etosolini

July 21, 2023

Hi, did a third clean install of windows on the same machine.

Downloaded the new version from ESET PROTECT with EMA and EES with the same policies applied and it doesn't even finish installing.

Is there same with a could contact someone more directly?
We are ESET Bronze partners.

Thanks.

July 3, 2023

8 minutes ago, Marcos said:

Do you mean that the issue occurs on every Windows startup after installing ESET Endpoint from scratch with default settings, ie. without any performance exclusions set up and no policies or applied by ESET PROTECT?

Yes, exactly... it's really strange. Now I have 4 machines in this situation. Two of them only with the EMA without de Endpoint Security due to the high delay on each startup.

23 minutes ago, Marcos said:

Is it really egui.exe and not egui_proxy.exe? Also the default timeout for a service to start is 30 seconds, not 30 minutes.

The thing is, I don't really know which process or service or module is the one that hangs and stays like this por at least 30min depending on the machine. The only thing I can really see is that, you first boot the computer, login with the user in Windows as usually and the are 3 process, ERAAgent.exe, eguiproxy.exe and the ESET Service. Half an hour later egui.exe starts, shows the startup dialog, the taskbar icon appears and everything starts working again.

July 3, 2023

Hi, I've been dealing with this for a while now and can't seem to figured out.

The main GUI (egui.exe) takes 30min or more depending on the machine to start. The Windows explorer.exe fails to do a lot of things, reading remote directores, opening local files, the taskbar hangs until you kill all the explorer.exe files.

I've read a lot of articles, tried uninstalling EES and EMA locally, trough PROTECT, reinstall locally and through PROTECT. Clean Windows 10 and 11 install. Recently a Lenovo laptop that was working thing, out of the air it started making this problem.

I'm clueless since it appears to be with *some* devices but not others, same policy applied to a group of devices that are all different make and model... some fails other no.

I'm open to any suggestion to try out.

Thanks.

TaskmgrwithEGUI.png.24835e4e6facc187824af508b433c167.png

March 11, 2022

Solved... the server.xml from tomcat9 was missing some custom settings, assumed due to the migration from ESMC 8 to EP 9 and.

January 3, 2022

Furthermore, the most interesting thing is:

The era server is on Site A, most of the time I use the console from Site B. Both sites are connected trough an IPSec tunnel over standard ISP internet connections. Site A has 300/300 over FTTH and Site B has 300/30 over HFC, both services are pretty reliable with medium latency around 25ms.

When using the console within the same Site A network, the failures of loading the data of the dashboard or the policies is really low, like 1/5 will fail. When doing the same over Site B, 3/5 will likely fail.

Could it be a timeout value, somewhere on the tomcat settings or the war folder?

The tomcat9/server.xml file content is:

Quote

<?xml version="1.0" encoding="UTF-8"?>

<Server port="-1" shutdown="SHUTDOWN">
   <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
   <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

   <GlobalNamingResources>
       <Resource name="UserDatabase" auth="Container"
       type="org.apache.catalina.UserDatabase"
       description="User database that can be updated and saved"
       factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
       pathname="conf/tomcat-users.xml" />
   </GlobalNamingResources>

   <Service name="Catalina">
       <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="443" maxThreads="100"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="/etc/tomcat9/REDACTED"
       keystorePass="REDACTED"
       keyAlias="tomcat"
       clientAuth="false" sslProtocol="TLS"
       sslEnabledProtocols="TLSv1.2,TLSv1.3"
       connectionTimeout="20000" enableLookups="false" disableUploadTimeout="true" />

       <Connector port="8443" protocol="HTTP/1.1"
       enableLookups="false"
       redirectPort="443" />

       <Connector port="80" protocol="HTTP/1.1"
       enableLookups="false"
       redirectPort="443" />

       <Connector port="8080" protocol="HTTP/1.1"
       enableLookups="false"
       redirectPort="443" />

       <Engine name="Catalina" defaultHost="localhost">
           <Realm className="org.apache.catalina.realm.LockOutRealm">
               <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
           </Realm>

           <Host name="localhost" appBase="webapps"
           unpackWARs="true" autoDeploy="true"
           xmlValidation="false" xmlNamespaceAware="false">

               <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" />
           </Host>
       </Engine>
   </Service>
</Server>

December 31, 2021

Martin, the services doesn't crash, as you can see on "eset-services.status" file. eraagent and eraserver had been running for over a week, tomcat had to be restarted due to certificate renewal.

