Jump to content

Pinni3

Members
 View Profile  See their activity

  • Posts

    201

  • Joined

 Content Type 

Posts posted by Pinni3

    https:// console issue after ESET 7.0 upgrade

    in ESET Endpoint Products

    Posted

    1 hour ago, MartinK said:

    Do I understand it correctly, that once you installed ESMC, client computers (i.e. computer not with installed ESMC, but with AGENT + Endpoint) is blocking access to internet? If so, could you check configuration of related protection in endpoint? Are you using policy that are supposed to block "unknown" internet traffic?

    Its not blocking internet, just console (SSL)

    Dynamic group template does not follow the rules

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by Pinni3

    3 minutes ago, Kieran Barry said:

    Hi @greyjoy99,

    Try setting it to an AND operation, then having the rules:

    OS edition . OS type = Microsoft Windows (or whatever you have)

    AND Installed Software . Application name has no value.

    Regards,

    Kieran Barry

    This DG wont work as expected mate.

    Only scenario it would be work, when agent is setup to not list non eset products...otherwise it wont work.

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted

    2 hours ago, MartinK said:

    Please send me whole output of lsof for verification (via PM).

    Also are there any visible problems with these errors? AGENT are not connecting? Error actually means that connection from AGENT was closed unexpectedly - this might be related also to firewalls dropping inactive connections -> what is AGENT connection interval? And are there any firewalls between AGENTs and ESMC that might be dropping inactive connections? This is mostly done by enterprise-grade firewalls after longer time (30 minutes, 1 hour, depending on configuration).

    You have PM

    Agent's stop connecting, agent connection interval is 20 minutes. I think its not firewall causing problems but I wont be sure...

    but check that output :

    # lsof | grep ERAServer | wc -l
    90355

     

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted

    No comments....

    As I was huge ERA supporter, Im so disappointed with new version of product. ESMC have so much bugs that it shouldn't be ever released in that state. I really cant understand what happend that these kind of product was released as a official stable release.

    • Dynamic groups not always work, You need to often do negative conditions to get things work
    • computers show that they are part of dynamic groups even if those dynamic groups are under different static groups
    • agent upgrade leave old info about era agent
    • agent upgrade but there is no info about agent on this computer at all
    • virtual appliance is preinstalled with components You guys dont support
    • there is no option to enable/disable new push mechanism. Maybe I dont want it ? I dont have any choice..
    • Console hangs and rejects agents synchronization, dont make scheduled reports untill its restarted...etc

    Guys, this is early alpha product, not completed product for managing computer security. There is no complete kB with error, agent status....NOTHING. There is also no info about http proxy dont support credentials : NOTHING. Im really pissed, because I dont know how to handle situation, and please dont tell me Im the only one with problem. Problem with console is real. I put that topic as a warning for other users that belived You and wanted to keep his managing server updated. DONT DO THAT. Keep console in version 6.x as version 7 is pure .

     

    At this moment Im thinking about downgrade, but for sure it isnt possible....

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted · Edited by Pinni3
    note

    So I played with my.conf a bit as it was set up at lowest possibly values, and changed it to
     

    Quote

    innodb_log_file_size=200MB
    innodb_log_files_in_group=100

    and now I dont have that error ..., gonna watch it and if problem will showup again I will try to downgrade odbc driver (current repo's of centOS dont have 5.3 build)

     

    EDIT: Same sh#t going.... gonna try to downgrade that driver.

    EDIT2: current build of centOS doesnt have older versions of odbc drivers at all. Manual downgrade stops caused by dependencies

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted

    same thing

    2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: VerifyDeviceAuthenticationToken: Verification of authentication token: c462a2a472d73d8f8ebd45f0e56ccbfa3f3ac33e1110177609e0bd148a1732ab failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: VerifyDeviceAuthenticationToken: Verification of authentication token: af5473e412308c5e4ab465953eab18b400c3f34593bc8fa90c673ab99f36019d failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: a37ada7cccc1fe3fef1401151cfa61d8c1d95a627d21b7622e69b56562de9288 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:42:38 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 3c500c3bce37ce091a72355aa23c0cd919b03d61ac8d033dab0c239ea175cdd3 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:42:38 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:46:42 Warning: CReplicationModule [Thread 7fe21e7fc700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 550d605402fe38047a1bc5ef03384f37019e66b51516ea2cbcd773a313c62e3f failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:46:42 Warning: CReplicationModule [Thread 7fe21e7fc700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:56:28 Error: CServerSecurityModule [Thread 7fe321147700]: AuthenticateNativeUser: Native user login failed
    2018-09-20 05:57:23 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 1566a582c0272be8e37182411f2423d2d9dd4a6b54d3935d9eedf2f94aaf7592 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:57:23 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:57:55 Warning: CReplicationModule [Thread 7fe21effd700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 7f19bc999928c3c73993c564f41db5acb3b5db1614b1bbf20480083eb0cf54a5 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:57:55 Warning: CReplicationModule [Thread 7fe21effd700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 06:00:30 Warning: CReplicationModule [Thread 7fe21f7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: c42f159c5918a189f79ddc0e63b77bf0b07b8ccc24379a614ae967f675f816b0 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 06:00:30 Warning: CReplicationModule [Thread 7fe21f7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 06:00:44 Warning: CReplicationModule [Thread 7fe21e7fc700]: VerifyDeviceAuthenticationToken: Verification of authentication token: f1a8277e3f32df60d53d26e9b7f3ea220b2842419af22140c0ff83a0b3670472 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 06:00:44 Warning: CReplicationModule [Thread 7fe21e7fc700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 06:01:30 Warning: CReplicationModule [Thread 7fe1fffff700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 6de5da063bddaecccd1f7bf65440a0fbee937bb0b94cfd696fdedb774f9d21db failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 06:01:30 Warning: CReplicationModule [Thread 7fe1fffff700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 06:12:47 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:12:48 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:12:50 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:12:53 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:12:57 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:08 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:15 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:23 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:42 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:13:52 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:14:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:14:12 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:14:22 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:14:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:14:42 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:14:52 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:15:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:15:12 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:15:22 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:15:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:15:42 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:15:52 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:16:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:16:12 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:16:22 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
    2018-09-20 06:16:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor

     

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted

    For now, I get only these logs :

    2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: VerifyDeviceAuthenticationToken: Verification of authentication token: c462a2a472d73d8f8ebd45f0e56ccbfa3f3ac33e1110177609e0bd148a1732ab failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: VerifyDeviceAuthenticationToken: Verification of authentication token: af5473e412308c5e4ab465953eab18b400c3f34593bc8fa90c673ab99f36019d failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: a37ada7cccc1fe3fef1401151cfa61d8c1d95a627d21b7622e69b56562de9288 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
    2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
    2018-09-20 05:42:38 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 3c500c3bce37ce091a72355aa23c0cd919b03d61ac8d033dab0c239ea175cdd3 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=

     

    [SOLVED] ESMC logs

    in ESET PROTECT On-prem (Remote Management)

    Posted

    10 hours ago, MartinK said:

    We have recently identified problem with socket limits in appliance to be too low for new AGENTs that are using persistent connections. If previous command was reaching ~1024, please execute following command:

    I have 21376, doing :

    10 hours ago, MartinK said:

    echo -e "*\tsoft\tnofile\t65535\n*\thard\tnofile\t65535" > /etc/security/limits.d/50-nofile.conf

    and gonna see what happens :)

×
×
  • Create New...