This article provides background information about how the ePO data channel (DC) works. It also provides useful troubleshooting steps that you can take to diagnose issues with the data channel.
High-level overview of a data channel workflow:
- The ePO Application Server (Tomcat) writes the DC request to the EPOAgentHandlerDataChannelWQ (DC WQ) table of the ePO database.
- Agent Handlers regularly poll the DC WQ table looking for work to do.
- Agent Handlers pick up any outstanding DC requests in the DC WQ and work on them. The initial outbound request is essentially a wake-up call to the McAfee Agent on the client instructing it to communicate back to ePO because DC work is available.
- The Agent Handler communicates with Tomcat and updates the status of the outbound DC request, whether it is a success or failure.
- The agent communicates with ePO either:
- During its normal agent-to-server communication interval (ASCI)
Or
- When contacted by the Agent Handler in step 3 above, and discovers DC work is waiting for it in the DC work queue. The agent picks up this work and completes the request.
- An internal database maintenance task runs every minute. The task looks for DC requests in the database that have been completed or have expired. It then continues to remove them from the DC WQ.
SQL queries:
Use the following queries to get information about data channel requests:
- To display what Agent Handler is processing a data channel request for a particular client, use the following SQL query:
Select
ELN.NodeName as ClientName,
ELN.AgentGUID,
AH.ComputerName as HandlerName,
AH.LastKnownTCPIP as HandlerIP,
DCWQ.Source as DCRequest,
DCWQAttempts.LastDeliveryAttempt as DCLastAttemptTime,
DCWQ.RetryDelay as RetryDelaySeconds,
DCWQAttempts.RetriesRemaining,
DCWQ.ExpireTime as DCExpireTime
From
EPOLeafNode as ELN, EPOAgentHandlerDataChannelWQMT as DCWQ,
EPOAgentHandlerDataChannelWQAttemptsMT as DCWQAttempts, EPORegisteredApacheServers as AH
Where
DCWQ.AutoID = DCWQAttempts.ParentID
And DCWQ.Target = ELN.AutoID
And DCWQAttempts.AgentHandlerId = AH.AutoID
And ELN.NodeName = '<system name>'
Where
<system name> is the system that you’re querying. For example, to query a system named TEST, you would have to update the last line of the query to:
ELN.NodeName = 'TEST'
- To display a count of all data channel request types in the queue, use the following SQL query:
Select Source as DCRequest, count (*) as 'Number of Occurrences'
From EPOAgentHandlerDataChannelWQ
Group By Source Order by Source asc
Log file entries:
The data channel uses the secure pipe (SPIPE) protocol to generate requests. It has four primary SPIPE request types, which you can see referenced in the log files below:
- Request Type: MsgUpload
Purpose: Request is used to send DC items from the client node to the Agent Handler.
Example (server log on an Agent Handler):
NAIMSERV Received [MsgUpload] from <system name="">:{<GUID>}
- Request Type: MsgAvailable
Purpose: The agent received the request from ePO when there are items that ePO has to hand over to the agent.
Example (agent log on a client):
- Agent Package type is MsgAvailable
- LstnSvr StartResponse-POST-PKG - MsgAvailable
- Request Type: MsgRequest
Purpose: This request is sent to the Agent Handler by the agent after it received a MsgAvailable request from an Agent Handler. This request triggers the Agent Handler to respond with MsgResponse.
Example #1 (agent log on a client):
Agent Package type is MsgRequest
Example #2 (server log on an Agent Handler):
Received [MsgRequest] from <system name="">:{<GUID>}
- Request Type: MsgResponse
Purpose: ePO sends this request in response to the MsgRequest SPIPE package.
Example (agent log on a client):
- Agent CMsgResponsePackage::ParsePackage() - New MsgResponse-EEADMIN_1000_UserUpdatesAndAcknowledgementRsp was received
- Agent Package type is MsgResponse
- Agent CMsgResponsePackage::ParsePackage() - New MsgResponse-EEADMIN_1000_AddDomainUsersRsp was received
Common error condition examples:
This section provides solutions to common data channel issues that might occur.
- Example 1 - Data channel requests such as an agent wake-up call is successful, but the server task log on the ePO console always reports that they expired.
The server_<system name>.log file on the Agent Handler might contain these errors:
- MCUPLOAD SecureHttp.cpp(968): Failed to send HTTP request. Error=12029 (12029)
- NAIMSERV server.cpp(587): Failed to send request, err=0x80004005, HTTP status code=0
Cause:
Apache is unable to communicate with the Application Server service (Tomcat) running on the ePO server. Because it can't communicate, the status of the task never gets set to success or failure. Eventually, a maintenance task runs and identifies that the task is past its expired time and expires the task.
Possible Solutions:
- Look at the server.ini file (<ePO installation directory>\DB\server.ini). It tells you what IP address and DNS name the Agent Handler is using for Tomcat. Confirm that they’re correct.
- Make sure that DNS resolves the correct IP address for the ePO server on the Agent Handler.
- Make sure that a route between the Agent Handler and the ePO server exists on port 8444 (default port).
- Example 2 - The server task log has data channel related tasks that are forever stuck "in progress" long after the expire time is reached. The EPODataChannelData table is growing large.
Cause:
An internal maintenance task is supposed to run every minute to look for expired data channel objects and remove them. But, the task isn’t running.
Possible Solutions:
This entry in the orion.log shows you whether the internal task that cleans up the data channel tables (dbcleanup task) is running:
INFO [scheduler-TaskQueueEngine-thread-4] Internal.DbCleanupTask - Running DataChannel DbCleanupTask
This query gives you the next queued time of the dbcleanup task:
Select RunTime from OrionTaskQueueMT where TaskDescription like '%dbclean%'
Perform the following depending on the status of the dbcleanup task: