ernestodelisi 0 Posted April 11, 2017 Share Posted April 11, 2017 Good afternoon, we have a problem with this agent, it is an endpoint client. Any idea what it could be? Attached log files. Thank you very much. RemoteAdministratorAgentDiagnostic20170411T172921.zip NCPAR509225.rar Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted April 12, 2017 ESET Staff Share Posted April 12, 2017 Please verify status of AGENT that is installed on the same machine as PROXY (= so called managing agent). This AGENT is responsible for processing and uploading logs from PROXY to server. This specific error means that device is unknown to SERVER, i.e. there is not yet entry in Lost&Found group created for this newwly installed AGENT. Link to comment Share on other sites More sharing options...
ernestodelisi 0 Posted April 25, 2017 Author Share Posted April 25, 2017 Thanks for the reply, we currently have another error, agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116 Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted April 25, 2017 ESET Staff Share Posted April 25, 2017 Please check in what state is PROXY itself. IS it connecting to ERA? See status.html log of PROXY (not AGENT on the same machine) whether it is connecting. Seems AGENT connecting to PROXY are timeouting, i.e. they do successfully connect, but they are not handled in time - this could be caused by broken or extremely slow database. Is there enough resources for PROXY and it's database. Is PROXY'ss databse on local machine or remote - if remove, is network connection between them sufficiently fast in terms of response times? Link to comment Share on other sites More sharing options...
ernestodelisi 0 Posted April 25, 2017 Author Share Posted April 25, 2017 53 minutes ago, MartinK said: Please check in what state is PROXY itself. IS it connecting to ERA? See status.html log of PROXY (not AGENT on the same machine) whether it is connecting. Seems AGENT connecting to PROXY are timeouting, i.e. they do successfully connect, but they are not handled in time - this could be caused by broken or extremely slow database. Is there enough resources for PROXY and it's database. Is PROXY'ss databse on local machine or remote - if remove, is network connection between them sufficiently fast in terms of response times? The ERA Proxy gives us the following error (attached). The databases are on another virtual server. The database server has 8 sockets @2.00 GHz and 14gb of RAM. We have 12000 clients in ESET version 6. The servers are in the same vlan, do not go through the firewall, Era proxy, Era Server and Database Server. Thaks! Link to comment Share on other sites More sharing options...
Recommended Posts