HOW TO TROUBLESHOOT CLIENT UPDATE/DEPLOYMENT FAILURES
The ePO 5.10 install guide has a section in it for Troubleshooting and log file reference information.
NOTE: Always be sure the product versions you are installing are supported versions for the specific build of OS/platform you are installing on. KB51569 is the KB for supported environments for ePO.
Server (ePO or agent handler) logs can be located in ePO/AH install directory in the \db\logs folder. The server log will show push agent failures or other possible communication issues.
On the client side, the logs will be located in c:\programdata\mcafee\agent\logs folder.
Masvc log will show it getting the client task and invoking it (or failing to invoke at the scheduled time).
Macompatsvc log will show agent to point product communication failures.
Mcscript log will show the update process. For deployments, depending on agent version, there may be an mcscript_deploy log. Those are for product deployment tasks only, where the mcscript log will be for updates. If there is no mcscript_deploy log, then all updates and deployments will be in the mcscript log. Mcscript will show where the breakdown occurs and whether it is a repository issue, point product lpc communication failure with the agent, or a point product issue. Here are the steps it will go through.
o network URL(https://172.24.208.16:443/Software/SiteStat.xml?hash={0e773b7e-9786-11e7-3115-73e51b00cce7}) request, failed with curl error 28, Response 0, Connect code 0,
o downloader Downloading file from https://172.24.208.16:443/Software/SiteStat.xml?hash={0e773b7e-9786-11e7-3115-73e51b00cce7} to C:\Windows\TEMP\SiteStat.xml failed.
o C:\PROGRAM FILES\MCAFEE\AGENT\X86\MCSCRIPT_INUSE.EXE>(7208) was blocked from accessing('CREATE' (1)) <aac_object_section:c:\windows\syswow64\bmnet.dll <br="">
</aac_object_section:c:\windows\syswow64\bmnet.dll>
A common problem, “my DATs/AMCore isn’t updating” can have many unique causes but is generally troubleshot in the same three-step manner:
2019-01-09 17:00:14.426 masvc(444.4768) Updater.Info: Updater engine exited with exit status as 0 and term signal 0.
2019-01-09 17:00:14.497 masvc(444.4768) compatservice.Info: is_compat_running: 1, is_compat_required: 1
2019-01-09 17:00:15.428 masvc(444.4768) scheduler.Info: The task Daily Update Task is successful
MacOS
MAC MER tool: KB86785
/Library/McAfee/agent/ (install files)
/var/log/install.log (to view install logs)
/var/McAfee/agent/ (data directory: includes logs, db files, etc. Equivalent on Windows is ProgramData)
/etc/ma.d/ (product plugins)
To view the status of a service:
Sudo /Library/McAfee/agent/scripts/ma status
Stopping and starting services:
Sudo /Library/McAfee/agent/scripts/ma start
Sudo /Library/McAfee/agent/scripts/ma stop
Sudo /Library/McAfee/agent/scripts/ma restart
All other non-Windows platforms (Linux, UNIX, etc.)
Linux MER tool: KB83005
/opt/McAfee/agent (install files)
/var/McAfee/agent (data directory)
/etc/ma.d/ (product plugins)
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Amazing and thanks! Not only will this help me but I'm sure this will help others; it should be a sticky.
Thanks again!
Trying to make it a sticky, but there are some issues with that at the moment they are working on. Thanks!
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Thanks for the documentation!
Is there a way to send a notification (email or via Splunk) to the ePO admins if the amcore is not updating?
You can set up automatic responses for sending notifications for failed updates (event id 2402) that can send an email. If you have a registered syslog server in epo, you can enable specific events for being sent to that syslog server under server settings, event filtering.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
I can't edit the original post, so I am re-posting some updated info - added more detail to assist better.
TROUBLESHOOTING UPDATE/DEPLOYMENT FAILURES
General Points to Consider
The first thing is to know which logs to look at when you see failures, no matter what type of issue you are troubleshooting. The ePO 5.9 and 5.10 install guides have a section in them for Troubleshooting and log file reference information.
The second thing to look at is how the task is configured and whether the client is receiving the task or not. It is important to know how it is assigned and whether the task itself is configured properly to understand how it can impact failures.
2019-01-09 17:00:14.426 masvc(444.4768) Updater.Info: Updater engine exited with exit status as 0 and term signal 0.
2019-01-09 17:00:14.497 masvc(444.4768) compatservice.Info: is_compat_running: 1, is_compat_required: 1
2019-01-09 17:00:15.428 masvc(444.4768) scheduler.Info: The task Daily Update Task is successful
NOTE: Always be sure the product versions you are installing are supported versions for the specific build of OS/platform you are installing on. Search the kb at agent.mcafee.com for “supported environments” for the product you are researching on.
If there is no mcscript_deploy log, then all updates and deployments will be in the mcscript log. Mcscript will show where the breakdown occurs and whether it is a repository issue, point product lpc or msgbus communication failure with the agent, or a point product issue. Here are the steps to go through.
Agent Deployment (Push Agent)
Injection
Non-Windows Agent Guide
Keep in mind:
Log locations and data collection and service information
MacOS
MAC MER tool: KB86785
/Library/McAfee/agent/ (install files)
/var/log/install.log (to view install logs)
/var/McAfee/agent/ (data directory: includes logs, db files, etc. Equivalent on Windows is ProgramData)
/etc/ma.d/ (product plugins)
To view the status of a service:
Sudo /Library/McAfee/agent/scripts/ma status
Stopping and starting services:
Sudo /Library/McAfee/agent/scripts/ma start
Sudo /Library/McAfee/agent/scripts/ma stop
Sudo /Library/McAfee/agent/scripts/ma restart
All other non-Windows platforms (Linux, UNIX, etc.)
Linux MER tool: KB83005
/opt/McAfee/agent (install files)
/var/McAfee/agent (data directory)
/etc/ma.d/ (product plugins)
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
The McAfee Agent General policy, deselect the option Accept connections only from the ePO server
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: