Jump to content

Archived

This topic is now archived and is closed to further replies.

fchelp

ERA agent not connecting to ERA server

Recommended Posts

Hi,

I created an all in one installer, and installed a few computers with it, for some unknown reason the computers don't connect to era.

Where  could be the issue? ( i already disabled the firewall) 

Thanks in advance

Share this post


Link to post
Share on other sites

Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log for possible errors.

Share this post


Link to post
Share on other sites

I found this error in last-error.html

Quote
CReplicationManager: Replication (network) connection to 'host: "<snip>.<snip>.<snip>" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found

 

Share this post


Link to post
Share on other sites

Can you ping ERA server from these clients? Perhaps you have DNS name in installer's configuration and clients can't resolve it.

Share this post


Link to post
Share on other sites

 

8 hours ago, karlisi said:

Can you ping ERA server from these clients? Perhaps you have DNS name in installer's configuration and clients can't resolve it.

Yes i am able to ping the ERA server

Share this post


Link to post
Share on other sites

Update: it seems that the issue is unrelated to AIO installer, the issue appears even on computers that the agent was installed through ERA.

Share this post


Link to post
Share on other sites
14 hours ago, fchelp said:

Update: it seems that the issue is unrelated to AIO installer, the issue appears even on computers that the agent was installed through ERA.

Does this happens only on specific machine or on all? Error " The requested name is valid, but no data of the requested type was found" seems to be generic and provided by Windows itself in case it is not able to resolve DNS name.

Could you try to use IP address instead of hostname, or possibly some kind of alternate name? Is it IPv4 network, or hostname is using IPv6 addresses?

Share this post


Link to post
Share on other sites
3 hours ago, MartinK said:
  1. Does this happens only on specific machine or on all?
    Error " The requested name is valid, but no data of the requested type was found" seems to be generic and provided by Windows itself in case it is not able to resolve DNS name.
  2. Could you try to use IP address instead of hostname, or possibly some kind of alternate name?
  3. Is it IPv4 network, or hostname is using IPv6 addresses?
  1. It happens on most new machines i am adding to ERA except one. (the only common denominator is they are all exactly the same model computer, and windows was cloned, I manually reinstalled ERA agent on each computer)
  2. Where do i change the IP or the hostname in the clients ERA agent?
  3. It's a IPv4 network

Thanks

Share this post


Link to post
Share on other sites

In case AGENT is not connecting (i.e. remote management is not possibly), only way how to force it co connect to different hostname or IP address is to use installation repair. I have described it in one of my previous posts. I would recommend to check whether AGENT will be able to connect to SERVER in case IP address is provided. Be aware that this will work only in case IP address or wildcard "*" was used in SERVER's SSL certificate (this can be verified in SERVER's settings).

Does command:

nslookup <hostname of ERA>

return correct response on client machine? Hostname must be exactly the same as AGENT is using to be sure there is no typo.

Share this post


Link to post
Share on other sites
21 hours ago, MartinK said:

In case AGENT is not connecting (i.e. remote management is not possibly), only way how to force it co connect to different hostname or IP address is to use installation repair. I have described it in one of my previous posts. I would recommend to check whether AGENT will be able to connect to SERVER in case IP address is provided. Be aware that this will work only in case IP address or wildcard "*" was used in SERVER's SSL certificate (this can be verified in SERVER's settings).

Does command:


nslookup <hostname of ERA>

return correct response on client machine? Hostname must be exactly the same as AGENT is using to be sure there is no typo.

the commend nslookup returns the correct ip, and i'm able to ping it as said already in a previous post.

Share this post


Link to post
Share on other sites

Is there anyway i could see in ESET endpoint application, to which ERA server it tries to connect?

Share this post


Link to post
Share on other sites

Only in the "status.html" which is located in C://ProgramData/ESET/RemoteAdministrator/Agent/... (there is a section for logs, and there is "status.html" which should give you the information about the machine, where it is trying to connect. 

Share this post


Link to post
Share on other sites

I just check in the status.html file and the server name is the correct one, and nslookup was successful as well.

So could someone please tell me what the hack is wrong with ERA agent that it doesn't connect to the ERA server?!

Share this post


Link to post
Share on other sites

Could the firewall be blocking port 2222?

Share this post


Link to post
Share on other sites
On 3/9/2018 at 4:27 PM, fchelp said:

I just check in the status.html file and the server name is the correct one, and nslookup was successful as well.

So could someone please tell me what the hack is wrong with ERA agent that it doesn't connect to the ERA server?!

Please post status.html here.

Share this post


Link to post
Share on other sites

A good way is to telnet. To see if the port is open. 

 

Happened to me before. 

Share this post


Link to post
Share on other sites
On 2/27/2018 at 2:02 AM, fchelp said:

Hi,

I created an all in one installer, and installed a few computers with it, for some unknown reason the computers don't connect to era.

Where  could be the issue? ( i already disabled the firewall) 

Thanks in advance

Which firewall did you disable?  The client or the server?

 

Share this post


Link to post
Share on other sites

Here's another possibility and I think this is what's horking me up a bit (though I have no explanations).

Look into the Programs and Features (or whatever the equivalent option is) in Control Panel.  The look for your ESET Agent.  Ensure that it exists.

Now, go into c:\Program Files\ESET and check if Agent exists.

