NaInet Failed to MAP share using NetAPI now using WNetAddConnection2, return code=1219
Last Modified: 2021-02-12 21:20:06 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
NaInet Failed to MAP share using NetAPI now using WNetAddConnection2, return code=1219
Technical Articles ID:
KB66804
Last Modified: 2021-02-12 21:20:06 Etc/GMT Environment
McAfee Agent (MA) 5.x
Problem 1If you configure the MA policy to look for updates from a UNC repository, the ePO agent update task fails.
You see the fail when the user account for the MA policy is listed under the Deny log on locally setting. The NOTE: See related article KB82170 - How to enable debug logging for McAfee Agent to troubleshoot Windows. I #8112 imsite Download from: (Repository001) SiteStat.xml X #8112 improgr ImProgress::operator() I #8112 NaInet Connecting to UNC Server: AG03260000S001 I #8112 NaInet Domain name=domain01, User name=svc_mcafee I #8112 NaInet Mapping network share \\AG03260000S001\share$ using NetUseAdd I #8112 NaInet Failed to MAP share using NetAPI now using WNetAddConnection2, return code=1219 Problem 2After you run an agent update task using ePO, you see a security event similar to the one below in the Event Viewer. It is observed on the server where the UNC share resides:
CauseThe user account in the MA policy is listed in the
SolutionRemove the MA user account from the Deny log on locally list on the server where the UNC share resides, then restart the server:
WorkaroundModify the UNC repository entry in the MA policy and use another user account that is not listed in the Deny log on locally setting:
Affected ProductsLanguages:This article is available in the following languages: |
|