server/trace.log

Quote

Linea 17061: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e5dd7700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.94.138.43, ResolvedHostname:scanner-06.ch1.censys-scanner.com, ResolvedPort:40842
Linea 17061: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e5dd7700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.94.138.43, ResolvedHostname:scanner-06.ch1.censys-scanner.com, ResolvedPort:40842
Linea 17062: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e5dd7700]: Protocol failure for session id 11366, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17062: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e5dd7700]: Protocol failure for session id 11366, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17062: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e5dd7700]: Protocol failure for session id 11366, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17063: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e35d2700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.94.138.43, ResolvedHostname:scanner-06.ch1.censys-scanner.com, ResolvedPort:51874
Linea 17063: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e35d2700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.94.138.43, ResolvedHostname:scanner-06.ch1.censys-scanner.com, ResolvedPort:51874
Linea 17064: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e35d2700]: Protocol failure for session id 11367, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17064: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e35d2700]: Protocol failure for session id 11367, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17064: 2021-12-30 21:42:13 Error: NetworkModule [Thread 7f00e35d2700]: Protocol failure for session id 11367, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17065: 2021-12-30 21:42:14 Error: NetworkModule [Thread 7f00e1dcf700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:167.94.138.43, ResolvedHostname:scanner-06.ch1.censys-scanner.com, ResolvedPort:58782
Linea 17080: 2021-12-30 23:33:57 Error: NetworkModule [Thread 7f00e45d4700]: Error code:110;Connection timed out; SessionId:11400
Linea 17080: 2021-12-30 23:33:57 Error: NetworkModule [Thread 7f00e45d4700]: Error code:110;Connection timed out; SessionId:11400
Linea 17125: 2021-12-31 05:23:40 Error: NetworkModule [Thread 7f00e3dd3700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:45682
Linea 17126: 2021-12-31 05:25:37 Error: NetworkModule [Thread 7f00e25d0700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:52306
Linea 17127: 2021-12-31 05:27:06 Error: NetworkModule [Thread 7f00e2dd1700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:57924
Linea 17128: 2021-12-31 05:29:44 Error: NetworkModule [Thread 7f00e1dcf700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:39148
Linea 17129: 2021-12-31 05:30:47 Error: NetworkModule [Thread 7f00e1dcf700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:43160
Linea 17130: 2021-12-31 05:32:35 Error: NetworkModule [Thread 7f00e45d4700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:49700
Linea 17131: 2021-12-31 05:34:59 Error: NetworkModule [Thread 7f00e1dcf700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.137.181.238, ResolvedHostname:45.137.181.238, ResolvedPort:58314
Linea 17181: 2021-12-31 06:14:06 Error: NetworkModule [Thread 7f00e65d8700]: Error code:110;Connection timed out; SessionId:11755
Linea 17181: 2021-12-31 06:14:06 Error: NetworkModule [Thread 7f00e65d8700]: Error code:110;Connection timed out; SessionId:11755
Linea 17225: 2021-12-31 10:50:39 Error: NetworkModule [Thread 7f00e4dd5700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:45.155.205.150, ResolvedHostname:45.155.205.150, ResolvedPort:60000
Linea 17229: 2021-12-31 11:52:52 Error: NetworkModule [Thread 7f00e25d0700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.248.133.42, ResolvedHostname:scanner-08.ch1.censys-scanner.com, ResolvedPort:52820
Linea 17229: 2021-12-31 11:52:52 Error: NetworkModule [Thread 7f00e25d0700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.248.133.42, ResolvedHostname:scanner-08.ch1.censys-scanner.com, ResolvedPort:52820
Linea 17230: 2021-12-31 11:52:52 Error: NetworkModule [Thread 7f00e25d0700]: Protocol failure for session id 12010, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17230: 2021-12-31 11:52:52 Error: NetworkModule [Thread 7f00e25d0700]: Protocol failure for session id 12010, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17230: 2021-12-31 11:52:52 Error: NetworkModule [Thread 7f00e25d0700]: Protocol failure for session id 12010, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17231: 2021-12-31 11:52:53 Error: NetworkModule [Thread 7f00e55d6700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.248.133.42, ResolvedHostname:scanner-08.ch1.censys-scanner.com, ResolvedPort:60196
Linea 17231: 2021-12-31 11:52:53 Error: NetworkModule [Thread 7f00e55d6700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:167.248.133.42, ResolvedHostname:scanner-08.ch1.censys-scanner.com, ResolvedPort:60196
Linea 17232: 2021-12-31 11:52:53 Error: NetworkModule [Thread 7f00e55d6700]: Protocol failure for session id 12011, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17232: 2021-12-31 11:52:53 Error: NetworkModule [Thread 7f00e55d6700]: Protocol failure for session id 12011, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17232: 2021-12-31 11:52:53 Error: NetworkModule [Thread 7f00e55d6700]: Protocol failure for session id 12011, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
Linea 17233: 2021-12-31 11:52:54 Error: NetworkModule [Thread 7f00e3dd3700]: ProtocolLayer: unsupported protocol version, ResolvedIpAddress:167.248.133.42, ResolvedHostname:scanner-08.ch1.censys-scanner.com, ResolvedPort:36572
Linea 17234: 2021-12-31 11:52:54 Error: NetworkModule [Thread 7f00e65d8700]: remote_endpoint: Transport endpoint is not connected

