McAfee Agent is unable to connect to an Agent Handler when Sitelist.xml contains many Agent Handler entries
Technical Articles ID:
KB85453
Last Modified: 2021-06-14 16:30:44 Etc/GMT
Last Modified: 2021-06-14 16:30:44 Etc/GMT
Environment
McAfee Agent (MA) 5.x
Problem
The following is seen when Sitelist.xml contains many Agent Handler entries:
Detailed description of the problem:
- The agent is unable to connect to most Agent Handlers.
- The agent-to-server communication interval (ASCI) is set to a short time such as five minutes.
- Logs show agent-to-server communication (ASC) overlapping and looping.
- The agent is not able to make a connection to an accessible Agent Handler.
The ASC is completed using two threads:
- TC thread - Collects properties and puts a job into the job queue.
- TP threat - Processes the job by making an SPIPE package and sending it to ePO.
- When the TC thread collects properties, it needs to connect to ePO to get the agent IP address. It tries to connect to the Agent Handler sites in the sitelist one-by-one until it can successfully connect to ePO. For a given Agent Handler site, it tries to connect by using three methods (IP address, fully qualified domain name (FQDN), and host name).
It takes a long time to complete the above step.If:- There are many Agent Handler sites
And - The topmost Agent Handler site in the sitelist is inaccessible
- There are many Agent Handler sites
- When the TP thread gets the job, it searches the ePO site to upload the package. It tries to connect to the Agent Handler sites in the sitelist and try to discover relay sites until it finds an accessible Agent Handler site. If all Agent Handler sites are inaccessible, it continuously retries the sitelist until it finds an accessible Agent Handler site. All these factors could be time-consuming, especially in the case where there is many Agent Handler sites and poor accessibility in the environment.
- There is a global sitelist iterator, also known as current index, that points to the Agent Handler site in use at the beginning of the ASC. The TC thread resets the index if an accessible Agent Handler site is not found. Suppose that the first ASC is processing the job for uploading the package to ePO, and its TP thread is searching for an accessible Agent Handler site one-by-one from the sitelist. Suppose that the ASCI is set to a short time such as five minutes. After five minutes, the second ASC starts. The second TC thread resets the sitelist iterator (current index) to point to the beginning of the sitelist, and collect properties again as described in step 1. The first TP thread is affected. It retries the topmost sites in the sitelist because the sitelist current index is reset using the second TC thread. So, some Agent Handler sites at the bottom of the sitelist might be harder to reach (or might never be reached).
Example:
Below is an example of an ASC overlapping and looping to inaccessible Agent Handler sites. The system below is never able to make a successful connection to an accessible Agent Handler site. In this example,Sitelist.xml has 12 Agent Handler sites and the ASCI is set to five minutes. The TC thread is #2096 and the TP thread is #2088.
Below is an example of an ASC overlapping and looping to inaccessible Agent Handler sites. The system below is never able to make a successful connection to an accessible Agent Handler site. In this example,
...
I #2096 Agent Collecting IP address using Internet Manager
...
X #2096 SiteHlp Get EPO Server IP address
X #2096 SiteHlp Smart read of Site List
...
X #2096 imsitel ImSiteListImpl::getNextSiteByIndex()
X #2096 imutils Trying with site : 10.5.6.7:90
...
I #2096 imsite Connecting to site: 2.56.4.8 on port: 443
I #2096 imsite Did not connect to Real site: 2.56.4.8 on port: 443
I #2096 imsite Connecting to site: zzzz on port: 443
I #2096 imsite Did not connect to Real site: zzzz on port: 443
I #2096 imsite Connecting to site: zzzz on port: 443
I #2096 imsite Did not connect to Real site: zzzz on port: 443
...
I #2096 imsite Did not connect to Real site: 2.56.4.8 on port: 443 <-- index 1
I #2096 imsite Did not connect to Real site: 30.25.87.6 on port: 443 <-- index 2
I #2096 imsite Did not connect to Real site: 40.2.3.9 on port: 443 <-- index 3
I #2096 imsite Did not connect to Real site: 50.6.8.4 on port: 443 <-- index 4
I #2096 imsite Did not connect to Real site: 10.6.7.2 on port: 443 <-- index 5
I #2096 imsite Did not connect to Real site: 60.2.8.3 on port: 443 <-- index 6
I #2096 imsite Did not connect to Real site: 70.6.8.6on port: 443 <-- index 7
I #2096 imsite Did not connect to Real site: 80.6.9.12 on port: 443 <-- index 8
I #2096 imsite Did not connect to Real site: 80.6.9.120 on port: 443 <-- index 9
I #2096 imsite Did not connect to Real site: 90.6.45.87 on port: 443 <-- index 10
I #2096 imsite Did not connect to Real site: 90.6.45.80 on port: 443 <-- index 11
...
