFEE\EPOLIC~1\DB\PLUGIN\VIRUSCANREPORTS\VSCORBLL.994008.DLL
#3652 NAISIGN Loading fips module, current folder: D:\McAfee\EPOLIC~1
#3652 NAISIGN Checking for fips module in D:\McAfee\EPOLIC~1
#3652 NAISIGN Found fips module: D:\McAfee\EPOLIC~1\cryptocme2.dll
#3652 NAISIGN FIPS library initialized successfully
#3652 EVNTPRSR Process D:\McAfee\EPOLIC~1\DB\Events\z0009494d825-d2d9-43d2-81a9-563469a0fb98-2010100422270955700000758.txml succeeded (IEPOBllExt)

The row about Downloading and registering any seems only be when reinstall.


Change Agent-to-Server port

How to change the ePO 4.5 Agent-to-Server communication "secure" port
https://kc.mcafee.com/corporate/index?page=content&id=KB66929
Many step and even to change in uninstall reg values
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\{474A7C22-C823-401B-A52C-26D876957E5E}]


Client task status

In system tree - Client task - Button action - choose columns
Add columns Status, then you can if task is enable or nor not


error

On moving epo 4.5 build 937 to another db.
Get error when clicking on system tree -> client task
Must declare the scalar variable "@taskID"
and client could not connect to server
SQl had collation SQL_latin1_general_CS_AS-RS-WS
Reinstall sql with right collations SQL_Latin1_General_Cp1_CI_AS solve problem



error

on clean computer with PA install and first line is occuring in other epo45 installtions,
no cloud why nothing on google about.
in server.log since the time of epo 3.x
most
20100308104333 I #4064 MCUPLOAD Successfully disabled CA trust options.

on epo 4.5 I get sometimes
20100524000807 E #1912 MCUPLOAD Failed to process the secure communication request. Error=401

on epo 4.5 I get sometimes
20100524000807 E #1912 NAIMSRV Recieved an error from the server. Error=401.


System Beep at login

in vmware there is a big beep at login sound like a system beep
indepeending of volym in real computer but if real computer turn of sound it is off
disabling audio in vmware dont help
disabling in vmwaree maching explore sound config
https://kc.mcafee.com/corporate/index?page=content&id=KB67573 dont help
G mcafee epo system beeps at login not given any good help



Add an ldap connection


Server name: srvx
port 389 (user kurs\administrator) - Successfully connected to the LDAP server (THIS ONE WORK with synk groups)


domain name: kurs.local (ad name)
port 389 user kurs\administrator - Successfully connected to the LDAP server (This will NOT work when synk groups)

domain name: srvx.kurs.local
port 389 user kurs\administrator - Unable to retrieve list of domain controllers for domain: srvx.kurs.local
(netbios name\ user name)



menu - - registred servers
Domain name: kurs.local - unable to connect to any doamin
Domain name: kurs - Unable to rettrieve list of domain controller for kurs




Server name: srvx
Wrong port 446 number - Test connection - Unable to communicate with the LDAP server
Wrong port 445 (user nobody) (it takes times) - Unable to retrieve the requested inforation from the LDAP server.
Wrong port 445 (user administrator) it takes times) - Unable to retrieve the requested inforation from the LDAP server.
Wrong port 445 (user kurs\administrator)it takes times) - Unable to retrieve the requested inforation from the LDAP server.
Wrong port 445 (user kurs.local\administrator) it takes times) - Unable to retrieve the requested inforation from the LDAP server.


port 389 (user nobody) - Unable to authenticate with he LDAP server
port 389 (user administrator) - Unable to authenticate with he LDAP server
port 389 (user kurs.local\administrator) - Unable to authenticate with he LDAP server






Add an AD-server adn DNS to epo server

http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
This is not best practis
after that login in screen didnt show and in server log I get this error

This i the normal start up log
20100520142559 I #1988 NAIMSRV ePolicy Orchestrator server stopped.
20100520170759 I #2972 NAISIGN Loading fips module, current folder: C:\EPO\Apache2
20100520170759 I #2972 NAISIGN Checking for fips module in C:\EPO
20100520170759 I #2972 NAISIGN Found fips module: C:\EPO\cryptocme2.dll
20100520170759 I #2972 NAISIGN FIPS library initialized successfully
20100520170759 I #2972 RULEENG Starting EPO RuleEngine <-( this means no problem connecting to db)

Here is one with error
20100520133001 I #0496 NAISIGN FIPS library initialized successfully
20100520133032 E #0496 DAL COM Error :80004005 in DAL2_CConnection::GetConnection
20100520133032 E #0496 DAL Meaning = Unspecified error
20100520133032 E #0496 DAL Source = Microsoft OLE DB Provider for SQL Server
20100520133032 E #0496 DAL Description = [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

found KB with same error
https://kc.mcafee.com/corporate/index?page=content&id=KB51620

