An Active Directory Sync configured to move or delete a large number of systems temporarily prevents Agent communication

Technical Articles ID: KB89357
Last Modified: 6/11/2019

Environment

McAfee ePolicy Orchestrator (ePO) 5.9.x, 5.3.x, 5.1.x

Problem

Agents are unable to communicate because of handlers reaching a "max connections" state during the execution of an Active Directory (AD) sync task that is configured to move or delete a large number of systems.

The Agent communication issue is temporary, and will subside upon completion of the AD Sync task.

Cause

The AD sync task commits expensive SQL queries, especially during a sync task configured to delete or move systems already within the ePO System Tree.

As designed in the impacted ePO versions, this AD Sync task attempts to execute in one large transaction, which can result (in rare situations where a large number of systems are being moved or deleted) in blocking within the SQL database, preventing incoming Agent-to-Server communication from being processed during the transaction execution.

Solution

This issue is resolved in ePO 5.9.1, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.
The planned solution to be included in ePO 5.9.1 will allow for the transaction to periodically commit the sync in progress, to release locks and avoid blocking other SQL operations (including Agent-to-Server communication).

Affected Products

ePolicy Orchestrator 5.9
Known Issue/Product Defect

Languages:

This article is available in the following languages:

English United States
Spanish Spain
French
Japanese
Portuguese Brasileiro

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

An Active Directory Sync configured to move or delete a large number of systems temporarily prevents Agent communication

Environment

Problem

Cause

Solution

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

An Active Directory Sync configured to move or delete a large number of systems temporarily prevents Agent communication

Environment

Problem

Cause

Solution

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title