Hi,

I am not able to open any KA  in the Trellix website. I cross checked in another system and also connected other network. Still i am unable to open any KA related  to issue discussion of  ePO event parser service  is not starting  and ePO console shows as  Mcafee Foundation service (not ePO).

Please advise.

Hello

Try from the server itself via browser:
https://<servername>:8443/core/config     
Put your servername and correct the Port if you have modified it.
Verify the data there.

Regards

Hi,

No port number was changed.

Site did changed only  DomainAdmin user  account password in DomainController server only. After some days of working ePO console login issue observed suddenly in ePO server.

Tried KB69850, test connection showed successful  in  core-config page in ePO server,  but  still ePO event parser service is not starting and unable to login ePO console.

Please advise.

Have you restarted the Services?

Are you sure the only thing that changed is the password?  Were sql services restarted by any chance?  Is sql on same or different server?  If you go into configuration manager for sql and look at the tcp settings for your sql instance, is sql using a dynamic or static port (look at the IP all section).  If the port is dynamic, change it to static, if possible and ensure core/config page has the right port.  

Also check the instance name.  If it is mssqlserver, make sure that the instance name then is blank in core/config.  If you can't change the port from dynamic to static and the instance name is not the default, then remove the port from core/config and just leave the instance name there.  Eventparser will not start if a connection to the database can't be established.

Hi,

Thanks for your reply.

At site Domain Controller server is different and ePO server, SQL is on other server.  DC , ePO are not on same system.

I checked with site team they mentioned that  some one did password change activity on DomainController only. Then later some days of working  site team tried ePO console login and unable to login, then rebooted ePO server. Still same issue observed.

I already asked site team to provide the snaps of the core-config to cross check the settings like Servername, Port, dynamic/static, SQL instance name, etc.

But in my lab setup SQL instance name is set as the one I entered while installing & configuring SQL.

You mean to say now in this type of issues, SQL instance name will change to default or some other (mssqlserver)  name instead of original configured name ? Please clarify.

So after trying the below suggested step  of updating  port  or  sqlserver name  you are suggesting to restart  event parser service or reboot ePO server and then check the status ?

suggested  step to try -  If it is mssqlserver, make sure that the instance name then is blank in core/config.  If you can't change the port from dynamic to static and the instance name is not the default, then remove the port from core/config and just leave the instance name there.

please let me know if any snaps or data required from site.

please advise.

It might be better if you open a ticket so we can work with you closer and see logs, as you should not post anything here with sensitive information.  

I didn't mean to imply that the sql instance would change - that is set on install, whether it is the default instance or a named instance.  But when you install sql, sometimes the port is set as dynamic and sometimes static.  You can view that in configuration manager in the tcp properties for the instance epo is using.  The IP All section will show you dynamic or static.  When the port is static, it doesn't change, so you don't need to enter the instance name in core/config.  When the port is dynamic, it can change with any service restart or reboot, which would break communication with epo.  In that case with a dynamic port, you only list the instance name in core/config and not the port.  

The downside of that, is in any scenario, you never use mssqlserver in the instance name (the default instance).  So if instance mssqlserver, for example, is using a dynamic port, you have a problem.  in that case, don't use dynamic ports, use static.  

core/config only tests basic connectivity - can epo reach the server and has a valid account.  It does not test any tls handshake, which is why eventparser can't start if the handshake fails.  

You need to make sure core/config settings are all correct, with any new password that was changed for that account.

Hi,

Thanks for your explanation.

Now  in this issue  regard  we have a question related to password change for user account.

If  we change  user account passwords  in Domain Controller  then after   password changed   every time do we  need to change  or update  new  ePO password with:  https://<servername>:8443/core/config   or  will that new ePO password  gets updated  automatically ? 

or  is there any workaround or procedure available that  user account  new  password can get updated in ePO  without need of  core/config  manual update ?

Please clarify and advise for this question so as to  advise site maintenance team for future  activity.