Community Help Hub

mvanhanehan

Current environment: on prem, no outbound connection, Win10 environment, with ENS 10.7 (ENS TP/Firewall), TA 5.7.8, ePo5.10 (CU13). Along with these Trellix products, I've been able to deploy DLP 11.9.100 to 26 of 34 thin clients (TCs) successfully. We are in testing phase as this is a new network.

We have moved to static IP addressing (from DHCP), as we do not have too large of an inventory of endpoints to manage, which has helped the stability of our environment- product deployments, core content auto-updating, etc. much more consistently. However, TA deployment failed to 5 new TCs (w/static IPs), with a new error I haven't seen before, "Failed to authenticate with remote system, system error; Access denied." Additionally, 2 of the 5 target IPs changed after task was initiated by ePO.

Does anyone have any idea why this error would occur or how to fix it?

cdinet

KB56386 lists environmental requirements to push an agent. Are your systems on an internal domain? If so, you need to use a domain admin account as the credentials. If they are not on the domain, then you would have to use a local administrator account. In the domain field for push agent credentials, you would need to add a period instead of domain name to tell it to use a local admin account.

Also if there is no dns resolution, you might have to add the systems by IP address, push the agent to the IP then. Once the system gets the agent, it will check in and add itself as the system name. At that point you can remove the IP address entry.

In the server log on the epo server, you will see push agent failed, err= some number. That error code can vary depending on the cause. Open cmd and run this command to see what the error means:

net helpmsg 1326 or whatever the error code is

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mvanhanehan

"Are your systems on an internal domain?" -Yes, on prem net

"If so, you need to use a domain admin account as the credentials." - we are using a domain admin account

My questions revolve around:

- why are some, failing and others not? I guess I failed to mention in the original post that I was successful deploying 8 agents (and updating to our product baseline subsequently) with all the same circumstances the day before these others failed (they failed again today, same error).

- and why is the IP changing when I try to deploy agent? The last octet, e.g. 10.121.29.6 becomes 10.121.29.190 when I run the "deploy agent task" from the "Detected Systems" page.

cdinet

You have to look at the server log for push agent failed error to see what the error code is. There are many reasons for a failure. I gave you the environmental requirements required and how to find what that error code means. As for IP changing, I can't answer that without looking at logs. It could have to do with dns resolution, multiple nics active (wired/wireless/vpn), which one dns resolves the name to, etc. If you want a detailed analysis, you will need to open a ticket so we can look at logs, look at the properties of a particular system, etc.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Trellix Agent (TA) failures

Re: Trellix Agent (TA) failures

Re: Trellix Agent (TA) failures

Re: Trellix Agent (TA) failures

Community Help Hub

Join the Community