Workstations running Deep Freeze Enterprise and McAfee’s Endpoint Security Software fail to connect to ePolicy Orchestrator Servers.
Posted by Adam Zilliax, Last modified by Adam Zilliax on 14 February 2018 10:56 AM
Systems running Deep Freeze and McAffe Endpoint Security or Virus Scan will fail to communicate with the ePolicy Orchestrator server resulting in systems not properly updating virus definitions.
To help mitigate against replay attacks against the ePO Server the McAfee Agent and ePO Server maintain a sequence number that incremented each time that a client checks in with the ePO Server. In the event that a client checks in with a lower than expected sequence number the ePO Serer will reject the communication with the client machine resulting in the errors described above.
In some cases, administrators may need to take additional steps to address this issue on machines impacted by the issue by resetting the McAfee Agent GUID used to identify the systems affected. This can be done my removing the following registry keys from the system;
After removing these registry keys the McAfee Framework Service will need to be restarted, or the system will need to be rebooted.
Documentation on this issue can be found on the McAfee Website at the URL’s below;
Sequence number invalid (computers running McAfee Agent fail to connect to the ePolicy Orchestrator server)
How to reset the McAfee Agent GUID if computers are not displayed in the ePolicy Orchestrator directory