Drive Encryption doesn't create an event to sync the updated user data with ePO and Drive Encryption admin extension
Technical Articles ID:
KB96250
Last Modified: 2023-09-05 05:10:57 Etc/GMT
Environment
Drive Encryption (DE) 7.3.1 and later versions
Problem
1
DE is unresponsive in creating events and syncing the updated user data with ePolicy Orchestrator (ePO) 5.10.0 Updates 14 and 15 and the DE admin extension 7.3.1 and later versions.
Problem
2
The DE status is Inactive with the message " Creating Event to request data for assigned users."
The MfeEpe.log reports the following:
2023-08-28 04:16:16,185 INFO EpoState == Start of policy enforcement ==
2023-08-28 04:16:16,185 INFO StatusService Policy enforcement has started
2023-08-28 04:16:16,185 INFO EpoPlugin enforceUserPolicy: Dispatching enforce policy event.
2023-08-28 04:16:16,185 INFO EpoPlugin policyHandler: handling EnforcePolicy event
2023-08-28 04:16:16,185 INFO EpoPlugin userHandler: handling AddLocalDomainUsers event
2023-08-28 04:16:16,185 INFO EpoPlugin userHandler: handling AddLocalDomainUsers response
2023-08-28 04:16:16,185 INFO EpoPlugin userHandler: dispatching GetAllUsers event to AgentHandler
2023-08-28 04:16:16,185 INFO EpoPlugin userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB71865).
2023-08-28 04:16:16,200 INFO StatusService Creating Event to request data for assigned users
.
2023-08-28 08:14:08,878 INFO EpoPlugin Reporting TargetState property as Active
2023-08-28 08:14:08,878 INFO EpoPlugin collectProperties: dispatching disk list to AgentHandler
2023-08-28 08:14:11,674 INFO EpoPlugin enforcePolicy: Policy Enforcement is already in progress, skipping this one.
2023-08-28 08:14:11,674 INFO EpoPlugin enforcePolicy: Policy Enforcement is already in progress, skipping this one.
2023-08-28 08:14:12,080 INFO EpoPlugin enforcePolicy: skipping policy enforcement, since we already performed one within the last 20 seconds.
2023-08-28 08:14:12,080 INFO EpoPlugin enforcePolicy: Policy Enforcement is already in progress, skipping this one.
2023-08-28 08:14:12,330 INFO EpoPlugin enforcePolicy: skipping policy enforcement, since we already performed one within the last 20 seconds.
2023-08-28 08:14:12,330 INFO EpoPlugin enforcePolicy: Policy Enforcement is already in progress, skipping this one.
Cause
The cause for this issue is under investigation.
Solution
Follow the steps below:
- Login to ePO console, Menu, Configuration, Server Settings, Event Filtering.
- Click Edit.
- Search for the event ID: 30030.
- If the event ID is visible but not enabled, enable it and then Save.
- Enforce the policy.
- Restart the Trellix Drive Encryption service on the client machine.
- Click Collect and Send props (multiple times) for the activation process to start.
In case the event ID: 30030 isn't visible in the event filtering list, follow the steps below:
- Execute the following SQL statement within SQL Management Studio.
update EPOEventFilter set flag = 1 where Eventid = '30030'
- Resave the event filters in the ePO server settings or restart the ePO services.
NOTES:
- This issue will be fixed in the upcoming ePO release.
- If you're already impacted by this issue, you must fix it by executing the given SQL statement. The upcoming ePO release won't resolve your existing issue; it will only prevent the server from getting impacted by this issue in the future.
|
