Agent Handlers are inactive and stop communicating with the ePO server
Last Modified: 2021-12-08 18:04:11 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Agent Handlers are inactive and stop communicating with the ePO server
Technical Articles ID:
KB95077
Last Modified: 2021-12-08 18:04:11 Etc/GMT Environment
ePolicy Orchestrator 5.10.x
Problem
The remote Agent Handler last communication isn’t updated in the Agent Handlers ePO page, and shows the status Inactive. The errors below are recorded in the server_hostname.log file (ePO_Installation_folder>\db\logs): E #01920 NAIMSERV D:\BUILD_1151414\BUILD\ePO\dev\src\server\include\ePOData.inl(540): Error creating DALPolicyDBManager object, hr = 0x80040154 E #01920 NAIMSERV D:\BUILD_1151414\BUILD\ePO\dev\src\server\include\ePOData.inl(549): Policy Manager initialization: Failed. (0x80040154) E #01920 NAIMSERV servinit.cpp(508): Initialize Data Abstraction Layer Failed. E #01920 NAIMSERV servinit.cpp(879): Failed to check if the ePO server is running. The server name or user is invalid. Returning false. I NAIMSERV Failed to connect to the ePO server. The Agent Handler does not require the ePO server to be running, but it will exchange information if it is running. I NAIMSERV Shutting down server... I NAIMSERV Releasing File Locks... I NAIMSERV Cleaning up temp directory... I NAIMSERV ePolicy Orchestrator server stopped. The errors below are recorded in the EPR36 Executing DLLInstruction for - C:\Program Files (x86)\McAfee\Agent Handler\dalpolicy.dll. EPR36 Running command - regsvr32 /s "C:\Program Files (x86)\McAfee\Agent Handler\dalpolicy.dll" /u with wait timeout - 10000 EPR36 run_command (timeout is 10000) - regsvr32 /s "C:\Program Files (x86)\McAfee\Agent Handler\dalpolicy.dll" /u EPR36 run_command - regsvr32 /s "C:\Program Files (x86)\McAfee\Agent Handler\dalpolicy.dll" /u failed with error code:5 EPR36 RegistryInstruction - Starting execute - reg:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BF43200-BA9B-4730-8172-760C23ACA789} EPR36 RegistryInstruction - Registry key [SOFTWARE\Classes\CLSID\{3BF43200-BA9B-4730-8172-760C23ACA789}] does not exist, not executing. EPR36 Executing DLLInstruction for - C:\Program Files (x86)\McAfee\Agent Handler\naepodal.dll. EPR36 Running command - regsvr32 /s "C:\Program Files (x86)\McAfee\Agent Handler\naepodal.dll" /u with wait timeout - 10000 EPR36 run_command (timeout is 10000) - regsvr32 /s "C:\Program Files (x86)\McAfee\Agent Handler\naepodal.dll" /u EPR36 run_command - regsvr32 /s "C:\Program Files (x86)\McAfee\Agent Handler\naepodal.dll" /u succeeded with error code:0 EPR36 RegistryInstruction - Starting execute - reg:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Naepodal.EPODAL.1 EPR36 RegistryInstruction - Registry key [SOFTWARE\Classes\Naepodal.EPODAL.1] does not exist, not executing. EPR36 RegistryInstruction - Starting execute - reg:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Naepodal.EPODAL EPR36 RegistryInstruction - Registry key [SOFTWARE\Classes\Naepodal.EPODAL] does not exist, not executing. Cause
You see this issue when you run the Endpoint Product Removal (EPR) tool on the ePO Server or on Agent Handler. The EPR tool unregisters the DLL's that belong to the Agent Handler, which stops the communication. Solution 1
Try to re-register the DLLs:
Solution 2
Use this solution, only if Solution 1 above fails to resolve the problem.
Affected ProductsLanguages:This article is available in the following languages: |
|