consoleApi.log either

Quote

2021-10-30 13:18:13 Error: ConsoleApiModule [Thread 7fa870395700]: [478] Request GetPolicy end with the error: No access[UserName: Administrator, ContextID: 2, Duration: 6.09228 ms]
2021-12-14 22:11:24 Error: ConsoleApiModule [Thread 7f49e7a3d700]: [4561903] Request GenerateReport end with the error: Request aborted (reports module)[UserName: Administrator, ContextID: 10889, Duration: 9.90035 ms]
2021-12-15 20:46:25 Error: ConsoleApiModule [Thread 7f49e7a3d700]: [5106845] Request GenerateReport end with the error: Request aborted (reports module)[UserName: Administrator, ContextID: 12155, Duration: 9.54857 ms]
2021-12-22 14:40:34 Error: ConsoleApiModule [Thread 7f00a5d57700]: [615720] Request GenerateReport end with the error: Request aborted (reports module)[UserName: Administrator, ContextID: 2287, Duration: 21.5735 ms]

is issue with editing policies reproducible?

- yes, it happens with all the policies that I have

Is it some specific policy type / setting that triggers these problems?

- I don't think so because it even happens creating blank policies or editing the default ones

What is actually recovery method you used to make it work again - just relogin? or Apache Tomcat service has to be restarted?

- most of the time none of them, just go to another page and go back a couple of seconds later.

- ex: when editing policy A it fails as mentioned, just click on Tasks, it load all the Tasks, go back to editing the policy 5-10 seconds later and it works fine.

This approach doesn't work with the Dashboard, when it fails to load it can take a couple page reloads until it fully shows the graphs. I can't seem to find a workaround to make it display the graphs all the time like the policies do.

December 29, 2021

Hello, I'm having a kind of weird issue with the graphs of the dashboard plus sudden "crash" that reads Something went wrong, usually when editing policies. Also when creating tasks it fails with "Failed to create task".

I'll try to give as much context as possible, please ask anything i'm missing.

The ESET Protect is running on an Ubuntu 20.04 LXC with 6 cores and 6Gb of RAM on top of Proxmox 7.

The DB is running MySQL 8.0.27 on another Debian 11 LXC with 12 cores and 6Gb of RAM on the same server.

The shared storage is a RAIDZ2 with SSDs.

The version of all the components are:

Quote

ESET PROTECT (Server), Version 9.0 (9.0.2141.0)
ESET PROTECT (Web Console), Version 9.0 (9.0.138.0)
Copyright (c) 1992-2021 ESET, spol. s r.o. All Rights Reserved.

Ubuntu (64-bit), Version 20.04

Installed Components:

NAME

VERSION

Update module 1077 (20200622)
Translation support module 1905 (20211213)
SysInspector module 1280 (20201022)
SSL module 1062 (20210906)
Push Notification Service module 1122.2 (20211104)
Configuration module 1981.5 (20211103)

Database info:

DB Name: era_db

DB Version: MySQL 8.0.27

DB Size: 2795MB

DB Hostname: mysql1

DB User: erauser@

When editing any of the policies, usually fails with: (document and url are truncated)

Quote

*version : 9.0.138.0*
*locale : en_US*
*user.agent : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62 (safari)*
*document : https://domain/era/webconsole/184D1BF85E74DCF2E826.cache.html*
*url: https://domain/era/webconsole/#id=POLICIES:id=EDIT_POLICIES;u=b47a-20c-4dc-a33-c037;e=false;wa=true;p=1*