X #2096 imutils Trying with site : 110.6.8.4:90 <-- index 12
X #2096 imsite ImSiteImpl::getLocalIPAddressFromSocket()
X #2096 imsite checkBuildTransferObject
X #2096 imsite Attempting creation of naInet::TransferItf instance
X #2096 bldtrob inetmgr::CreateTransferItfFromProperties()
I #2096 naInet HTTP Session initialized
X #2096 bldtrob Setting naInet transfer option Server = EPOSERVER1:90
X #2096 bldtrob Setting naInet transfer option ServerName = EPOSERVER1:90
X #2096 bldtrob Setting naInet transfer option ServerIP = 110.6.8.4:90
X #2096 bldtrob Setting naInet transfer option Name = ePO_EPOSERVER1
X #2096 bldtrob Setting naInet transfer option RelativePath = Software
X #2096 bldtrob Setting naInet transfer option SecurePort = 443
X #2096 imsite Successfully instantiated naInet::TransferItf
X #2096 imsite assignTransferCredentials
X #2096 imsite NaInetOpGetIPAddress::opDetails
I #2096 imsite Connecting to site: 110.6.8.4 on port: 443
I #2096 naInet HTTP Session closed
…
I #2096 naInet HTTP Session closed
X #2096 RegKey RegCreateKey,80000002,SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
X #2096 RegKey =00000770
X #2096 RegKey RegSetValueEx,00000770,IPAddress,68.24.3.5
X #2096 Agent IP address = 68.24.3.5
X #2096 RegKey RegCloseKey,00000770
X #2096 RegKey RegCloseKey,00000730
X #2096 netif_w candidate MAC=00012904d0ef If Type=6 Include Loopback=0 Oper Status=1
X #2096 netif_w candidate MAC=000000000000 If Type=24 Include Loopback=0 Oper Status=1
X #2096 RegKey RegCreateKey,80000002,SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
X #2096 RegKey =00000730
X #2096 RegKey RegSetValueEx,00000730,SubnetAddress, 68.24.3.0
X #2096 RegKey RegSetValueEx,00000730,SubnetMask,255.255.255.128
X #2096 RegKey RegCloseKey,00000730
I #2096 Manage ÕýÔÚÊÕ¼¯ÊôÐÔ
I #2096 Manage Initializing Event Interface
X #2096 RegKey RegCreateKey,80000002,SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
X #2096 RegKey =00000770
X #2096 RegKey RegQueryValueEx,00000770,LoggedOnUser
X #2096 RegKey =abcdwxyz
X #2096 RegKey RegCloseKey,00000770
I #2096 Manage EpoEventInf Interface: Initialization succeeded.
I #2096 Manage CEnforceProperties::LoadPropFiles() - Properties file not found, creating new
I #2096 Manage ÕýÔÚÊÕ¼¯ÊôÐÔ
X #2096 SiteHlp Constructing sites helper object
X #2096 SiteHlp Getting Sitelist file name
X #2096 SiteHlp Getting Sitelist versions
X #2096 IPLock readLock - providing read lock
X #2096 IPLock readUnLock - unlocking the read lock successful
X #2096 SiteHlp Get EPO Server IP address
X #2096 SiteHlp Smart read of Site List
X #2096 IPLock readLock - providing read lock
X #2096 SiteHlp Reading from memory1
X #2096 IPLock readUnLock - unlocking the read lock successful
X #2096 SiteHlp Getting Spipe site
X #2096 SiteHlp Free memory for Sitelist
X #2096 RegKey RegCreateKey,80000002,SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
X #2096 RegKey =00000770
X #2096 RegKey RegSetValueEx,00000770,PropsVersion,20150712012841
X #2096 RegKey RegCloseKey,00000770
I #2096 Manage DeInitializing Event Interface
I #2096 Manage EpoEventInf Interface: Deinitialization succeeded.
I #2096 Agent ´úÀíÕýÔÚÏò ePO ·þÎñÆ÷·¢ËÍÊôÐÔ°æ±¾
I #2096 Agent Forwarding all events
I #2096 Agent Forward all events request received
X #2088 RegKey RegOpenKeyEx,80000002,SOFTWARE\Network Associates\TVD\Shared Components\Framework
I #2100 Agent Agent event wakeup, processing events
I #2100 Agent ´úÀíÕýÔÚ²éÕÒÒªÉÏÔصÄʼþ
X #2088 RegKey =00000730
X #2088 RegKey RegQueryValueEx,00000730,LowerWorkingThreadPriority
X #2088 RegKey =<not found>
X #2088 RegKey RegCloseKey,00000730
I #2088 Agent Started processing a package..
