Troubleshooting client install issues

[j-gray 33]

I have an AV install to a Win10 computer that is a hot mess and am not having much luck troubleshooting.

Successfully deployed agent (6.5.522.0) via ERA server -no issues

AV auto-deploys via ERA install task for dynamic group. The install task completed.

ERA shows policies are applied, but the GUI indicates policies are not applied (virus db not updated, settings require password, though we don't require one).

Interestingly, if I look at the client GUI it seems it's not activated. However ERA console does not show that it is not activated and it doesn't show up in the dynamic 'Not activated' group.

I've checked trace logs on the server and see successful connection from the client, certificate is verified, etc. then I see these entries:

Information: ConsoleApiModule [Thread ed4]: 349075 Deinitializing network connection.
Information: ConsoleApiModule [Thread ed4]: 349075 Ignoring connection closed, unknown connection (probably different product type).
Information: CReplicationModule [Thread 360]: CReplicationManager: Connection was closed by remote peer.
Information: NetworkModule [Thread d00]: Send unsuccessfull during session closing: (0x2745), An established connection was aborted by the software in your host machine;code: 10053; SessionId:349075

Update task sent from ERA server has been 'starting' for 50 minutes now. Though I successfully sent a simple reboot task from ERA server, which worked as expected.

I don't find any other useful information logged on the client or server to tell what the issue is. And this is the part I find frustrating with ESET; log files are obscure and cryptic with no useful information in the ERA console.

So, where to start with pinpointing the problem?

 

[Marcos 4,924]

On 1/31/2018 at 7:46 PM, j-gray said:

Interestingly, if I look at the client GUI it seems it's not activated. However ERA console does not show that it is not activated and it doesn't show up in the dynamic 'Not activated' group.

Is Endpoint reporting in its main gui that is is not activated?

If you don't see any warning, check if you have notifications about not activated product actually enabled in the advanced setup -> user interface -> application statuses -> general.

ERA enables you to control these notifications and reporting of them to ERA separately via a policy.

Also please provide us with the seat id found in HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\WebSeatId so that we can check if there were any activation attempts in the past.