Checking Databse connection in file
\Server\conf\orion\db.properties showing port 1040
run txp view showing that DNS is using port 1040 now
adn sql server had now 1043 and 1434

logging in with old password with SQL studio -> it worked
checking sql manager and it it had dynamic it port 1043

change in db.properties and restarded services and it worked

Unable to log on to the ePO 4.x console (Troubleshooting - Master Article)
https://kc.mcafee.com/corporate/index?page=content&id=KB51670


http://community.mcafee.com/thread/20652 ( i tried this and i didnt work for me )
You can edit the file "C:\Program Files\McAfee\ePolicy Orchestrator\Server\conf\orion\db.properties"
You can set the values manually:
db.database.name= <- DB mane
...
db.instance.name= <- SQL Server instance name
db.user.passwd= <- Remove ".encrypted" and you can put the password in in cleartext. You can the use core/config to re-enter the info.
db.user.domain= <- for NT authentication
db.user.name= <- Username
...
db.server.name= <- SQL server name

















If upgrader from epo 4.0 use same databse name epo4_servwername
dbo.EPOBranchNode systemtree
dbo.EPOLeafNode info about a system
dbo.EPOEvents events

Double networkcard

Agents fail to connect to ePO servers with two IP addresses
https://kc.mcafee.com/corporate/index?page=content&id=KB56281
how to change ip-nummer




Error when trying to uninstall vs8700 extension 8.0.0. p3

maybee depen on db connection is drop try to config db again

in a https://kc.mcafee.com/corporate/index?page=content&id=KB52600 froepo4
couldit depending lost connection to SQL.

DataChannel - Dependency scheduler had initialization error
LYNXSHLD1510 - Dependency EPOCore had initialization error
AvertAlerts - Dependency scheduler had initialization error
LYNXSHLDPARSER - Dependency core had initialization error
GSD7REPORTS - Dependency core had initialization error
VSEMAS850000 - Dependency VIRUSCAN8600 had initialization error
issue - Dependency rs had initialization error
VIRUSCANREPORTS - Dependency CommonEvents had initialization error
rsd - Dependency Notifications had initialization error
GSE7REPORTS - Dependency GROUPSHD7000 had initialization error
Notifications - Dependency response had initialization error
VSCANMAC8610 - Dependency ComputerMgmt had initialization error
VIREXREPORTS - Dependency core had initialization error
remote - Dependency core had initialization error
SITEADV_1500 - Dependency EPOCore had initialization error
epolicensing - Dependency console had initialization error
epoMigration - Dependency AgentMgmt had initialization error
Countermeasures - Dependency ComputerMgmt had initialization error
EPOCore - Dependency ldap had initialization error
SITEADVMETA - Dependency ComputerMgmt had initialization error
response - Dependency scheduler had initialization error
help - Dependency core had initialization error
SMDWIN__7000 - Dependency ComputerMgmt had initialization error
aramid - Dependency CommonEvents had initialization error
AgentMgmt - Dependency RepositoryMgmt had initialization error
GROUPSHD7000 - Dependency ComputerMgmt had initialization error
InstallHelper - Dependency core had initialization error
EPOAGENTMETA - Dependency ComputerMgmt had initialization error
scheduler - Dependency console had initialization error
ComputerMgmt - Dependency ldap had initialization error
PolicyMgmt - Dependency ComputerMgmt had initialization error
console - Dependency core had initialization error
ldap - Dependency rs had initialization error
VIRUSCAN8600 - Dependency EPOCore had initialization error
rs - Dependency console had initialization error
RepositoryMgmt - Dependency ComputerMgmt had initialization error
core - Error creating bean with name 'core.ext.taskGlobals' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: The following extensions are in a partially installed state: [VSEMAS870000:8.7.0.106]
CommonEvents - Dependency ComputerMgmt had initialization error





Agent handler

https://kc.mcafee.com/corporate/index?page=content&id=KB65897 - Master list epo 4.5


with epo 4.5 p1 try to use user assing policy in step 3 Assign Policies get this error messeges
when clicking on ADD
"No products, categories or policies found!
Answered on http://community.mcafee.com/thread/11022 forum piont at KB66810 and
Cause
You see this message if there aren't any products available which support Policy Assignment Rules. When ePO 4.5 shipped, no such products were available.
SiteAdvisor 3.0 will be the first product to use this options.

epo4 p6
Issue: When the SQL Server “Nested Triggers” option is disabled, policy assignment timestamps are not updated. This causes ePolicy Orchestrator to fail to deliver full policies to client systems. (Reference: 406765)
Workaround: Verify that the “Nested Triggers” SQL Server option is enabled for the ePolicy Orchestrator database. For more information, see KB article KB52512.

Nested trigger

if not Problem
Changes made to an existing policy do not take affect on the client computer. Policy changes will be applied on the client computer if the policy is duplicated or a new policy is created. No policy enforcement errors displayed in the Agent_<computername>.log file or other default log files.

