Failed to get the repositories list from the agent service (mirror task intermittently fails with McAfee Agent 5.5.x)
Last Modified: 2022-05-27 06:07:56 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Failed to get the repositories list from the agent service (mirror task intermittently fails with McAfee Agent 5.5.x)
Technical Articles ID:
KB91069
Last Modified: 2022-05-27 06:07:56 Etc/GMT Environment
McAfee Agent (MA) 5.5.x Microsoft Windows Server 2012, 2008 Problem
Mirror task execution intermittently fails. The failure can occur when using MA 5.5.x to perform a mirror task using a SuperAgent to a mirror location. The MA log records the following errors: #3888 crypto RSA version : 4.0.1.0 #3888 crypto RSA crypto role : User Role #3888 crypto RSA crypto mode : NON-FIPS Mode #3888 crypto RSA rand algo : HMAC Random #3888 ma_client ma client is started. #4760 msgbus Allowing <1160> onto msgbus #3888 creposi Failed to get repositories list from the agent service. #3888 ma_client stopping ma client. CauseOne or more of the following certificates are missing:
The reasons for the missing root certificates include, but aren't limited to, the following:
Solution 1Install the missing UTN-USERFirst-Object, Verisign Universal Root Certification Authority, and Verisign Class 3 Public Primary Certification Authority - G5 certificates in the physical Third-Party Trusted Root Certification Authorities store.
Install the missing COMODO RSA Code Signing CA and Verisign Class 3 Code Signing 2010 CA certificates in the physical Intermediate Certification Authorities store. After installing the certificates, the product installs or upgrades successfully. We recommend that you install the certificates using the Active Directory group policy for wide deployment. For information about how to deploy registry changes using the group policy, see this Microsoft article. Deploy the registry change for the Computer policy, not the User policy. Instead of using a Certificate group policy object (GPO), use a Registry group policy to make the change directly to endpoint registries, which puts the certificate in the correct store. (Using a Certificate group policy puts the certificate in the wrong certificate store.) Or, use one of the following methods to install the certificate directly on the system, or remotely using any appropriate administrative deployment method:
If you have a single system or only a few systems to install only the Verisign Class 3 Public Primary Certification Authority - G5 certificate to remediate manually:
Solution 2Address the issue preventing the automatic update of root certificates on the system.
Microsoft allows the administration of root certificate stores though many GPOs and automatic updates. For more information, see this Microsoft article. The administration of certificate stores isn't within the scope of Technical Support. Use the following solution only if the group policy in effect prevents the root certificate update: CAUTION: This article contains information about opening or modifying the registry.
Related Information
For more information about Affected ProductsLanguages:This article is available in the following languages: |
|