ucvijan

I didnt try to reinstall the agent, as i had problems with remote uninstall (from ERA) before. And users (mostly developers) are already frustrated that computer froze and had to restart the workstation. Problem was, their work was not saved. So i was looking for some solution where i will not bother them directly. Checked in the trace logs on all workstations that wont update the agent. And each has the same problem with permission issue, and only couple with the resolving issue. One of them has this as well as next to the permission issue: 2015-10-01 07:47:12 Error: CReplicationModule [Thread d94]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending 2015-10-01 08:42:12 Error: NetworkModule [Thread 96c]: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found 2015-10-01 08:42:12 Error: CReplicationModule [Thread 17f8]: CReplicationManager: Replication (network) connection to 'host: "xxxxxxxxxxxxx" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found 2015-10-01 11:51:12 Error: CReplicationModule [Thread 2e0c]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending 2015-10-01 11:52:12 Error: CReplicationModule [Thread 2cbc]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending 2015-10-01 11:53:12 Error: CReplicationModule [Thread 2c60]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending 2015-10-01 11:54:12 Error: CReplicationModule [Thread 247c]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already pending 2015-10-01 11:55:12 Error: NetworkModule [Thread 96c]: The connection will be closed due to timeout. SessionId:244 2015-10-01 11:55:12 Error: CReplicationModule [Thread 2878]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2015-10-01 11:55:12 Error: CReplicationModule [Thread 2878]: CReplicationManager: Failure of scenario (type=Regular, task_id='00000000-0000-0000-7005-000000000001', link='Automatic replication (REGULAR)' (00000000-0000-0000-7007-000000000001), current_step=Receiving [MetadataStaticObjects], current_step_phase=Receiving, remote_peer=host: "xxxxxxxxxxx" port: 2222, remote_peer_type=3, remote_peer_id=c5abeb78-c325-4dc9-92b3-7e54988e459f, remote_realm_id=c5abeb78-c325-4dc9-92b3-7e54988e459f) 2015-10-01 11:55:12 Error: NetworkModule [Thread 2f8c]: User context does not exist for id 244 Maybe I am doing something wrong with uninstalling the agent form ERA console. I should go with the task: Stop Managing (Uninstall ERA Agent) That should be enough, and them to install the agent again (by that i mean deploy)? Regards, Uros

Just to bump this. Is there any solution to the errors i get for several servers? At least something, where to look and what?

Hi, There is less than 10% of workstations that wont update the agent. One of the errors that is on every workstation from trace.log : 2015-09-28 14:12:27 Error: CEssConnectorModule [Thread 118c]: Set policy failed: CNodcommChannel: Send request failed with 14, Command failed - Make sure that Agent runs with Administrator privileges. Strange thing is that all workstations are in domain, and group policies are the same for all, so permissions should not be the problem here. But what can i do to check if the issue is with permissions?Agent is running as which user? Also there is some error, with replication: Error: NetworkModule [Thread 854]: Unable to resolve any endpoints.resolve: (0x2af9), No such host is known 2015-09-29 08:36:41 Error: CReplicationModule [Thread 2118]: CReplicationManager: Replication (network) connection to 'host: "xxxxxxxxxx" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2af9), No such host is known 2015-09-29 10:41:41 Error: NetworkModule [Thread 854]: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found 2015-09-29 10:41:41 Error: CReplicationModule [Thread f8]: CReplicationManager: Replication (network) connection to 'host: "xxxxxxxxxx" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found 2015-09-29 11:44:41 Error: NetworkModule [Thread 854]: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found 2015-09-29 11:44:41 Error: CReplicationModule [Thread 1efc]: CReplicationManager: Replication (network) connection to 'host: "xxxxxxxxxx" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found But i can resolve server host name with no problem, and also if this is a problem, it would be the problem for all workstations ( i guess). Regards, Uros

Thank you bbraustein for making that clear. That is all i needed for conformation.

So I can just do software install of the new version 6.1.2227 and with the same license? Do i need to remove the license i have now? Or i don't have to specify license at all? I just choose new version of AV and do the install? EDIT: Just tried in on my on computer, and installation works, update is automatic. I didnt touch the license, i mean,in the part where I need to specify the license i left the one i already have, and the count of the licenses is the same. Guess that is how this upgrade works.