If not, you have an installation issue and will have to use the ESETUninstaller to uninstall it and then install it again.   The rationale for using the ESETUninstaller is because you can't use the Program and FEatures uninstall option as it won't find c:\program files\ESET\Agent directory and thusly choke.

After you've run the Esetuninstaller,  try to install the Agent again with the correct installation setup parameters (era server ip, port, etc).

*This* is what I'm choking with.  I think it stems with the fact that I was using GPO to deploy the agents and I MISSED including the extra install configuration.  I'm attempting to fix this.

Share this post


Link to post
Share on other sites

I noticed that while 'repairing' the Agent on the 'client' system,  the first screen it shows was the host setup (where ERA was) and it showed localhost.  So what I'm guessing is that the Agent was contacting localhost:2222 and not getting any response (naturally).

Share this post


Link to post
Share on other sites

 

On 3/20/2018 at 4:34 AM, ewong said:

Could the firewall be blocking port 2222?

I have other computers with era that are connecting, it's only a few that don't.

On 3/20/2018 at 5:05 AM, Marcos said:

Please post status.html here.

status (2).zip (i removed the server name for security reasons)

On 3/20/2018 at 3:07 PM, sindbad said:

A good way is to telnet. To see if the port is open. 

 

Happened to me before. 

As written before, it can't be that the issue is that the port is blocked, as i have a lot of computers that are connecting to era.

18 hours ago, ewong said:

Which firewall did you disable?  The client or the server?

Client Firewall.

11 hours ago, ewong said:

Here's another possibility and I think this is what's horking me up a bit (though I have no explanations).

1. Look into the Programs and Features (or whatever the equivalent option is) in Control Panel.  The look for your ESET Agent.  Ensure that it exists.

2. Now, go into c:\Program Files\ESET and check if Agent exists.

3. If not, you have an installation issue and will have to use the ESETUninstaller to uninstall it and then install it again.   The rationale for using the ESETUninstaller is because you can't use the Program and FEatures uninstall option as it won't find c:\program files\ESET\Agent directory and thusly choke.

After you've run the Esetuninstaller,  try to install the Agent again with the correct installation setup parameters (era server ip, port, etc).

*This* is what I'm choking with.  I think it stems with the fact that I was using GPO to deploy the agents and I MISSED including the extra install configuration.  I'm attempting to fix this.

It's showing in "Programs and Features" and in "c:\Program Files\ESET" folder.

It's wasn't deployed using GPO, it was installed using an AIO.

10 hours ago, ewong said:

I noticed that while 'repairing' the Agent on the 'client' system,  the first screen it shows was the host setup (where ERA was) and it showed localhost.  So what I'm guessing is that the Agent was contacting localhost:2222 and not getting any response (naturally).

That's unrelated, as it's asking you for new configuration, but your old one you should be able to see in Status.html

 

I was able to find a common denominator between all computers that are not connecting to era, all of them are clones from one image, so most probably there lies the issue, but i can't pinpoint exactly where, i already uninstalled and reinstalled the era agent on the computers.

 

Thanks in advance.

Share this post


Link to post
Share on other sites

Just to summarize for clarification:

  •  You deployed the Agent on a number of systems via ERA.
  • The firewall on these systems were disabled(for the sake of testing). 
  • You pinged the server from the affected system and it worked.
  • ESET Agent exists and is running.
  • The affected systems are clones of a single image. [assuming their ips are all unique]

(You didn't mention if  you tried telneting into the server's 2222 port from the affected system)

So at this point,  I can only suggest the following:

- Have you tried deleting the (cannot-connect-to-the-server) entries in ERA and wait for the Agent to contact the server?

- Have you tried running wireshark on one system and seeing if indeed it is trying to connect to the server's 2222 port?

 

 

Share this post


Link to post
Share on other sites

According to provided status log, this AGENT is successfully connecting to ERA.

Could you be more precise why you consider it not connecting? There is not even entry in ERA console? Or computer you are checking has outdated last connection time? Any chance you are using machine cloning in your environment - asking because that could cause confusion in ERA? There is also chance that this computer is named differently in ERA console, for example in case it changed hostname in ERA it will be named using original name it used during first connection ... only exception is automatic renaming task.

Share this post


Link to post
Share on other sites

What I would suggest, is to simply run a "reset cloned agent task" on the machine, which was the source for the cloning.

If you have cloned a machine that was having ERA agent installed already, it will simply report to the same entry, as during cloning, the agent UUID is not changed. This behavior will be greatly improved in the upcoming V7, where server will automatically detect change in the computer HW (which is automatically changed in case of virtual machines), and alert on a potential conflict, with option to resolve it by "one click".

Share this post


Link to post
Share on other sites
On 22/03/2018 at 4:16 AM, MartinK said:

According to provided status log, this AGENT is successfully connecting to ERA.

Could you be more precise why you consider it not connecting? There is not even entry in ERA console? Or computer you are checking has outdated last connection time? Any chance you are using machine cloning in your environment - asking because that could cause confusion in ERA? There is also chance that this computer is named differently in ERA console, for example in case it changed hostname in ERA it will be named using original name it used during first connection ... only exception is automatic renaming task.

I am exactly with the same problem described, status.log informs that a machine is connected to the ERA server, using wireshark (server side), I confirm that the machine is actually connecting to the server. However, the machine does not appear on the console.

Any suggestion?

ServerSideCapture.zip

2018-04-04 13_26_49-Status log.png

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...