Technical Support might request the following data when they investigate an issue that involves the McAfee Active Response Extension in ePO.
NOTE: Technical Support might request more data, depending on each issue beyond the process documented below.
Most issues that involve the McAfee Active Response Extension are logged in the ePO servers Orion log.
- On your ePO server, enable debug-level logging for the orion.log file. See KB52369 for steps.
- Reproduce the issue.
IMPORTANT: Note the time when you reproduced the issue and provide this information to McAfee as part of logging the case.
- Gather the logs from:
<ePO install folder>\Server\Logs
- Collect an MER from the ePO server. See KB72895 for steps.
- If your issue is with McAfee Active Response policies, for example, empty policies or a failure during the change of a policy, collect a MER from the McAfee Active Response Server. See KB87957 for steps.
- Disable Orion debug logging. See KB52369 for steps.
- Gather error messages:
- If your issue is with registering the ePO Cloud bridge account:
- Copy any error message seen under ePO Server settings, McAfee® ePO™ Cloud Bridge.
- Copy any further errors that you see.
- Add the error messages to your Service Request.
- If you see errors in the Active Response Workspace, copy the errors, and include them in your Service Request.
- If there is no information in the Active Response Workspace, gather the MER from the DXL broker that your client is connecting to, and a MER from the McAfee Active Response client. See KB92004 for steps.
