Post-Installation Tasks

  • Verify services are installed/started.

  • bullet

    Make sure Startup type for SQL Server Agent (EPOSERVER) service is Automatic.

  • bullet

    Make sure pop-up blocker is off.

  • bullet

    Log in to ePO for first time.

  • bullet

    Import root certificate.

  • bullet

    Install required updates for Trellix security products (if appropriate).

  • bullet

    View port assignments.

  • bullet

    Configure ePO for multiple NICs (if appropriate).

Verify Services are Installed and Started

  1. Select Start > Programs > Administrative Tools > Services.

  2. Identify the services installed on the server and started. Pay special attention to these services:

    1. Trellix ePolicy Orchestrator Application Server Service (Tomcat): Responsible for displaying the ePO console and running extensions, as well as other background functions.

    2. Trellix ePolicy Orchestrator Event Parser Service: Takes events uploaded from clients in your environment and parses them into the SQL database.

    3. Trellix ePolicy Orchestrator Server Service (Apache): Processes and receives all agent-server communication.

Log Files for Application Server, Event Parser, and Server Services The following are the primary log locations for these services:

  • Application Server service (Tomcat): orion.log or orion_servername.log located in: ...\<epoinstallationdirectory>\server\logs\

  • Event Parser service: eventparser.log or eventparser_servername.log located in: ..\<epoinstallationdirectory>\db\logs\

  • Server service (Apache): server.log or server_servername.log located in: ...\<epoinstallationdirectory>\db\logs\

List of Services

  • Trellix ePO Application Server Service (Tomcat)

  • Trellix ePO Event Parser Service

  • Trellix ePO Server Service (Apache)

  • Product Improvement Program Service (optional)

  • SQL Server

  • SQL Server Agent

  • SQL Server Browser

Rely on constant, high-speed connection to ePO SQL Server database/ Cluster installs only

Logging in to ePO for the First Time

After the installation is complete, connect to the ePO server and verify the ePO console is accessible. Because the console is web-based, you can also access the console remotely using a supported browser at one of these addresses:

  • https://<servername>:<console-to-server port (default 8443)

  • https://<ipaddress_of_server>:<console-to-server port (default 8443)

After connecting to the server, log in with default admin account credentials. These credentials are case-sensitive. (Later, you will add accounts for other ePO users.)

  • Preferred language (Note: Choose English UK as the language for European date and time format. )

  • User name: admin (default)

  • Password: as specified during the install

Login Guidelines

  • You can log on to multiple ePO servers by opening a new browser session or tab for each ePO server.

  • The computer must exist in the same domain, (or a domain that has a trust relationship with that domain) as the ePO server.

  • If a system name contains an underscore (_) character, log on using the ePO server’s IP address, rather than the machine name.

  • Console communication is secured with industry standard Secure Socket Layer (SSL).

  • If desired, you can change the default login banner to meet your own needs. Click Menu > Configuration > Server Settings, select Login Message from the Settling Categories, then click Edit. Select Display custom login message, then enter your message and click Save.

Logging in to ePO using Identity Provider

ePO Single Sign-On feature enables the customer to bring their own identity provider for the user authentication purposes. This feature internally uses SAML (Security Assertion Markup Language) that allows identity providers (IdPs) to pass authorization credentials to service providers (SP).

Supported Identity Providers:

  • OKTA

  • ADFS

  • Ping Identity

  • Azure AD

  • Onelogin

The service provider will be ePO.

Install Trellix ePO Single Sign-On Extension

Follow this process to install the ePO Single Sign-On extension from the Trellix Download site using your Trellix Grant Number.

Prerequisites:

  • Trellix ePO version must be 5.10.0 Update 11 or later

  • Configure your Identity Provider application

Browse to and select the ePOSingleSignOn_release_<version_number>.<build_number>.zip extension file, click Open, then click OK twice.

Note

You can also download the extension from the Software Catalog of your ePO server.

Configuring SSO to Log on to ePO

Configuring the IdP Application

  • Configure a new IdP application in your SSO solution to get the IdP Entity Id (Issuer URL), IdP SSO URL, and X 509 certificate to input in your SAML configuration information

  • For instructions on how to configure your IdP application, see your identity provider’s documentation

Note: You might need to use placeholder information for the ACS URL and the Audience URI (Service Provider Entity ID) when you configure your third-party IdP. Enter the details when you Update your IdP application SAML settings with the information from the ePO server.