Hi, I didn't find anywhere,maybe I am missing something, but how upgrade to newest version of ESET Antivirus. On all my clients I have version 6.1.2222 but as i can see now there is 6.1.2227. Is there an easy way for me to upgrade this remotely through ERA6? Thank you,

I had those same issues, but hey were related to proxy. So i turned off the proxy, and now everything is ok. Hope i don't jinx it .

Well i gave up on httpproxy,ot sure why it started to behave strange, and works some time then stops, then i restarted it and it works, and so on. Agent updates are also now going through internet directly. So that is how i "solved" not updated part.

Hi Marcos, Any update on this? I reverted my policy so servers are using httpProxy, and it wont work. On the http proxy server, hxxp://localhos:3128/index.htmlworks, but from a client it wont work, Then i restart ApacheHttpProxy service and then hxxp://myserver:3128/index.html from my client works, but after some time it stops. Anything for you to tell me to look at? As this stopped working approximately in the same time this issue with agent update failed for all clients. Regards,

Hi Marcos, I sent you a PM with the link to the cache files.

Hi Marcos, I dont have that location, see the picture below. I am on my ERAS where i have Http rpoxy installed, you can see it running in services. SInce yesterday i am bypassing the proxy, as there were errors, and could not connect to server. And in picture below you can see that i unchecked proxy server. Regards, Uros EDIT: Guess you meant C:\Program Files\Apache.... Will send you the link,just to zip and upload..

Hi, Yeah, i got the same problems in the last two days as well. When i do restart of the HttpProxy they are back on schedule and doing the update. But its like something happens again and updating of DB fails, so i turned off proxy (this is my work-around), and now every client is going outside to eset servers to get new updates. Really strange that this has happened to both of us, and in the same time frame.

Hi, Just to ask to confirm, as i have the same issue last couple of days.. Everything worked fine and with no problems, and since i think yesterday i get all my clients showing that recent update failed. They are all ESET Agent. I did restart agent, they come back as ok, but after some time they slowly all become red. Nothing changed in my environment the last couple of days, so dont know what happened. Is this the same issue as you are talking about Marcos? I even thought it was DB update, so i removed proxy all together,but guess its not that.

I have the same problem since this morning, i mean last night.. Strange is almost all of the servers have this error. "Could not connect to server", although IP:2138/index.html is not working from client side, but is working on local host. Restarted ApacheHttpProxy service, and will see how it will behave.. EDIT: I still have the Could not connect to server.. Lot of servers are showing in ERAS as updates failed. This is the first time that is happening,noting changed. Only thing left is to check with networks, but telnet from my computer to ERAS on port 3128 works. EDIT2: Removed proxy from the servers, and now servers are updated. Will check why there was an issue with http proxy, it is clearly working now, even from my computer.

agreed as well

Plus one on jims suggestion.. As only thing that is changed is computer that are receiving the task. Agent deploy, i am always using it from ERAS, use the same cert, using the same agent, same for EEA install, same for product activation, same for update..Only thing that is changing for me is the target computer.

Hi Marcos, Any news? Sent you PM two days ago with report. Clients still dont have last scan shown on the last time it was done, threats are still there...

OK, I did as you said again last nihgt. Indepth scan on two problematic clients, and it didnt remove threats, it added the same threats to the total count. In the pictures below, you can see that task was executed and finished, you can see that in info for that client it says that no scan was done, you can that there are threats (for some reason it is yellow color, but in the threats of the client info there are red ones. You can also see that number of active threats in the left sidebar is 60?? But in the tree windows it says its 44.. ERAS just added the same 16 threats it already counted 2,3 days before.. First it was 16, then 32 for same user, now 48.. So three times he added the same 16 active red threats. Please tell me what to do..Already posted pictures in this topic and other regarding these problems, still no answer. You can see scan completed here on the client You can see that info inthe client says N/A for the scan time You can see active threats present on the client (dont get confused the yellow number, I am also confused why yellow (first it was yellow, then i did indepth scan, and it only added 12 red ones, the same). So last nihgt scan did not remove threat count to 0 And last, number of active threats is different in the sidebar and in the tree. And also, same 16 threats were counted 3 times, for 3 different indepth scans that were meant to remove the threats. Getting really annoyed, and I am really patient..