Cut from https://kc.mcafee.com/corporate/index?page=content&id=KB52512
Microsoft SQL 2000:
1.Open Microsoft SQL 2000 Enterprise Manager.
2.Right-click on the server name and click Properties.
3.Click the Server Settings tab and select Allow triggers to be fired which fire other triggers (nested triggers) under Server behavior.
4.Click OK.
Microsoft SQL 2005:
1.Open Microsoft SQL 2005 Management Studio.
2.Right-click on the server name and click Properties.
3.Click the Advanced entry and select Allow Triggers to Fire Others to True from the drop-down list.
4.Click OK.





Collations

how to change
http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=36707

SQL server Nested Trigger option must be enabled

Database collation U.S English Default: SQL_Latin1_General_Cp1_CI_AS

DO NOT use Swedish_finnish_CI_AS

http://www.sqlnewsgroups.net/group/microsoft.public.sqlserver.server/topic21181.aspx
select * from fn_helpcollations()
where name like '%SQL_Latin1_General_CP1_CI_AS%'
or name = 'Latin1_General_CI_AS'
or name like '%cp1%'


Latin1_General_CI_AS :- Latin1-General, case-insensitive, accent-
sensitive, kanatype-insensitive, width-insensitive

SQL_Latin1_General_CP1_CI_AS:- Latin1-General, case-insensitive,
accent-sensitive, kanatype-insensitive, width-insensitive for Unicode
Data, SQL Server Sort Order 52 on Code Page 1252 for non-Unicode Data

you can get more idea from fn_helpcollations.

http://connect.microsoft.com/SQLServer/feedback/details/415171/finnish-swedish-collation-does-not-handle-sorting-correctly
How swedish finland collations is sorted

To find insatlltions logs
use %temp% %temp%\McAfeeLogs\



Uppgrade from 3.6 to 4.5



Turn of 8.5 access protection on server

https://kc.mcafee.com/corporate/index?page=content&id=KB66616

http://community.mcafee.com/message/53859#53859


KB about upgrade SQL 2000,2005 to SQL 2008
http://msdn.microsoft.com/en-us/library/ms189625.aspx

http://msdn.microsoft.com/en-us/library/ms144256.aspx - upgarde advisor program



Installations Logs is in
is in %temp%\McafeeLogs could be
C:\documents adn settings\Administrator\local Settings\temp\McafeeLogs

In epo 45 patch1 many fields are marked as (Deprecated)
Deprecation
In computer software or authoring programs standards and documentation, the term deprecation is applied to software features that are superseded and should be avoided.


New fields
Last Sequence Error (date time)
Sequence Error (nmbers)

Do not install epo agent

Some active files
tomcat5.exe
Apache.exe (2instans on empty system)
EventParser.exe

Instalations error

MNAC 3.0 is not compatible with this version of ePolicy Orchestrator. Please upgrade to MNAC 3.1 or later
Need to uppgrade product mcafee network access controll

If file CRYPTOCME2.DLL is in PATH installations failed.

EPO45 reports for Managed system
Last Communication, Group Name, System name
IP Adress, user Name,Description, Tags, OS Type

Agent version
VS: Product version(VS), Engine ver(VS), Dat ver(VS),
HIP: Product ver(HIP), Hotfix/patch(HIP);contens ver(HIP)
OS OS version, Is 64bit, OS service pack,
Install Products ( if with screen)
Filter on Last Communication one month

EPO45 reports for Threat Events
Event Generated Time (UTC)
Threat Target Host Name, IPv4 Address, User Name
Event ID, Event Description, Threat Name,
Threat Source Process Name,
Threat Target File Path
Action Taken,
Analyser Detection Method (OAS or which job did find it)
(Not so common) Threat Source Host Name IP4 adress
Filter på Event recive time (EVT)



sitelist


Double networkcard

Agents fail to connect to ePO servers with two IP addresses
https://kc.mcafee.com/corporate/index?page=content&id=KB56281
how to change ip-nummer



exemple on a sitelist.xml after upgrade from epo 4.0

creatse when epo starts

<ns:SiteLists xmlns:ns="naSiteList" GlobalVersion="LoOnyiMRX4VB0vfEuJHlJ1rn974=" LocalVersion="20100506090008" Type="Client">
<SiteList Default="1" Name="Default">

<HttpSite Name="McAfeeHttp" ID="McAfeeHttp" Server="update.nai.com:80" Enabled="1" Type="fallback">
<RelativePath>Products/CommonUpdater</RelativePath>
<UseAuth>0</UseAuth><UserName></UserName><Password Encrypted="1">xxxxxxxx==</Password>
</HttpSite>

<SpipeSite ID="handler_1" Enabled="1" Type="master" Name="ePO_EPO3" Server="EPO3:82" ServerIP="192.168.0.70:82" ServerName="EPO3:82" Version="4.5.1" SecurePort="443" Order="1">
<RelativePath>Software</RelativePath>
</SpipeSite>