Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by kingoftheworld

  1. Nope, we tested the 6.4.112 RC and the same issue has persisted.
  2. Thanks for your help. I don't think we had that when we first built the server, but either way looks like we are very undersized for what our planned usage will be. Our Windows SQL DBA is on board with moving this DB onto one of enterprise SQL servers with a HA setup. This leads me to my next question, is there any instructions/documentation available on migrating the DB onto another server and reconfiguring the console?
  3. Currently, we probably have roughly 4k machines reporting in with a 10 minute connection interval. After some research, it may be the limitation of the SQL 2008 Express install since I believe it is limited to 1 CPU, and 1 GB or RAM.
  4. I am running ERA 6.4 on Windows 2012R2 with a local MS SQL Express install. For the last couple of days, I have had a high number of pending logs (roughly 17k) showing on my dashboard. This is causing clients not to be able to communicate to the server in a timely manner. The resources seem fine on the server, 2 vCPUS running at about 50% utilization and previously 4GBs of RAM that was about 85% utilized. I thought that was a little high, so we increased to 6GB, but there wasn't really any noticeable difference. Has anyone experienced similar issues?
  5. We received a similar alert from our systems team this week referencing this folder filling quickly. Any advice on how to clear out without impacting the server is appreciated. Also running ERA 6.4 on Win 2012R2
  6. I am out of the office for the rest of the week, but I can probably gain access to some of the logs next week. However, the "Last Error Log" showed a date/time well in the past. For the post above, it was "Generated at 2016-Aug-31 10:25:26 (2016-Aug-31 06:25:26 local time)" Obviously, we are well into December now, but I am not sure if this is generated at the last time an entry was added to the log or the current time of the machine when I viewed the file.
  7. The GUI is the cause of the issue. We have found that forcing the GUI to not to try to launch will correct the issue. I believe our OSX engineer modified one of the plist files that points to the location of the GUI will cause it to fail immediately. The A/V component appears to function normally at that point, but we are hoping for an actual fix.
  8. Have you opened a case for the OSX issue? I am currently still working with support since roughly June on the OSX startup delay. They provided an early release of 6.4 for OSX that doesn't appear to resolve the issue.
  9. I spoke with ESET Business Support on Monday regarding this issue. We were able to get the machine working by reinstalling, and then it shows back up. But as mentioned above, this is not a workable solution as there really isn't a method for knowing when they stop working. I am able to determine this however through the AD sync task. I am able to do the tedious process of looking through the objects and finding which ones are not "managed" . I was a little disappointed in the rep not really wanting to look into the root cause. However, I have been in communication with someone from your top business support on a few other issues that he has been very helpful with solving, so I was going to bring it up with him after the holidays. However, I do have logs from one of the machines that I can provide. The error showing in the last errors html file seems to be consistent with all of the machines that have the issue. The ticket number from when I spoke with someone from support this week was: 1502830. A sample from the last error log: CEssConnectorModule 2016-Aug-31 10:25:22 Requesting protection status log from product CEssConnectorModule 2016-Aug-31 10:25:22 Protection status content: CEssConnectorModule 2016-Aug-31 10:25:22 Protection status log deserialized and published CSystemConnectorModule 2016-Aug-31 10:25:24 StatusLog_PERFORMANCE_USER_STATUS: "Rows":[{"symbols":[{"symbol_type":453,"symbol_data":{"val_int":[1]}},{"symbol_type":447,"symbol_data":{"val_uuid":[{"uuid":"442b1cd1-77ce-40f7-a9c7-94a0cbed839f"}]}},{"symbol_type":454,"symbol_data":{"val_time_date":[{"year":2016,"month":8,"day":31,"hour":10,"minute":25,"second":24}]}},{"symbol_type":456,"symbol_data":{"val_res_id":[508906757892866568]}}]}] AutomationModule 2016-Aug-31 10:25:24 Trigger: Tick ALLOWED [UUID=00000000-0000-0000-7006-000000000001, TYPE=REPLICATION]. CDataMinersModule 