Hi Maros, This is the same user as above. On the client itself there is 3 scans that were completed, on 21st, 28th, (those are by scheduler) and one by me from ERAS two nights ago. You can see that it says that there are 12 threats, but when i go to the logs, and detected threats, there arent any. Also this clients shows in ERAS that scan was never done And in this picture you can see that ERAS report that scan was never done. I restarted the agent on the client as well, client is talking to ERAS with no problems every minute.

I get that, but the problem with is that agent is talking every minut to ERAS, and every policy and every change is applied, but only scan time and information is not displayed properly. I even checked on the client itself, and there is scan time, but its like the agent is not sending that info to ERAS. Strange is that that is happening to third of the clients. I think that they did scanning, its just that ERAS does not show that they did. Are there any logs I can send you so you can take a look at the issue? Also regarding threats, i did indepth scan and it did not clear them. It was clearing them last week for some clients, now it doesn't, will try again tonight and will tell you how it goes. Will put screenshot of the task if it is finished, and if the threats are not deleted. Thank you

Should i do indepth scan with cleaning? In other topic i opened you will see that in-depth scan was done for this user. I mean i did left click and scan,in description of the task it says that profile is in-depth,it does says without cleaning, will turn on with cleaning tonight and see if that will change something. And that still doesnot explain the confusion in number of threats, 12 warnings, but there are a lot more, and the same files showing multiple times? Is that something to be ignored or...?

Hi, It says in my alets section that there is 44 active threats, but on the mail page, if you count all the computers with active threats its less As said in other topic, for this user that has 16 active threats, also all are doubled or tripled, (same file showing multiple times) This is one thing. The other, in details, in Info section of the client, it says that the last scan was never done, but when go to the tasks of that client you can see that task was done, i did it manually.There is scheduler set up to run the task every week, and half of the clients show that they have done the scan, but others don't. Following 3 images, shows that details section, its like scan was never done, in task executions, you will see the task i manually performed from ERA, and in configuration from the client, you will see that in scheduler it says that last run of the scheduled scan was done on time, but in the reports, it behaves like that scan never happened. Same case is for half of the clients. In scheduler, it says that scan was done on time, but in details and scan reports it says like the last scan was one week ago. Like there was no scan. Scheduler says it was done on 28th - 1AM I did manully sent the task from ERA, as there was no report of the scan. And still it shows that scan was never done on this client. Please advise.

Hi, For some reason, in depth scan wont delete and remove threats found on clients PC, and in reports and status of the threats are all different, will put pictures. First, in the main page, it says that client has 12 warning threats, but when go to details of the clients, there are 12 warning and 12 alert. Plus, it is all the same virus (please check the report for active threats, it reports the same file multiple times) Is there any way to remove this threats, how can I know if they are handled but the count is still present? How can i know if these threats are handled? It doesn't say removed by cleaning, or deleted or any other message. First image shows threat count of 12 warnings: Second image, shows all the threats for the same user,when i go to details of the user and go to threats: Third image, multiple alerts for the same file, as you can see first, third, fifth, - same file, second,forth, sixth, - same file, the list goes own down, but you get the point: In other topic will ask several other things, as that is stragne behavior with ERA6, maybe I am wrong..

Talked to clients, and now it is better. They are programmers/developers,lots of programs, applications opened, constantly writing,pushing, getting from network share files., think eset was only trying to scan all that, and that's why there was issue with the disk. Will keep on monitoring. Turned real time back on, so far no slowness.

I installed it via ERA, and think its the newest version. EEA 6.1.2222.0. I didnt disable the real time protection, i just untick the part where it scan files on open, execute, save etc...will see if it helps. DO they need to logoff and log back on for changes to take effect? They shouldnt have debug logging enabled, as all is done through policy. Think others should have the same issue? Or not?