Loading...

Knowledge Center


How to change the ePO 4.5 Agent-to-Server Communication secure port
Technical Articles ID:  KB66929
Last Modified:  02/14/2014
Rated:


Environment

McAfee ePolicy Orchestrator (ePO) 4.5

Summary

This article explains how to change the ePO 4.5 Agent-to-Server communication secure port., which is a new feature for ePO 4.5.

On a new ePO 4.5 installation, you can modify the default port value (443) for the Agent-to-Server communication secure port. Current functionality does not allow you to modify this port via the user interface after you have installed ePO. If you upgrade from ePO 4.0 to ePO 4.5 RTW, the installer does not list the Agent-to-Server communication secure port, and therefore the upgrade completes using the default value. If you have to change the port number later, see the following Solution.

Only McAfee Agent 4.5 and later can use the secure communication port provided with ePO 4.5. All managed systems with McAfee Agent 4.5 are affected by this port change, unless you have disabled the feature in your Server Settings on the ePO server. With this feature enabled (the default), you have to modify the port setting on each McAfee Agent 4.5 client and restart the McAfee Framework Service (manually or via script). Alternatively, you can re-deploy McAfee Agent 4.5 to all affected systems.

NOTE: There is no automatic port validation for this procedure. You must ensure that the selected port is not already in use.

Solution

Change the ePO 4.5 Agent-to-Server communication secure port, do the following:

Consideration
To lessen the length of time that a McAfee Agent 4.5 client is unable to communicate to the server due to the port change, you might choose to reduce the Agent-to-Server Communication Interval (ASCI). The default is 60 minutes, and the time interval that agents will be out of communication with the ePO server is two ASCIs. After the port number change completes and the agents are communicating with the server, the ASCI can be changed back to the previous time interval.
  1. Change the port number in the ePO database:
    1. Connect to the ePO server database with SQL Server Management Studio.
    2. Run the following SQL command, where [ePODBName] (brackets are required) is the name of your ePO 4.5 database, and NewPortValue is the number of the port you would like to use instead of 443:

      Update [ePODBName].dbo.EPOServerInfo
      Set [ServerHttpsPort] = NewPortValue

       
  2. On the ePO server, edit the httpd.conf and ssl.conf files. The default location for these files is:

    <Installation_Dir>\McAfee\ePolicy Orchestrator\Apache2\conf

    • For httpd.conf
      Locate the following line and replace 443 with new value: 

      Listen 443
       
    • For ssl.conf:
      Locate the two lines below and replace 443 with new value:

      <VirtualHost _default_:443>
      ServerName <server>:443
       
  3. Restart the ePO services:
    1. Click Start, Run, type services.msc and click OK.
    2. Right-click each of the following services and select Restart:

      - McAfee ePolicy Orchestrator 4.5.0 Application Server
      - McAfee ePolicy Orchestrator 4.5.0 Event Parser
      - McAfee ePolicy Orchestrator 4.5.0 Server
       
  4. Update httpd.conf and ssl.conf on each remote Agent Handler (if any). The default location is:

    <InstallDir>\McAfee\Agent Handler\Apache\conf

    For httpd.conf
    Locate the following line and replace 443 with new value: 
    Listen 443

    For ssl.conf:
    Locate the following two lines and replace 443 with new value:

    <VirtualHost _default_:443>
    ServerName <server>:443

     
  5. Restart the ePO services on each remote Agent Handler (if any):
    1. Click Start, Run, type services.msc, and click OK.
    2. Right-click each of the following services and click Restart:

      - McAfee ePolicy Orchestrator 4.5.0 Server (this service may also be listed as MCAFEEAPACHESVR)
      - McAfee ePolicy Orchestrator 4.5.0 Event Parser
       
    3. Verify new secure port number listed in lastSent_Sitelist.xml, located in: <Installation_Dir>\McAfee\Agent Handler\DB 
       
  6. Replace sitelist.xml on all McAfee Agent 4.5 clients:
    NOTE: Earlier agent versions are not affected by the secure port change.

    Option 1
    Repeat the following for each client with McAfee Agent 4.5.
     
    1. On the ePO server, copy sitelist.xml from the following location:
      <Installation_Dir>\McAfee\ePolicy Orchestrator\DB\ 
       
    2. On the client system, click Start, Run, type services.msc and click OK.
    3. Stop the McAfee Framework Service.
    4. Navigate to the following folder:

      Documents and Settings\All Users\Application Data\McAfee\Common Framework
    5. Delete the following files:
      - sitelist.xml

      - sitecache.bin
      ServerSiteList.xml
       
    6. Paste the copied version of sitelist.xml from the ePO server into this folder.
    7. Rename the pasted sitelist.xml to ServerSiteList.xml.
    8. Click Start, Run, type services.msc and click OK.
    9. Right-click the McAfee Framework Service and click Restart.
    10. Wait two ASCI intervals to ensure that the agent and server are now communicating with one another.
       
    Option 2
    After the port change has been made on the ePO server, reinstall the agent using the /forceinstall switch to overwrite the existing Sitelist.xml file.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.
United States - English
© 2003-2013 McAfee, Inc.