This article covers several issues, and how to overcome the problems. Often the exact same error is shown in the CB Server Settings page, and sometimes a common error is also recorded in the ePO on-premises logs. The common errors make it a little hard to locate the cause and resolve.
The following advice is provided in the
MVISION Cloud Bridge 2.0.0 Installation Guide, under the error message section:
This error occurs if there is an issue connecting to the MVISION backend service or if the MVISION account that is associated with the email address entered is not found. This error also occurs if you type an incorrect email credential or with a valid email address and an incorrect password.
The above advice doesn’t cover all causes that can lead to the CB link falling.
You’re unable to link your ePO server to the MVISION account via the MVISION Cloud Bridge extension, after following the steps in the
MVISION Cloud Bridge 2.0.0 Installation Guide.
Console
Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details |
| Orion.log Error |
n/a |
| Cause |
This error can occur if the MVISION account that is associated with the email address entered isn’t found.
This error also occurs if you type an incorrect email credential, or with a valid email address and an incorrect password. |
| Solution |
Enter a valid email address.
Or
Enter a correct password.
If you’re unable to resolve, speak to your system administrator. |
| Console Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details |
| Orion.log Error |
ERROR [http-nio-8443-exec-19] registration.RegistrationProxyImpl - Unable to check multi-tenancy of the given user account: <email_address>
org.apache.http.conn.HttpHostConnectException: Connect to uam.mcafee-cloud.com:443 [uam.mcafee-cloud.com/99.84.199.12, uam.mcafee-cloud.com/99.84.199.55, uam.mcafee-cloud.com/99.84.199.114, uam.mcafee-cloud.com/99.84.199.59] failed: Connection timed out: connect |
| Cause |
The ePO server is behind a proxy network, and The Proxy settings aren’t configured in the ePO on-premises Server Settings page. |
| Solution |
The ePO administrator must add the Proxy server details to the ePO on-premises Server Settings page.
For help with configuring the e proxy setting, see the ePolicy Orchestrator 5.10.0 Product Guide. |
| Related Article |
KB94929 - Unable to link accounts in MVISION Cloud Bridge (Proxy settings) |
| Console Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details |
| Orion.log Error |
ERROR [http-nio-8443-exec-19] registration.RegistrationProxyImpl - Unable to check multi-tenancy of the given user account: <email_address>
org.apache.http.conn.HttpHostConnectException: Connect to uam.mcafee-cloud.com:443 [uam.mcafee-cloud.com/99.84.199.12, uam.mcafee-cloud.com/99.84.199.55, uam.mcafee-cloud.com/99.84.199.114, uam.mcafee-cloud.com/99.84.199.59] failed: Connection timed out: connect |
| Cause |
A firewall has blocked the URLs related to MVISION Cloud Bridge, causing the account linking to fail. |
| Solution |
The administrator must allow the needed URLs in their firewall settings:
See the article below for details. |
| Related Article |
KB94930 - Unable to link accounts in MVISION Cloud Bridge (Firewall issue) |
| Console Error |
Unable to get access/registration token from IAM service for the provided account credentials. See 'orion.log' for details |
| Orion.log Error |
ERROR [http-abc-9085-exec-102] registration.RegistrationProxyImpl - getAccessToken received HTTP status 401. IAM URL: https://iam.mcafee-cloud.com/iam/v1.0/tokenmsgBody: grant_type=password&scope=epo.reg_token&username=abc.
def%40test.com&password=********&client_id=0oawz1wagXnxG7lUr2p6
ERROR [http-abc-9085-exec-102] action.CloudBridgeServerSettingsAction - Cloud Bridge registration failed, IAM error code: 401 "Token Endpoint: Password grant: Error: invalid_grant - Resource owner password credentials authentication denied by sign on policy."
com.mcafee.epo.cloudbridge.RegistrationException: Could not get access token from IAM service with scope(s) epo.reg_token. |
| Cause |
Multifactor authentication is enabled for the MVISION ePO user account. Multifactor authentication is used to link to McAfee MVISION Cloud Bridge and MVISION ePO Migration extension. |
| Solution |
This issue is scheduled to be resolved in MVISION Cloud Bridge 2.2, which isn’t currently available.
In the interim, implement the workaround documented in the Related Article below. |
| Related Article |
KB93420 - Unable to link accounts in MVISION Cloud Bridge (Multifactor authentication enabled) |
