Use this information to troubleshoot the MA provisioning step. You might need to troubleshoot this step when the TIE server is deployed, or when you configure the TIE server to connect to a new McAfee ePolicy Orchestrator (ePO) server through the
reconfig-ma script.
Troubleshooting
The provisioning steps try to verify the ePO certificate to avoid impersonation. The ePO certificate might not be configured properly and require manual steps to troubleshoot. Match the Error description from the table below to troubleshoot the provisioning step of MA when the TIE server fails.
IMPORTANT:
- Typographic errors in sed commands can damage the configuration files. Create a backup of your configuration files before you run these commands.
- V.iew a list of Libcurl error codes
Error |
Probable Cause |
Solution |
Failed to configure McAfee Agent: Could not get ePO server certificate. Ensure the provided data is correct. |
ePO is not reachable, either because the provided data is incorrect, or because of a networking issue. |
Make sure that the TIE server can reach the ePO server you are configuring. |
Failed to get ePO FIPS mode. Ensure the provided data is correct.
There was a problem on the remote command execution. cURL exit code: 51 |
The remote server's SSL certificate or SSH MD5 fingerprint was considered incorrect.
The reason is most likely because of a mismatch between the domain name requested and the server certificate. |
Retry using the ePO server IP instead of the ePO host name. |
Failed to get ePO FIPS mode. Ensure the provided data is correct.
There was a problem on the remote command execution. cURL exit code: 35 |
There is a problem in the SSL/TLS handshake.
The reason is most likely because of a non-supported protocol between the client and the server. |
Connect through SSH to the TIE Server appliance and run the following command as root:
sed -i 's/tlsv1.2/tlsv1/' /etc/firstboot/firstboot96/20-config-ma
Reboot the appliance and retry the MA provisioning step. |
Failed to get ePO FIPS mode. Ensure the provided data is correct.
There was a problem on the remote command execution. cURL exit code: 60 |
The peer certificate can't be authenticated with known CA certificates.
The reason is most likely because of a broken ePO certificate chain, or the certificate has expired. |
Make sure that ePO certificate chain is healthy and valid. If no problem can be found, you can configure MA provisioning without ePO certificate validation:
Connect through SSH to the TIE Server appliance and run the following command as root:
sed -i 's/curl/curl --insecure/' /etc/firstboot/firstboot96/20-config-ma
Reboot the appliance and retry the MA provisioning step. |
ePO returned an error status code. Please verify that the ePO user and password are correct. |
The ePO administrator credentials are incorrect. |
Try again with valid credentials.
NOTE: If you have special characters in your password, such as the percent symbol (%), remove it from the password, and run the reconfig-ma script again. You can change the password again after the provisioning has completed. |