cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jack-TD
Level 8
Report Inappropriate Content
Message 1 of 15
‎01-06-2019 05:38 PM

McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Hi,

I have recently updated RHEL 6 servers to Agent 5.6.0.702

After the upgrade the command /opt/McAfee/agent/bin/cmdagent fails with error

cmdagent.Error: Failed to get ma info, error code <507>.

When this command is run as root there is no issue.

Has anyone else run into this situation with agent 5.6

 

This is also effecting ePO from communicating with the servers using the Run client command and the wake up agent command

The servers are able to send their events back through to ePO.

Tags (3)
0 Kudos
Reply
1 Solution

Accepted Solutions
cdinet
Employee
Employee
Report Inappropriate Content
Message 13 of 15
‎01-08-2019 02:35 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Please open a ticket then with McAfee and set the agent logging to debug, then get an agent mer (with the 5.6 agent).  That mer tool is attached to KB83005.  We need to see what is going on with that agent.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
14 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 15
‎01-07-2019 12:31 AM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Moving this to the agent team, so the appropriate group will see this.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 3 of 15
‎01-07-2019 05:38 AM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

cmdagent has to be run with root privileges.  If you use an account that has sudo rights and you run it using sudo command, does it still fail? 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reply
Jack-TD
Level 8
Report Inappropriate Content
Message 4 of 15
‎01-07-2019 02:04 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

It does not fail when run as sudo, however servers which are running RHEL 7 or RHEL 5 do not require root privileged to run cmdagent.

In addition to this when attempting to run the wake up agent task from ePO the effected server responds with "Unexpected HTTP responce code 500 received from the remote computer.

 

 

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 5 of 15
‎01-07-2019 02:11 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Most of our KB's or ma product guides list that there are some commands that require root privileges, including deploying an agent. 

As for the error 500 you are getting, is the agent general policy enabled to only accept connections from the epo server?  You might also want to check each of the agent logs for any possible rejection of the wakeup request.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reply
Jack-TD
Level 8
Report Inappropriate Content
Message 6 of 15
‎01-07-2019 03:25 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

As for the error 500 you are getting, is the agent general policy enabled to only accept connections from the epo server? 

 

I have tested waking up agent with this option disabled and enabled with the same results

 

The following is the log output from the macmnsvc log

 

2019-01-07 23:18:14.287 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50647
2019-01-07 23:18:14.288 (31309.31309) http_server.Info: Agent wakeup call received
2019-01-07 23:18:14.288 (31309.31309) http_server.Info: Agent wakeup call for FULL PROPS received
2019-01-07 23:18:14.288 (31309.31309) msgbus.Warning: Broker information is not available, rc <501>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: local broker look up failed for service <ma.service.logger>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: Failed to start request <ma.service.logger>, so sending the error code to the callback in main thread
2019-01-07 23:18:14.289 (31309.31309) msgbus.Warning: Broker information is not available, rc <501>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: local broker look up failed for service <ma.service.logger>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: Failed to start request <ma.service.logger>, so sending the error code to the callback in main thread
2019-01-07 23:18:14.289 (31309.31309) msgbus.Warning: Broker information is not available, rc <501>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: local broker look up failed for service <ma.service.property>
2019-01-07 23:18:14.289 (31309.31309) msgbus.Error: Failed to start request <ma.service.property>, so sending the error code to the callback in main thread
2019-01-07 23:18:14.289 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) ma_http_connection_send_stock_response, response(500 Internal Server Error)
2019-01-07 23:18:14.302 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50648
2019-01-07 23:18:14.303 (31309.31309) spipe.Error: Received spipe package size 428 is lesser than the expected size, malformed package.
2019-01-07 23:18:14.303 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) ma_http_connection_send_stock_response, response(500 Internal Server Error)
2019-01-07 23:18:14.311 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50649
2019-01-07 23:18:14.311 (31309.31309) spipe.Error: Received spipe package size 428 is lesser than the expected size, malformed package.
2019-01-07 23:18:14.311 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) ma_http_connection_send_stock_response, response(500 Internal Server Error)
2019-01-07 23:18:14.322 (31309.31309) http_server.Info: ma_http_connection_t(0x140d880) accepting tcp connection from epo_server:50650

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 7 of 15
‎01-07-2019 03:28 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

is the macompatsvc service running?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Jack-TD
Level 8
Report Inappropriate Content
Message 8 of 15
‎01-07-2019 03:34 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution
All three services are running on the box,

service ma status

McAfee agent service is already running.
McAfee common services is already running.
McAfee compat service is already running.
0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 9 of 15
‎01-07-2019 03:29 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

Also, this is telling .......Received spipe package size 428 is lesser than the expected size.

Is there a proxy or firewall that might be doing some ssl inspection?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Jack-TD
Level 8
Report Inappropriate Content
Message 10 of 15
‎01-07-2019 06:40 PM

Re: McAfee Agent 5.6 RHEL 6 issue

Jump to solution

There is no ssl inspection being performed between the ePO server and the effected host

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC