ASCI failure occurs on systems that are migrated from on-premises ePO to ePO - SaaS due to the proxy configuration issue
Last Modified: 2022-11-24 04:57:24 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
ASCI failure occurs on systems that are migrated from on-premises ePO to ePO - SaaS due to the proxy configuration issue
Technical Articles ID:
KB96195
Last Modified: 2022-11-24 04:57:24 Etc/GMT Environment
Trellix Agent (TA) 5.x Trellix ePolicy Orchestrator (ePO) - SaaS Summary
This article explains about the proxy disable issue that's related to the systems reporting to ePO - SaaS through a few scenarios as described below:
Problem
The errors below are recorded in the 2022-10-07 15:08:02.254 masvc(3380.3780) ahclient.Debug: No proxy usage. 2022-10-07 15:08:02.254 masvc(3380.3780) ahclient.Debug: Proxy configuration can't be used for spipe connection, trying with relay. 2022-10-07 15:08:02.254 masvc(3380.3780) ahclient.Debug: Relay communication is disabled. 2022-10-07 15:08:02.254 masvc(3380.3780) ahclient.Error: Agent failed to communicate with ePO Server 2022-10-07 15:08:02.254 masvc(3380.3780) msgbus.Debug: topic <ma.logger.msg.pub.topic> reachability <1> 2022-10-07 15:08:02.254 masvc(3380.3780) ahclient.Info: Spipe connection response received, network return code = 1301, response code -1. Cause
When you migrate or export and import the policies from on - premises ePO to ePO - SaaS, the Use this repository list option gets disabled. Owing to this reason, TA is unable to check the proxy option to access ePO - SaaS. You need to export the policies and click the link under the Policy Catalog page. An example of the outcome is shown below: <EPOPolicyVerInfo vermjr="5" vermin="9" verrel="0" verbld="0"/> <EPOPolicySettings name="RGC_MA repo::Settings (2F5B52A8-0EA8-4895-AAC6-93F24472C206)" featureid="EPOAGENTMETA" categoryid="Repository" typeid="Repository" param_int="0" param_str=""> <Section name="Advanced"> <Setting name="OverwriteClientSites" value="0"/> <Setting name="nMaxHopLimit" value="15"/> <Setting name="nMaxPingTimeout" value="30"/> <Setting name="uiFindNearestMethod" value="2"/> NOTE: If you don't have a SolutionTechnical Support is investigating this issue. If you experience this issue, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
Workaround
Duplicate the Default policy and assign the new policy to all systems reporting to ePO - SaaS:
Option 2: Manually update the proxy server from an ENS client system:
After you update the proxy locally, it helps to connect ePO - SaaS via the configured proxy on the ENS console, which helps to download the updated Agent policy with the OverwriteClientSites value as 1, and TA enables agent-to-server communication interval (ASCI) through a proxy, which is updated in the policy. Affected ProductsLanguages:This article is available in the following languages: |
|