gyee
Contributor
Contributor

ESX 3.01 - NT 4.0 Guest with McAfee ePO/CMA/Frameworker Service 3.6

It seems as if everyone calls the service differently but I am referring to the framepkg.exe that is generated by the ePO server. I have opened a ticket with McAfee, they are of no help in a virtualized environment. I have also opened a ticket with VMware, but hoping someone else may have some experience here.

We are having a issue on our rollout of VI3 where our P2V NT 4.0 servers are not able to run the McAfee Frameworker Service, the service hangs at startup. After uninstalling VirusScan 8.5 and the Frameworker Service we are not able to reinstall.

framepkg.exe error : The setup package seems to be corrupted. Try getting a new copy of FramePkg.exe.

Initially I thought it was a P2V issue so tried several things including stopping the services first, ghosting the image then converting, etc... I have since done a clean install of NT4 and the issue is still there.

I have also confirmed the FramePkg.exe file is good, I have installed it on a virtualized Win2k3 server and a physical NT 4.0 server. The issue only appears in a virtualized NT 4.0 server.

I have found serveral people on the McAfee forums with the same issue and no resolution. They didn't mention if there issue was in a virtualized environment...

Has anyone come across this? Find a resolution?

Thanks.

-Gene

0 Kudos
13 Replies
GMellor
Contributor
Contributor

Hi Gene,

We've just come across the same issue. Framepkg.exe is good, but installation complains that it's corrupt.

We are in the middle of upgrading our ESX farm, and at first it only looked like it was simply a ESX 3.0.1 issue.

Then I noticed that all of the NT4 guests failing were on our AMD servers - I've just moved one over to an intel server and McAfee's just installed fine!

Gene - what hardware model / CPU type are your hosts?

Our hardware is all HP :

Intel : DL760G2, DL580G2, DL580G3

AMD : DL585G2

We're just about to do some more investigation, and will report back - but thought I'd post our initial finding in case that helped you get a bit further.

Thanks, Gary.

0 Kudos
GMellor
Contributor
Contributor

We've just tried some tests, starting with a new blank VM.

\- Installed WinNT Server as a PDC (new domain)

\- Installed NT SP6a

\- Installed IE6 SP1

\- Install ePO Agent 3.6.0.546

If we do this on our DL760G2 Intel VI3 server, it works.

If we do this on our DL585G2 AMD VI3 server, it fails with "The setup package seems to be corrupted. Try getting a new copy of FramePkg.exe."

This is using VI 3.0.1 Enterprise, build 42829.

My collegue who looks after our antivirus is going to just go back to ePO agent 3.5.5 / Virus Scan 8.0 on our NT boxes until we find out how to fix this (or until we manage to get rid of our NT4 servers, which may be quicker Smiley Happy )

Will try again when we apply the latest VI3 patches / go up to 3.0.2, and can report then, but that may be a few weeks off.

Regards,

Gary.

Gary.

0 Kudos
gyee
Contributor
Contributor

Gary,

I just got back from vacation so a little late on replying to you. Our issues haven't been resolved yet, still the same errors. The server we are using is a Dell 6850, VI 3.0.1 w/ all patches installed and the guest OS is NT SP6a, IE6 SP1. I have tried a couple revisions of ePO Agents, 3.6.0.x and they all have the same issue.

This is a Intel based server, so the issue doesn't just revolve around AMD processors. I am a bit surprised you got it working on a Intel based server...

We are working with VMWare on this but they have not come up with anything other than it works with 3.5.x.

0 Kudos
gyee
Contributor
Contributor

We just upgraded our ESX server to 3.02, same results.

0 Kudos
GMellor
Contributor
Contributor

Our McAfee guy's found a McAfee KB article which says what's causing this.

So it's the combination of NT4 OS running on CPUs whic support SSE2 which causes McAfee to have a problem. The encryption libraries in the later McAfee products don't support NT4 on SSE2 capable computers.

I'm now trying to work out if I can find the CPU flag bits to hide SSE2 in a VM. I can see instructions in the VMware docs for disabling SSE3 & SSE4, but not SSE2. Time to do some more digging!

The Intel server I tried this on before is a 4 year old DL760G2 server - 3Ghz Xeons but only 100Mhz FSB, so I presume they're old enough to not support SSE2.

I'll post further details if I find out how to disable the SSE2 flags.

Gary.

