McAfee Agent fails to communicate with the ePolicy Orchestrator server intermittently with a curl error <7> or curl error <28>

McAfee Agent fails to communicate with the ePolicy Orchestrator server intermittently with a curl error <7> or curl error <28>


Problem
When the agent attempts to communicate with the ePO server, the communication fails with the following errors in the masvc_<machine name>.log:
 
masvc(1264.1276) property.Info: Agent started performing ASCI
ahclient.Info: Agent communication session started
ahclient.Info: Agent is connecting to ePO server
ahclient.Info: Initiating spipe connection to site https://:443/spipe/pkg?AgentGuid={30AE7C51-2834-495D-B793-E03C08881E4D}&Source=Agent_3.0.0.
ahclient.Info: connection initiated  to site https://:443/spipe/pkg?AgentGuid={30AE7C51-2834-495D-B793-E03C08881E4D}&Source=Agent_3.0.0.
network.Notice: URL(https://:443/spipe/pkg?AgentGuid={30AE7C51-2834-495D-B793-E03C08881E4D}&Source=Agent_3.0.0) request failed with curl error <28>, response code <0>, http connect code 0
ahclient.Error: Agent failed to communicate with ePO Server
ahclient.Info: Spipe connection response received, network return code = 1301, response code -1.
 
There is no corresponding error or log activity in the server log on the Agent Handler machine that the client is attempting to communicate with.

Problem

When the agent attempts to communicate with the ePO server, the communication fails with the following errors in the masvc_<machine name>.log:
 
property.Info: Agent started performing ASCI
ahclient.Info: Start processing spipe connection request.
ahclient.Info: Agent communication session started
ahclient.Info: Agent is connecting to ePO server
network.Notice: URL(https://:18101/spipe/pkg?AgentGuid={dd996394-f13f-11e5-00dd-2880230426af}&Source=Agent_3.0.0) request failed with curl error <7>, response code <0>, http connect code 0
network.Debug: URL(https://:18101/spipe/pkg?AgentGuid={dd996394-f13f-11e5-00dd-2880230426af}&Source=Agent_3.0.0) request, completed with Response 0 calling final callback
ahclient.Info: Network library rc = <1007>, Agent handler reports response code <0>.
ahclient.Error: Agent failed to communicate with ePO Server
 
There is no corresponding error or log activity in the server log on the Agent Handler machine that the client is attempting to communicate with.

Problem

The following errors display in the Agent Status Monitor:
 
Agent failed to communicate with ePO server
Agent failed to send events
Agent failed to enforce policies
 
There is no corresponding error or log activity in the server log on the Agent Handler machine that the client is attempting to communicate with.

Problem

All TCP sockets on the ePO server or Agent Handler are full because of connections from client machines to the agent-to-server port that are left in a FIN_WAIT_2 state. You can see this when running the following command from a command prompt from the ePO server and/or remote Agent Handler:
 
netstat -anb

As an example, you will see hundreds of connections similar to the following:
 
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2
TCP    <client IP>:443        <epo server IP>:54931      FIN_WAIT_2

Cause

McAfee Agent does not properly close the client connection/socket after receiving a FIN,ACK from the ePO server or remote Agent Handler. Each client connection remains open on the server for up to two minutes.

Solution

This issue is resolved in McAfee Agent 5.0.5, which is available for download through the ePO Software Manager or Product Downloads site.

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Workaround

Turn off the KeepAlive setting on the ePO server or remote Agent Handler to prevent these connections from remaining open. This will not have any adverse affects on the environment.

On the ePO server (and remote Agent Handlers if any exist), do the following:
  1. Stop the McAfee ePolicy Orchestrator Server service:
    1. Press Windows+R, type services.msc, and click OK.
    2. Right-click the following service and select Stop:

      McAfee ePolicy Orchestrator 5.x.x Server
       
  2. Navigate to the following directory and make a backup copy of the httpd.conf file:
     
    ...\<ePO installation or remote Agent Handler directory>\Apache2\conf\httpd.conf
     
  3. Open the httpd.conf file and find the following line:
     
    KeepAlive On
     
  4. Change the line to:
     
    KeepAlive Off
     
  5. Start the McAfee ePolicy Orchestrator Server service
    1. Press Windows+R, type services.msc, and click OK.
    2. Right-click the following service and select Start:

      McAfee ePolicy Orchestrator 5.x.x Server