After updating the latest motopatch for Trellix ens, the system is getting a few warning messages on the ePolicy Console login screen and none of our systems show up under the system tree page. 

"The local Agent Handler service is not running."

Problem

After you install ePO 5.10, you see the following symptoms:

• When you start the ePO console to log on, the following message is displayed:

The Local Agent Handler service is not running

• In the Services Control Panel, the McAfee ePolicy Orchestrator 5.10.0 Server service doesn't show as Running.
  
  
• If you try to start the service, it fails to start with the message below:

Windows could not start the McAfee ePolicy Orchestrator 5.10.0 Server service

• In the Application event log, Event ID 3299 is reported for the Apache Service, with the following message on the general tab:

The Apache service named reported the following error:
>>> SSLCertificateFile: File 'C:/Program Files (x86)/McAfee/ePolicy Orchestrator/Apache2/conf/ssl.crt/ahcert.crt' does not exist or is empty

• The ..\ePolicy Orchestrator\Apache2\conf\ssl.crt folder contains only one file named pkcs12store.properties.
  
  
• When you try to regenerate the Agent Handler (AH) certificate using the RunDllGenCerts method described in KB90760 - How to regenerate the certificates used by the ePO server service, the process fails. The following errors are recorded in the ahsetup_<host_name>.log file:

MCUPLOAD SecureHttp.cpp(694): Failed to send HTTP request to server W2016-2 for command name epo.command.isAdmin on port 8443. (error=12175) 
MCUPLOAD SecureHttp.cpp(883): Failed to process the secure communication request (error=12175)
AHSETUP The Agent Handler failed to connect to the ePO server.

During the ePO installation, the installer is unable to successfully create the AH certificates, so the required cipher suites are disabled on the ePO server. The installer is then unable to successfully communicate with the ePO Application Server service.

ePO 5.10 requires Transport Layer Security (TLS) v1.2 and at least one of the following cipher suites to be enabled on the ePO server:

• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA

Astro
Trellix
CSMS
McAfee

Solution 1

Enable at least one, but ideally all four, of the cipher suites on the ePO server:

1. Enable the cipher suites on the ePO server, either manually or by using a tool such as IISCrypto.
2. Reboot the server. This action is needed to enable the cipher suites.
3. Regenerate the AH certificates using RunDllGenCerts, as described in KB90760 - How to regenerate the certificates used by the ePO server service.
4. Start the ePO server service:
   1. Press Windows+R. The Run window is displayed.
   2. Type services.msc in the field and press Enter. 
   3. Right-click each of the ePO services and select Restart:
      
      McAfee ePolicy Orchestrator #.#.# Server
      
      
   4. Close the services window.

The service can now start correctly.

Solution 2

If you've applied the solution, but the issue remains unresolved, contact us for assistance. There must be another cause for the problem.

IMPORTANT: The following files are required for Technical Support:

• Minimum Escalation Requirements (MER) files for your specific product. For information about downloading the MERs for each product, see KB59385 - How to use MER tools with supported products.
• Other files and logs, as requested by Technical Support.