0 Kudos
bigdee
Enthusiast
Enthusiast

Hi Gary

I found a AMD document about the CPUID flags of Opteron CPUs.

http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/25481.pdf

SSE2 is represended by Bit 26 of EDX register. So hiding this bit may help.

Regards

0 Kudos
gyee
Contributor
Contributor

Maybe we have the same support engineer, he just sent me the same article today. Smiley Happy Please keep us updated if you find a way to disable the SSE2 flag.

-Gene

0 Kudos
gyee
Contributor
Contributor

I am not sure how accurate that article is. I just did some more testing and here are some results:

Since reading the article I started playing with some the VM settings, not expecting anything to work since I went through most of the settings in the past. Surprisingly the first virtualized NT4.0 machine I started working with installed CMA 3.6.0.453 without issue, the settings I changed doesn’t matter because it ended up being a fluke. Turns out that after reverting the changes the install still works and any changes I attempt on other NT 4.0 VMs doesn't help. I also did some testing on a PE2550 without SSE2.

So here are some details:

- VMs are running on the same ESX 3.02 server

- I have a virtualized NT 4.0 machine which does function with VSE 8.5i and CMA 3.6.0.453, this guest OS was a P2V conversion

- I have tried a clean install, attempting to install the same service pack and hotfixes; some hotfixes are no longer available. CMA 3.6.x still fails.

- CMA 3.6.x fails on a PE2550 w/o SSE2, this is a physical install. I do not get a corrupt package message. It fails right after the setup says "Registering files…"

So far I am not seeing a direct correlation between the SSE2 support and failed installs on NT 4.0 servers. I am going to attempt to locate a server with SSE2 support which I can install NT 4.0 on, however this is not necessarily the easiest thing due to drivers.

I've forwarded this information to the McAfee Systems Engineer I have been working with along with the FrmInst Logs and CKCPU logs.

-Gene

0 Kudos
gyee
Contributor
Contributor

I located a Dell PE2650 with SSE2, the install fails EXACTLY as it did with the PE2550 without SSE2. Neither install gives the corrupt package error, both fails right after the install says "registering files...".

I do not believe the McAfee bulletin is accurate with SSE2 causing the failure.

-Gene

0 Kudos
gyee
Contributor
Contributor

Tracked down the issue, the Intel Streaming SIMD Extensions Driver is not installed automatically.

Here is the relavent information to get installed files from NT 4.0 SP6.

Step 1)

Copy INTLFXSR.SYS from NT 4 SP6 to %SystemRoot%\System32\Drivers

Step 2)

EMUM.REG (Be sure the chance the permissions to the HKLM\SYSTEM\CurrentControlSet\Enum\Root key)

REGEDIT4

"NextInstance"=dword:00000001

"Service"="intlfxsr"

"FoundAtEnum"=dword:00000001

"Class"="Unknown"

"ClassGUID"="{4D36E97E-E325-11CE-BFC1-08002BE10318}"

"Problem"=dword:00000000

"StatusFlags"=dword:00000008

"BaseDevicePath"="HTREE
ROOT
0"

"DeviceDesc"="intlfxsr Device"

"ActiveService"="intlfxsr"

Step 3)

SERVICES.REGREGEDIT4

"Type"=dword:00000001

"Start"=dword:00000000

"Group"="Base"

"ErrorControl"=dword:00000001

"Tag"=dword:00000001

"0"="Root
LEGACY_INTLFXSR
0000"

"Count"=dword:00000001

"NextInstance"=dword:00000001

You may receive a error registering the dlls afterwards, this is normal. I resolved the issue after tracking down missing file causing the issue, then a bit of searching showed me that the file is installed with Internet Explorer. I installed IE 5.5 SP2.

http://forums.mcafeehelp.com/showthread.php?t=208755&highlight=EPOAgent3.6.0installonNT4error

0 Kudos
VMware4
Contributor
Contributor

Has anyone confirmed a fix for this issue? I have a few WIndows NT machines (both server and workstation) that need ePO CMA 3.6 installed but the install is still complaining that the install package is corrupt.

0 Kudos
Peter_Channing
Contributor
Contributor

Has anyone else run ino this issue or have any idea how to resolve it?

I plan on getting a trouble opened with Mcafee on it but wanted to know if anyone else has come accross this issue.

Thanks.

Peter

0 Kudos
Brambles
Contributor
Contributor

Hi Peter, I'm getting the same issue - tried numerous "fixes" but none seem to work - logged it with mcafee but no joy yet.... Did you ever get to the bottom of this?

0 Kudos