Input SAML Configuration Information

Configure the settings in the IDP SAML Settings page under Server Settings to enable SSO using your IdP application:

  • Import IDP Metadata xml file — Download the metadata from your IdP, and then click Import to upload the metadata to ePO

  • After entering the details, click Save

  • Once you log off from the ePO application, you will see the Log On with IDP option on the main screen

Note: Some IdPs do not support the download of the metadata extension. You will need to input data manually after collecting the necessary details from your IdP application.

Update IdP Configuration with Information from ePO Server

Edit SAML settings in your IdP application with information from ePO

  1. Audience URL (Service Provider Entity ID): Enter the Service Provider (ePO) Entity ID from ePO

  2. Single Sign On URL: Enter the Service Provider Assertion Consumer Service URL from ePO

Assign the User Local for the IdP Application

When logging in using an identity provider, the user locale is assigned in the following manner:

  • From the user_locale attribute: It is configured in the IdP application to inform the Service Provider application about the locale of a particular user; for example: Fr-fr or, FR_fr

  • Using the drop-down option: It is present on the logon screen of the ePO application

  • Available as the default locale of the tenant

Using the Logon with IdP Feature

  1. After configuration, click the Log On with IDP option on the ePO logon page (Service Provider initiated SSO), or click the configured application in the IdP console (Identity Provider initiated SSO), to test the logon option. On successful authentication, a page displays with the following message: SAML authentication is successful.

  2. Close your browser to end your session and contact your administrator for ePO permissions grant.

  3. Request the ePO administrator to grant the required permissions. A new user is created in ePO with a user name which is like the email address used in your IdP application, the authentication type is set to SAML authentication, and no permission sets are assigned. An administrator must log on to the ePO console and assign the required permissions to the newly created (IdP) user.

Importing the Root Certificate

ePO uses SSL for communication between the console and the Tomcat web server, so a certificate is required. When you log on, you are prompted to accept a security certificate.

  1. Log on to the ePO server. The Certificate Error page appears.

  2. Click Continue to this website.

  3. Click Certificate Error.

  4. Click View Certificates.

  1. Click Certification Path tab.

  2. Select the Orion_CA_Name_of_Server certificate and then click View Certificate.

  3. Click Install Certificate.

  4. Browse and select Local Computer as the physical store.

Viewing/Editing Port Assignments

Use this page (Menu > Configuration > Settings) to review and change selected port assignments for communication between the server, the agent, and other components. Click on the information (i) icons for more detailed information regarding each port.

The Pre-Installation Auditor tool is embedded into the ePO installer by default and identifies port conflicts prior to the installation.

The figure below shows which ports you can change from this screen. Changes take up to one minute to take effect.

IMPORTANT: Disabling the Agent-server communication secure port is NOT recommended as this breaks the agent-to-server communication until the agents are re-installed. Additionally, upon reinstallation, agents are forced to use a less secure, non-TLS communication path to ePO. For information about changing ports, see these Technical Articles:

Configuring ePO for Multiple NICs

If the ePO server is multihomed (has multiple IP addresses), it is recommended to force the server to be bound to the correct interface. The server IP address is used by the master repository and for agent-server communication. If this address is not provided, the IP address of the first NIC in the binding order is used.

  1. Open C:\Program Files (X86)\McAfee\ePolicy Orchestrator\DB\server.ini.

  2. Modify the [server] section of the file by adding this line:

    1. ServerIPaddress=<IP address of server you want ePO to use>

    2. Example: ServerIPaddress=192.168.1.203

  3. Save and close the server.ini file.

  4. Restart all ePO services.

Basic Installation Troubleshooting

Should you have problems with your install, use this methodology to help identify the cause.

  • Ensure minimum installation requirements are met.

  • Review Release Notes.

  • Review relevant Technical Articles.

  • Verify account and permissions.

  • Collect exact text of all messages.

  • Write down any message codes.

  • Review any installer log files (%temp%\McafeeLogs\).

PreviousPre-Installation Auditor ToolNextUpgrade

Last updated