*error: *
Config engine error: error

Product: eset.local.products.endpoint
Last loaded screen: wca.computer.page_advanced_machine_learning
Last requested screen(s): wca.scanner.scanner_group
RPC method: _CE.rpc_api.screen_values_set

When the dashboard doesn't load, the tomcat logs shows:

Quote

==> catalina.2021-12-29.log <==
29-Dec-2021 08:49:17.896 INFO [https-openssl-nio-443-exec-5] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] Users session timeout has been reset by user activity (IP: #id=REPORTS).
29-Dec-2021 08:49:18.028 INFO [https-openssl-nio-443-exec-6] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] User sends request for report templates info (IP: #id=DASHBOARDS).
29-Dec-2021 08:49:18.028 INFO [https-openssl-nio-443-exec-4] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] getGroup, IP: #id=DASHBOARDS, 00000000-0000-0000-7001-000000000001
29-Dec-2021 08:49:18.093 INFO [https-openssl-nio-443-exec-9] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] User sends request for loading all dashboards (IP: #id=DASHBOARDS).
29-Dec-2021 08:49:18.289 INFO [https-openssl-nio-443-exec-1] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] Request for retrieving remembered UI state was received (IP: #id=DASHBOARDS;u=000000000-0000-0012-0007-000000000091).
29-Dec-2021 08:49:18.324 INFO [https-openssl-nio-443-exec-10] graphql.kickstart.servlet.HttpRequestHandlerImpl.handle Bad request: cannot handle http request
graphql.GraphQLException: No valid query found in request
at graphql.kickstart.servlet.GraphQLPostInvocationInputParser.getGraphQLInvocationInput(GraphQLPostInvocationInputParser.java:45)
at graphql.kickstart.servlet.HttpRequestHandlerImpl.handle(HttpRequestHandlerImpl.java:38)
at graphql.kickstart.servlet.AbstractGraphQLHttpServlet.doRequest(AbstractGraphQLHttpServlet.java:82)
at graphql.kickstart.servlet.AbstractGraphQLHttpServlet.doPost(AbstractGraphQLHttpServlet.java:74)
at sk.eset.era.g3webserver.graphql.GqlApiServlet.doPost(GqlApiServlet.java:63)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.reports.ReportsTracingFilter.doFilter(ReportsTracingFilter.java:36)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.security.EraSecurityFilter.doFilter(EraSecurityFilter.java:110)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.EraEncodingFilter.doFilter(EraEncodingFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.EraCachingFilter.doFilter(EraCachingFilter.java:50)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:666)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
29-Dec-2021 08:49:18.325 SEVERE [https-openssl-nio-443-exec-10] graphql.kickstart.servlet.AbstractGraphQLHttpServlet.doRequest Error executing GraphQL request!
graphql.GraphQLException: No valid query found in request
at graphql.kickstart.servlet.GraphQLPostInvocationInputParser.getGraphQLInvocationInput(GraphQLPostInvocationInputParser.java:45)
at graphql.kickstart.servlet.HttpRequestHandlerImpl.handle(HttpRequestHandlerImpl.java:38)
at graphql.kickstart.servlet.AbstractGraphQLHttpServlet.doRequest(AbstractGraphQLHttpServlet.java:82)
at graphql.kickstart.servlet.AbstractGraphQLHttpServlet.doPost(AbstractGraphQLHttpServlet.java:74)
at sk.eset.era.g3webserver.graphql.GqlApiServlet.doPost(GqlApiServlet.java:63)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.reports.ReportsTracingFilter.doFilter(ReportsTracingFilter.java:36)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.security.EraSecurityFilter.doFilter(EraSecurityFilter.java:110)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.EraEncodingFilter.doFilter(EraEncodingFilter.java:38)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sk.eset.era.g2webconsole.server.modules.EraCachingFilter.doFilter(EraCachingFilter.java:50)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:666)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
29-Dec-2021 08:49:18.365 INFO [https-openssl-nio-443-exec-2] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] User sends gql request: kFUNCTIONALITY_COMPUTER_STATUSAGGREGATEREPORTQuery (IP #id=DASHBOARDS;u=000000000-0000-0012-0007-000000000091)
29-Dec-2021 08:49:18.366 INFO [https-openssl-nio-443-exec-2] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] User sends gql request: kFUNCTIONALITY_COMPUTER_STATUSAGGREGATEREPORTQuery (IP #id=DASHBOARDS;u=000000000-0000-0012-0007-000000000091)
29-Dec-2021 08:49:18.367 INFO [https-openssl-nio-443-exec-2] sk.eset.era.g2webconsole.server.modules.logger.LogItem.logInto [Administrator] User sends gql request: kFUNCTIONALITY_COMPUTER_STATUSAGGREGATEREPORTQuery (IP #id=DASHBOARDS;u=000000000-0000-0012-0007-000000000091)

I'm open to providing more information and doing some testing since I understand that this is it not a common scenery.

