It appears that McAfee’s ePO system causes conflicts with Web servers when it is hosted on the same machine as for example a Web server like IIS.
Why is this?
I experienced this conflict on a Windows Server 2008 R2 server that was set up with IIS 7 and McAfee’s ePO system.
Apparently McAfee’s ePO system runs on Apache behind the scenes and requires port 443 to be available. This causes a conflict with Web servers such as IIS which also need port 443, so either one or the other breaks if they are both up and running on the same server.
The fix for this is actually quite simple. Port 443 is not really necessary for the functioning of McAfee’s ePO system, so it can be manually commented out in the listen line of McAfee’s httpd.conf file. Although the ePO GUI does seem to provide an option to disable port 443 communications under configuration->server settings->ports, this does not actually work.
Steps to Take
To manually comment out the listen for port 443 line in McAfee’s ePO httpd.conf file browse to your program files directory (usually x86) as follows:
\program files\McAfee\epolicy orchistrator\apache2\conf\
Then open the httpd.conf file in notepad and do a search for 443. You should see a line which reads:
To comment the line out, simply use the # sign so it looks like the following:
# Listen 443
Once you have completed this you can look into starting up IIS and your Web sites again.
In the case I was investigating, the IIS World-Wide Web Publishing Service had been disabled by an external McAfee consultant in order to make their product run. So to get IIS serving sites again I needed to go to the server’s list of services and then re-start the World-Wide Web Publishing Service.
As well, McAfee/Apache kept a lock on port 443 even after the change to the httpd.conf file.I’m sure there are many ways to free up the lock elegantly, I decided to simply restart the server. The apps hosted on it were not critical so a downtime of a few seconds was no problem.
After I had done the reboot of the server McAfee/Apache had freed up port 443 and IIS was serving Web sites again. It did look like McAfee’s ePO system was complaining when I navigated to its login screen, but my fears proved to be unfounded. McAfee was correctly receiving updates from the machines it was controlling and all was well again in the world of shared resources between IIS and McAffee.
For further information on the subject, take a look at the following external resources that also helped me debug this issue:
- Experts-exchange Forums: McAfee ePO 4.5 and IIS?
- The McAfee Support Forums: McAfee EPO services problems
- ApacheFriends.org Support Forum: Install problem – Apache won’t start on W2K machine