Loading...

Knowledge Center


Agent-to-server communication fails for clients with McAfee Agent 5.0 that connect using Microsoft Direct Access
Technical Articles ID:   KB86012
Last Modified:  2/29/2016
Rated:


Environment

McAfee Agent (MA) 5.0.2, 5.0.1, 5.0.0

Problem

Agent-to-server communication fails for clients connected to the network through Microsoft Direct Access. When this issue occurs, the masvc log records the following error:
 
2015-08-10 14:20:21.711 masvc(7252.9020) ahclient.Info: connection initiated  to site https://xxxxxxx/spipe/pkg?AgentGuid={5d0cf5c2-3f8a-11e5-2773-e09d3113f808}&Source=Agent_3.0.0.
2015-08-10 14:20:39.432 masvc(7252.8284) masvc.Info: Received handler control code
2015-08-10 14:20:42.755 masvc(7252.9020) network.Error: URL(https://xxxxxxx/spipe/pkg?AgentGuid={5d0cf5c2-3f8a-11e5-2773-e09d3113f808}&Source=Agent_3.0.0) request, failed with curl error 7, Response 0
2015-08-10 14:20:42.755 masvc(7252.9020) ahclient.Info: Network library rc = <1007>, Agent handler reports response code <0>.
2015-08-10 14:20:42.755 masvc(7252.9020) ahclient.Info: Initiating spipe connection to site https://xxxxxxx/spipe/pkg?AgentGuid={5d0cf5c2-3f8a-11e5-2773-e09d3113f808}&Source=Agent_3.0.0.
2015-08-10 14:20:42.786 masvc(7252.9020) ahclient.Info: connection initiated  to site https://xxxxxxx/spipe/pkg?AgentGuid={5d0cf5c2-3f8a-11e5-2773-e09d3113f808}&Source=Agent_3.0.0.
2015-08-10 14:21:03.815 masvc(7252.9020) network.Error: URL(https://xxxxxxx/spipe/pkg?AgentGuid={5d0cf5c2-3f8a-11e5-2773-e09d3113f808}&Source=Agent_3.0.0) request, failed with curl error 7, Response

System Change

Upgraded MA from 4.x to 5.0.0-5.0.2.

Cause

Some or all configurations with Microsoft Direct Access do not allow communication using IPv4. When MA attempts to communicate with ePolicy Orchestrator (ePO), it may first attempt to connect using the IPv4 address of the ePO server and then fail over to the Fully Qualified Domain Name (FQDN). 

When MA attempts to resolve the FQDN, it may resolve both IPv4 and IPv6 addresses and again attempt to establish the connection using IPv4. It should then fail over to the IPv6 address, but a defect in the agent prevents it from failing over to IPv6 and causes the communication to fail.

Solution

This issue is resolved in MA 5.0.3, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Solution

This issue is also resolved in MA 5.0.2 Hotfix 1110392.
McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Workaround

Add a host file entry for the FQDN of the ePO server or Agent Handler that points to the correct IPv6 address on all clients that use Direct Access.

Workaround

This issue does not occur with MA 4.8 and earlier. For clients that must use Direct Access, revert to MA 4.8 if possible.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.