Thanks.

Peter Randziak · December 14, 2021

On 12/10/2021 at 7:40 AM, Marcos said:

To sum it up, the issue may be caused by 2 things:

1, If you use Apache http proxy on Linux - the configuration of the http proxy is incorrect. Please refer to the post above how to fix it. Apache HTTP proxy for Windows is not affected.

2, If you don't use Apache http proxy - the issue is caused by a bug in Endpoint v9 which checks for EPNS connectivity even if checking for license changes via EPNS is disabled, ie. when the interval check is set to "Limited". Solution: change it to Automatic. If you need to have it set to Limited for whatever reason, there will be a fix via an automatic module update within a couple of days. Please use "Automatic" at least temporarily until the new Direct cloud communication module is available.

Option 2, license interval check set to automatic seems to solve de problem.

December 8, 2021

@Kamilos did this worked for you?

On 12/6/2021 at 5:22 AM, Kamilos said:
mayby in linux (CentOs) we should install Mosquitto MQTT Messaging Broker
sudo yum -y install epel-release
sudo yum -y install mosquitto
sudo systemctl start mosquitto
sudo systemctl enable mosquitto
and allow connections to port 8883
sudo firewall-cmd --permanent --add-port=8883/tcp
sudo firewall-cmd --reload 

In the case that it worked, did you changed something else?

Thanks.

December 5, 2021

@Marcos is there something to test or try?

Upgraded the same clients to 9.0.2032.2 and the problem persists.

As mentioned there isn't firewall, proxy or any other block at dns level.

December 2, 2021

Hi @Marcos, there is no restrictions on outgoing traffic.

DNS query for epns.eset.com resolves to: 38.90.226.65
Telnet to epns.eset.com connects from the server and the clients as shown on the attachments.

December 2, 2021

Hello, I'm having this same issue after updating some clients to version 9.0.

The diagnostics log "iris.epns.0.log" shows this:

Quote

02.12.2021 12:42:39.421 [1576:14712] INFO Logging turned on
02.12.2021 12:45:57.664 [1576:6032] DEBUG [EPNS] <worker> Connection state changed: UNAVAILABLE => CONNECTION_CLEANUP
02.12.2021 12:45:57.664 [1576:6032] DEBUG [EPNS] <worker> Running connection cleanup; last error: 0
02.12.2021 12:45:57.664 [1576:6032] DEBUG [EPNS] <worker> Connection state changed: CONNECTION_CLEANUP => UNAVAILABLE
02.12.2021 12:51:04.397 [1576:6032] DEBUG [EPNS] <worker> Connection state changed: UNAVAILABLE => CONNECTION_CLEANUP
02.12.2021 12:51:04.397 [1576:6032] DEBUG [EPNS] <worker> Running connection cleanup; last error: 0

After reading this and other posts I doubled checked the proxy config on the Agent and the Endpoint and it not set. Attached are some screenshots showing the config for reference.

There isn't any proxy or firewall at the network level, all outgoing connections are allowed for this testing.

If you need any more information I'm open to provide it.

Thanks in advance.

Sign In

etosolini

Posts

Joined

Last visited

Content Type

Forums

Downloads

Posts posted by etosolini

Endpoint Security - Hangs on Windows startup

Endpoint Security - Hangs on Windows startup

Endpoint Security - Hangs on Windows startup

ESET Protect - Fail to load data on dashboard

ESET Protect - Fail to load data on dashboard

ESET Protect - Fail to load data on dashboard

ESET Protect - Fail to load data on dashboard

Endpoint Security can't connect to Push Notification Service

Endpoint Security can't connect to Push Notification Service

Endpoint Security can't connect to Push Notification Service

Endpoint Security can't connect to Push Notification Service

Endpoint Security can't connect to Push Notification Service

Browse

Activity

My Activity Streams

Update module	1077 (20200622)
Translation support module	1905 (20211213)
SysInspector module	1280 (20201022)
SSL module	1062 (20210906)
Push Notification Service module	1122.2 (20211104)
Configuration module	1981.5 (20211103)