Oct 072013

When provisioning a Citrix environment you can come across some problems with the McAfee Agent.  The agent generated a unique ID to communicatie with the ePolicy Orchestrator (ePO) server. As the same AgentGuid will be in the vDisk, the ePO server will see all provisioned servers as one.

The following procedure solved my problems.

First,  export the McAfee agent from the ePO console. Install the agent in the vdisk (private mode). After that, install the McAfee Virusscan Enterprise. Choose a perpetual license and leave the rest default, if you manage your environment with a policy. Set the McAfee Framework to manual. Delete the registry key:

HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent

This registry key contains all unique information and will be regenerated after starting the service. Shut the server down after the installation and put your vDisk in standard.

The following script is run at startup with a policy.

ECHO Recreate AgentGUID for McAfee Agent
SET STR=%str:~5,8%
REG DELETE "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /f /va
REG ADD "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /t REG_SZ /d "{90ED4154-3593-4513-A74C-809B567D8%STR%}" /f
REG ADD "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v ePOServerList /t REG_SZ /d "USRMS001.kbl.local||443" /f
net start "McAfee Framework-service"

I needed a new unique identifier. The hostname is unique but the Agentguid needs a hexadecimal code. So I’ve trimmed the hostname to just use the 3 last digits. Server USRCS001 will become just 001.
After that I add a new AgentGUID and add the 3 digits at the end. I needed the server to have the same AgentGuid everytime to make sure it wouldn’t be duplicate in the ePO console.
The agent needs to know which server it needs to contact so I’ve added the ip of the server. You can see this key in every other server or desktop with an agent.
After that start the Framework service. The rest of the variables will be created automatically.

The servers are still not known in your ePO Management console so you need to add them with the correct key. Start your ePO managenent console and go to Menu / system / system tree. Choose the correct folder in the left pane. Click on system tree actions in the left corner and choose new systems.

Choose “Add systems to the current group, but do not push agents” at the top. Do not use other options as the AgentGuid will be changed! Fill in the server names in the “Target Names” box and click ok. Wait for the ePO  server to contact server. If your not as patient like me, just run "c:\Program Files (x86)\mcafee\Common Framework\CmdAgent.exe" on your endpoint to force communications.

I was inspired by the ideas of my colleague Michel Stevelmans Trend Micro blogpost, but I had to change a lot of things to make it work with McAfee. You can read his blog here: http://www.michelstevelmans.com/installing-trend-micro-officescan-vdisk/

  One Response to “Installing the McAfee agent (Framework Service) in a Citrix vDisk”

  1. […] Installing the McAfee agent (Framework Service) in a Citrix vDisk Installing Trend Micro OfficeScan in a vDisk […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>