I #2088 Agent Preparing Props Version Package
...
X #2088 Agent Repository validation file version=20150526093635
X #2088 Agent VDI mode=0
X #2088 Agent FQDN name - COMPUTER
X #2088 Agent FQDN name=COMPUTER
I #2088 Agent Collecting IP address using Internet Manager
X #2088 RegKey RegOpenKeyEx,80000002,SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
X #2088 RegKey =00000730
X #2088 RegKey RegQueryValueEx,00000730,LastPolicyUpdateTime
X #2088 RegKey =1434619827
X #2088 IPLock writeLock - providing write lock
X #2088 persite source sitelist,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml
X #2088 SiteHlp Constructing sites helper object
X #2088 SiteHlp Getting Sitelist file name
X #2088 SiteHlp Getting Sitelist versions
X #2088 IPLock readLock - providing read lock
X #2088 IPLock readUnLock - unlocking the read lock successful
X #2088 SiteHlp Get EPO Server IP address
X #2088 SiteHlp Smart read of Site List
X #2088 IPLock readLock - providing read lock
X #2088 SiteHlp Reading from memory1
X #2088 IPLock readUnLock - unlocking the read lock successful
X #2088 SiteHlp Getting Spipe site
X #2088 SiteHlp Free memory for Sitelist
X #2088 imutils IP address 68.24.3.5 collected using Spipe entry
X #2088 persite No change to sitelist timestamp
X #2088 IPLock writeUnLock - unlocking the write lock successful
X #2088 persite lock()
X #2088 imsitel ImSiteListImpl::addSitesFromPersist
X #2088 persite getNextSite()
…
X #2088 persite getNextSite()
X #2088 persite unlock()
X #2088 imsitel ImSiteListImpl::setSiteSearchParams()
X #2088 imsitel ImSiteListImpl::getNextSiteByIndex()
X #2088 imutils Trying with site : 2.56.4.8:90
…
I #2088 imsite Did not connect to Real site: 2.56.4.8 on port: 443 <-- index 1
I #2088 imsite Did not connect to Real site: 30.25.87.6 on port: 443 <-- index 2
I #2088 imsite Did not connect to Real site: 40.2.3.9 on port: 443 <-- index 3
I #2088 imsite Did not connect to Real site: 50.6.8.4 on port: 443 <-- index 4
I #2088 imsite Did not connect to Real site: 10.6.7.2 on port: 443 <-- index 5
I #2088 imsite Did not connect to Real site: 60.2.8.3 on port: 443 <-- index 6
I #2088 imsite Did not connect to Real site: 70.6.8.6on port: 443 <-- index 7
I #2088 imsite Did not connect to Real site: 80.6.9.12 on port: 443 <-- index 8
I #2088 imsite Did not connect to Real site: 80.6.9.120 on port: 443 <-- index 9
X #2088 imutils Trying with site : 90.6.45.87:90 <-- index 10
...
I #2096 Agent Network up, Performing ASCI <--- second ASC TC thread reset the index
I #2088 imsite Did not connect to Real site: 90.6.45.87 on port: 443 <-- index 10 starts before the index reset and continues to use the same index
... <----- first ASC TP thread should try 90.6.45.80 (index 11) and 110.6.8.4 (index 12) but it went to 26.221.1.9 (index 2) after the index reset
I #2088 imsite Did not connect to Real site: 30.25.87.6 on port: 443 <-- index 2 by first ASC TP thread
I #2088 imsite Did not connect to Real site: 40.2.3.9 on port: 443 <-- index 3 by first ASC TP thread
I #2096 imsite Did not connect to Real site: 2.56.4.8 on port: 443 <-- index 1 by second ASC TC thread
I #2088 imsite Did not connect to Real site: 30.25.87.6 on port: 443 <-- index 2
I #2096 imsite Did not connect to Real site: 40.2.3.9 on port: 443 <-- index 3
I #2088 imsite Did not connect to Real site: 50.6.8.4 on port: 44 <-- index 4
I #2096 imsite Did not connect to Real site: 10.6.7.2 on port: 443 <-- index 5
I #2088 imsite Did not connect to Real site: 60.2.8.3 on port: 443 <-- index 6
I #2096 imsite Did not connect to Real site: 70.6.8.6on port: 443 <-- index 7
I #2088 imsite Did not connect to Real site: 80.6.9.12 on port: 443 <-- index 8
I #2096 imsite Did not connect to Real site: 80.6.9.120 on port: 443 <-- index 9
Solution
To avoid the situation where one ASC overlaps another ASC:
- Do not use too many Agent Handlers. Only use a maximum of four or five.
- Increase the ASCI interval to longer than ten minutes.
Affected Products
Languages:
This article is available in the following languages: