To troubleshoot an SVA Manager Connecting issue:

1. Telnet from the client to the SVA Manager on port 8080.
2. Telnet from OSS to the SVA Manager on port 8443.
3. Telnet from the client to OSS on port 9053.

NOTE: The ports listed above are default ports. If the ports have been changed, insert the correct port number in place of the default. You can find ports in the policy pushed from ePolicy Orchestrator (ePO).
 
If a telnet connection or session can be established successfully on all ports listed above, perform the following steps:
 
Generate a cert file of MOVE from Server Tasks:

1. Log on to the ePO console as an administrator.
2. Click Menu and go to Automation, Server Tasks.
3. Run the MOVE AntiVirus: Generate Certificates task.
4. Perform a wake-up call to the agent and verify the status of the issue.

If the issue remains unresolved after you generate the certificate file, perform the following steps.

Check to see if manual assignment of OSS is working:

1. Go to Options, Policy.
2. Select Assign SVM manually from the SVM Assignment policy.
3. Wake up the agent on the client and see if Mvadm status shows the OSS server as being assigned or not.
4. When the SVM Assignment policy has been changed back to its original setting from Assign SVM manually, check the SVA Manager connection, per Mvadm status. If the connection is not present, perform the following steps.

Check to see if the OSS is getting the IP address of the SVA Manager by examining the registry:

1. Go to Start, Run, type regedit, and then click Run.
2. In regedit, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mvserver\Parameters.
3. Examine the value for the SVAManagerAddress STRING. It must contain the IP address of the SVA Manager. 

Errors that you might see in the logs, and what the errors indicate are listed below:

The MVAGENT.log records the errors below:
ERROR: svc_curl.c  :  199: Got 500 HTTP response from broker try again after 5 sec..            
ERROR: svc_curl.c  :  199: Got 500 HTTP response from broker try again after 5 sec..
 
The MVAGENT.log records the errors below: 

ERROR: winhttp.c   :   95: Failed : Winhttp request failed with error -1
ERROR: svc_curl.c  :  192: Unable to connect with broker
The OSS MOVESERver.log records the errors below:

ERROR: svc_curl.c  :  213: Unable to register oss server with broker. Err = -1 (OS defined error code)
DETAIL: winhttp.c   :   79: URL = https://XXX.XXX.XXX.XXX:8443/commands/OSS_INIT
Message = protocolVersion=1&ossGuid=A62E5091-5E19-4B9C-95B6-1B95F4A66153&cmdData={"productVersion":"4.5.0-211","agentGuid":"{fc9cceaa-b94b-11e6-3f2d-00505697e892}","osType":"Microsoft Standard Edition (build 9200), 64-bit, 8 processor(s)","hostName":"AGL-SA-SVR-WIN1","networkAddresses":[{"ip":"10.212.220.64","mask":"255.255.255.0"}],"port":9053,"maxNumberOfClients":"250","lastDisconnectReason":"UNKNOWN"}
ERROR: CWinHttpHelper.cpp:  281: Failed : winhttpsendrequest ,failed with error 12029
ERROR: winhttp.c   :   95: Failed : Winhttp request failed with error -1
 
The MVserver.log records the errors below:

ERROR: CWinHttpHelper.cpp:  155: Failed : Not a valid certificate data
ERROR: winhttp.c   :   97: Failed : Winhttp request failed with error -1
ERROR: svc_curl.c  :  233: Unable to register OSS with broker with err: -1, get last error: 0
ERROR: winhttp.c   :   97: Failed : Winhttp request failed with error -1
ERROR: svc_curl.c  :  233: Unable to register OSS with broker with err: -1, get last error: -2146893017

Review the configuration on the SVM Manager device:
Verify that the client system can perform an nslookup using the domain name or IP address of the SVM Manager.

NOTE: If nslookup doesn't resolve, verify that the appropriate DNS host A-record is properly configured for the SVM Manager.

1. Verify if the SVM and Client ports are listening by running the following command:
   
   netstat -tnl
   
   The output must show that the SVM and Client ports (default TCP 8443 and 8080) are listening. If they are not, continue to the next step.
    
2. From the SVM Manager, run the following service status commands. Make sure that the output indicates Active (running):
   NOTES:
   • If the status is anything other than Active (running), stop and restart the service. Rerun the status command and verify Active (running).
   • If restarting the service does not produce an Active (running) status, reboot the system and verify the service status.

 

3. Run the commands below, and then capture the log. Validate the output:

4. Capture the below XML file using the cat command. Validate that the following lines show the name of your SVM Manager Settings policy and the ports listed there for SVM and Client.
   This example shows default values:

1. Duplicate the McAfee Default SVM Manager Settings policy in ePO and reconfigure the new policy as needed.
2. Reassign all policy applied to the SVM Manager system to the McAfee Default.
3. Run an agent wake-up call with forced policy update.
4. Revert the device to the previous policy, except for the SVM Manager Settings policy.
5. Assign the newly created SVM Manager Settings policy and repeat the Agent wake-up call with a forced policy update.
    

5. Capture the config file using the cat command and make sure that the following lines display:

If step 4 is verified good, the movesvamanager service is not reading policy correctly. The greatest likelihood is the /home/movesvamanager/sva-config script has not been run or failed. Run that script, scrutinize the output carefully for errors, and then check this file again.

If it is still not displaying the correct ports, destroy the existing SVM Manager device, delete that system from the ePO System Tree, and deploy a new one.

Run through the sva-config script and verify this file again. If it is still not displaying the correct ports, collect a MER from the system and contact Technical Support.