Pinni3
-
Posts
201 -
Joined
Posts posted by Pinni3
-
-
1 minute ago, mrac said:
I need this server on Windows (it is VM with other services on it, like WSUS and selfservice portal, I cannot move them to Linux) and have no free resources for additional VM.
You can try to download VA and launch it on Your desktop (via virtualbox for example)...I dont know Your resources, You know them better.
-
15 minutes ago, mrac said:
For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...
Is there any chance to launch second server, based on linux (there is VA to download) and connect some testing machines to it ? You dont need extra licence for it, as all You need is agent connection...just to make things clear
-
8 minutes ago, mrac said:
Ok, I read and see, that in your case the problem was with firewall settings, right? I already wrote, that have same issue in same subnet, there is no firewall or router between ESMC and clients, it is L2-level. I sent logs and Wireshark dumps to support, but answers were:
1. Try to change clients connections from every 1 minute to every 20 minutes (didn't help)
2. Change data limit from client from 100MB to 300MB (testing now, but I think i wouldn't help too).
For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...
Not firewall itself, but security profile. In my case, UTM was a gateway. There was IPS and Antivirus profile enabled.
-
And Yeah....I also rebooted my console until I found out real issue .....
-
Just now, mrac said:
Yeah, all worked fine with ERA6, now not working with with ESMC7 (with same issues by many clients in many countries) and the problem is in our environment. L - Logic...
Mate...
https://forum.eset.com/topic/16883-solved-esmc-logs/
Read first, comment after ok ?
-
5 minutes ago, ShaneDT said:
Yes I have that setting enabled, will disable and test it again.
Pinni3, got a link to your post about connection problems? I'm not having any problems with hosts not connecting.
Shane You have, You just didnt noticed it. When console dont send reports, check Your agent's status. You will notice that some of them doesn't work. If You have some test machine and it's working fine, reboot it then. You will notice errors in status.html
https://forum.eset.com/topic/16883-solved-esmc-logs/
Information about reports is in different post but look after it in Your server...I was so frustrated
-
All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network).
-
Remember that there is something called interval. This is the time when agent and console exchange theirs data. So if You launch task for example @ 22:00 and it will finish task at 22:19, agent wont pass current status to console.
- You can play with connection interval's
- make client task with scanning without shutdown + execute shutdown in other trigger
If You will choose to make 2 tasks, last one will have "running" status untill agent connect to console and upgrade their status
-
This issue is related to the one with hosts not connecting to console. I had same problem with reports and none of configuration worked for me. When I fixed my "connection" issue, it fixed reports also.
@ShaneDT didnt noticed connection problem or wrote it somewhere else...but for sure he have it.
-
First of all You should consider deployment of agent instead aio installer.
When it comes to different networks, You should base on routing ...
If You Have multiple ip asigned to esmc nic, create agent installer with hostname. Create host in Your local dns so agent asking their configured DNS about connection know were to direct that agent.
-
Hey there. Just enable auto exclusions in Your File Security product policy, SQL will be discovered when it will be installed.
-
Im not team member but I would advice to maintaine Your licence. There is a task to delete not connecting devices to consol in specified period of time. Duplicate entries are not hard to find in ELA and they appears when (mostly) when id of agent changed.
-
same for You mate
-
Best way is :
- download new Virtual Appliance with ESMC preinstalled
- pull database from old server
- after succesfull migration to new server run component upgrade task or create installer of agent + ini file and drop it into gpo
- create dynamic group sorting stations with older av product and attach run task when joined DG with AV v7 installation
-
Create new task "run command"
Quotereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F21F149AF55F34494F355BE44BEE4C" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}" /f
Run on problematic stations
-
what about gateway ?
-
From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections.
It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these.
And one more thing : gateway is some sort of router or maybe UTM ? Maybe there are some IPS profiles on policy for internal packets ?
-
All I can say is, I had similar problems to You guys. Version 6 worked for me without any problems. Then after upgrade I noticed several issues. I was sure that it was ESET console, but I was wrong. In my case problems were caused by security profiles on UTM (enterprise firewall). Console works like a charm....so...
Im almost sure its not ESET when it comes to Your console. I would start with basic info :
- is this server within Your network (when agents) or its remote
- how many agents
- what are server specifications
- what type of database are You using
- what logs shows console when dropping connections
- when server starting to drop connections it drops agents v7 ot v6 or both ?
- have You migrated agents to v7 (what is percentage)
-
All of You guys use windows as a os for esmc?
-
@Jimmy09 can You paste Your logs while server drops connections? Pm me with details about Your env configuration. I will try to help You. Restarting server isnt an option
-
Im happy that my problems are finally solved and Im continue to upgrade clients @MichalJ
-
On 10/1/2018 at 4:01 PM, jimmy09 said:
Should I start implementing the ERA Proxy? I have about 1,400 clients.
ERA Proxy is not supported in ESMC
-
Please use eset uninstaller and clean old registry records
-
5 hours ago, bbahes said:
used packet capture tool on server and client
I used wireshark on client side and tcpdump on server side. Everyone was investigated in looking into my problem.
ERA Agent V7 issues
in ESET PROTECT On-prem (Remote Management)
Posted
Am I wrong ? All of You guys use windows server right ? Maybe there is some bug, but I had similar problems. Not similar, same problems...lets call things by its name.
And one more time. I had no problems at all with version 6.5 until upgrade. I need to mention, that I noticed more bugs noone else wrote here :