mcafee EPo problem, please help!

waltdee · April 2010

Hello,

I'm a desktop support technician trying to work with the server team to figure out what is causing this issue. I'll expain as detailed as i can.
Objective: to deploy Mcafee ePO agent to 150 pc's of diferent models, from t60's to t61's to t400's.
Problem: the progress is stuck on 17 pc's that cannot be communicated from the ePO server. When i ping any of these 17 pc's by host name, the request gets timed out, and the host name resolves to some IP address that doesnt match the IP of the pc. Thats issue one. If i ping the IP address, it works fine, i get a reply. But even when the server guys try to push out the agent by IP, the server cannot see \\hostname\c$ , says is not accessible hence cannot continue. I have manually upgraded these pc's to the latest mcafee version, added all the appropriate groups, basecally tried to make mirror the rest of the 100+ that worked. If anyone has any idea what causes the ePO server not to communicate with the host, please let me know.

Thank you.

RobertKaucher · April 2010

This sounds like a DNS issue to me. Have you done IPCONFIG /registerdns on these PCs?

waltdee · April 2010

RobertKaucher wrote: »

This sounds like a DNS issue to me. Have you done IPCONFIG /registerdns on these PCs?

Yes, i have. I've done /flushdns and /registerdns but that doesnt seem to work.
One of the server guys even suggested changing the IRPStackSize in the registry which should fix the mapping of the \\hostname\c$. It's funny b/c when i rstarted the pc after making the change, i was able to map to that hostname, but all of a sudden got the message back saying not accessible. sooo weird

astorrs · April 2010

waltdee wrote: »

When i ping any of these 17 pc's by host name, the request gets timed out, and the host name resolves to some IP address that doesnt match the IP of the pc.

This is clearly a DNS problem either on the client or the server. Can you confirm if the client and server are using the same DNS servers (if not perhaps you have issues with DNS zone transfers)? If you (or the server team) look on the DNS server(s) the client points to does it show the correct IP address in the A record for the client? If not, can you confirm the entry for that client isn't static (which would prevent dynamic updates from updating it)?

As for changing the IRPStackSize, etc, don't worry about the other problems you're seeing until you work this out, they're most likely side-effects of this issue.

qwertyiop · April 2010

I hate Mcafee EPo. My first task as an IT Intern a few years ago was to remove EPo from all the workstations and servers. I would remove Mcafee and it would seem to uninstall but then Epo would restore the install. To remove it i had to create a batch file to manullay remove Epo so that I could properly remove mcafee.

RobertKaucher · April 2010

qwertyiop wrote: »

I hate Mcafee EPo.

Seconded.

I agree with astorrs on this. Check the actual A records for these. What is running your DNS? Is it AD integrated?

bwcarty · April 2010

Is the ePO server configured to use WINS for hostname resolution? I used to deal with ePO here, and it was a PITA since everything was using WINS instead of DNS.

loxleynew · April 2010

We stopped using EPo because it's junk lol. Umm definetly a DNS issue. I would take the computers off the network --> delete completely from AD --> rename & re-add to network. Should clear it up and if not then check your DNS. Do you have just one dns server or more? If more it's probably a zone transfer problem like someone said above.

astorrs · April 2010

loxleynew wrote: »

I would take the computers off the network --> delete completely from AD --> rename & re-add to network.

Umm no need for a sledgehammer, it's probably something simple we can tweak on the server side.

loxleynew · April 2010

astorrs wrote: »

Umm no need for a sledgehammer, it's probably something simple we can tweak on the server side.

but my way is more fun

ilcram19-2 · April 2010

try to disable the firewall on the clients they try to push the client

astorrs · April 2010

guys seriously if basic name resolution isn't working you need to start there, just throwing out ideas that "might be the problem" isn't particularly helpful; it's like troubleshooting a problem accessing the internet by applying offline patches to your browser rather than noticing the network cable to your computer is unplugged - i.e. you should start with the lower levels and work your way up.

crrussell3 · April 2010

astorrs wrote: »

guys seriously if basic name resolution isn't working you need to start there, just throwing out ideas that "might be the problem" isn't particularly helpful; it's like troubleshooting a problem accessing the internet by applying offline patches to your browser rather than noticing the network cable to your computer is unplugged - i.e. you should start with the lower levels and work your way up.

+1 This is a DNS issue that needs to be resolved first before you can do anymore troubleshooting. What I have read, it sounds like there is an inconsistency between Forward/Reverse lookup zones. The Server guys need to double check the A/PTR records for the pcs in question and see if they are matching up to what the computer's say they are.

loxleynew · April 2010

crrussell3 wrote: »

+1 This is a DNS issue that needs to be resolved first before you can do anymore troubleshooting. What I have read, it sounds like there is an inconsistency between Forward/Reverse lookup zones. The Server guys need to double check the A/PTR records for the pcs in question and see if they are matching up to what the computer's say they are.

I agree it's DNS but why would randomly 17 of the 100 pcs be affected? Are they on a different site or were those pcs an old group that never got upgraded ? Makes no sense to me I guess with the information we have.

crrussell3 · April 2010

loxleynew wrote: »

I agree it's DNS but why would randomly 17 of the 100 pcs be affected? Are they on a different site or were those pcs an old group that never got upgraded ? Makes no sense to me I guess with the information we have.

Without us getting more information from the original poster as to how these pcs are configured, how the network is configured, etc, its hard to say why these particular pc's are affected.

waltdee · April 2010

Thanks guys for all your replies. I was able to drop the list down to 7 machines now. I noticed that what the ePO server is doing to push the agent, is map to hostname/c$, so i noticed that most of these machines had File and Printer sharing unchecked, and when i checked it off, bang! i could map, therefore the agent was installed. Now there is 1 machine, that i see File and Printer sharing checked, but when i check the WINS tab, theres like 10 IP addresses there, should i remove those from that machine? because im stuck at least on 2 pc's, the rest are in europe.

But you guys are right, it has to be a DNS issue one some of these, its just so random. Theres like 7 pc's i can ping, and another 9 that i cant ping, of which the IP is incorrect. I'm not very familiar with fixing dns, all i know is /flush dns and registerdns, and add/remove dns suffix, which some of these pc's have in order to work with Lotus Notes. I just know one thing, this number needs to go from 7 to 0 in another day or two, im getting a lot of heat about this, preassure from upper management.... wish me luck

mcafee EPo problem, please help!

Comments