2016-Aug-31 10:25:24 Machine is not idle because user is not idle SchedulerModule 2016-Aug-31 10:25:24 Received message: RegisterSleepEvent AutomationModule 2016-Aug-31 10:25:24 Task: Executing task [UUID=00000000-0000-0000-7005-000000000001, TYPE=Replication, CONFIG=scenarioType: REGULAR linkData { dataLimit: 1024 isDisabled: false connections { host: "[REMOVED]" port: [REMOVED] } }]. SchedulerModule 2016-Aug-31 10:25:24 Received message: GetRemainingTimeByUserDataRequest CReplicationModule 2016-Aug-31 10:25:24 CReplicationManager: Processing client replication task message CReplicationModule 2016-Aug-31 10:25:24 CReplicationManager: Initiating replication connection to 'host: "[REMOVED]" port: [REMOVED]' (scenario: Regular, data limit: 1024KB) NetworkModule 2016-Aug-31 10:25:24 Received message: CreateConnectionRequest NetworkModule 2016-Aug-31 10:25:24 Attempting to connect to endpoint: [REMOVED] NetworkModule 2016-Aug-31 10:25:24 Forcibly closing sessionId:60, isClosing:0 NetworkModule 2016-Aug-31 10:25:24 Removing session 60 NetworkModule 2016-Aug-31 10:25:24 Closing connection , session id:60 NetworkModule 2016-Aug-31 10:25:24 Sending message: ConnectionFailure CReplicationModule 2016-Aug-31 10:25:26 CReplicationManager: Replication (network) connection to 'host: "[REMOVED]" port: [REMOVED]' failed with: (0x2751), A socket operation was attempted to an unreachable host The date/times are all different on each of the ones that I have had to fix so there is no common theme there.
  10. I am interested in receiving a copy of the beta. Please sign me up.
  11. I can confirm this behavior in my environment with the Windows agent. We have only about a 100 macs, but we have ~6,000 PCs and I am seeing it happen with those on roughly a hundred. The weird thing is that the machines continue to get the policy changes I make, but I can not find them anywhere.
  12. For me, it is all of the ones we tested. We have not taken it to production yet because we are able to replicate it 100% of the time. This is with a vanilla OSX image joined to AD, or with our image (which is not heavily customized anyways). This also happens with the ERA agent and without. I don't think DHCP leases have anything to do with our issue because we experience the issue on the first domain login long before the DHCP lease expires.
  13. Also not the case, we tested this by installing ONLY the ESET Endpoint AV application and activated using my security admin account. The issue still persisted and points to the AV application itself.
  14. Would recommend you go the command-line mirror tool and serve them over an HTTP using your choice of web server product (Apache and IIS I have tested with). The one built into the products is not designed for any large scale deployment.
  15. Any update on when the fixed from the 1250 module will be released for business users? I am needing to make a change to my endpoints around the fix of this issue.
  16. I would like to submit a feature request for an EASY method of using an actual trusted SSL certificate for the ERA console. Something where I can click a button in the GUI to generate the CSR, and then a text box to import the certificate and chain. I don't want to have to mess with the key util from tomcat and risk bricking my server.
  17. Please open tickets with support! Those of us that have are often not getting anywhere because there hasn't been enough people reporting the issue.
  18. You could serve the updates over HTTP using a local web server such as IIS or Apache that is on your isolated segment. You would be able to manually drop the definitions on to that via USB or other means. This would be easier than walking to each machine.
  19. I too have had issues with ERA 6/ESET 4 for Linux endpoint. I have seen where the client will just disappear out of my ERA console as if it was never there, and then it will just reappears at random times. Unable to find via IP or hostname.
  20. Feel free to reference case #1471439 within your case if you think it would help. It was created on Sept-1 and I provided log files the same day. The only info I've gotten since then is that it's "currently under review", waiting for a response from the Dev team. I am in the same boat, and I have referenced your ticket number as well. So hopefully there are some notes linking the symptoms together.
  21. I have referenced your ticket number with my case, 1429979. I am currently awaiting a reply and will let you know what I hear.
  • Create New...