ERA agent not connecting to ERA server

[fchelp 3]

Hi,

I created an all in one installer, and installed a few computers with it, for some unknown reason the computers don't connect to era.

Where  could be the issue? ( i already disabled the firewall) 

Thanks in advance

Edited March 6, 2018 by fchelp

[Marcos 5,074]

Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log for possible errors.

[fchelp 3]

I found this error in last-error.html

Quote

CReplicationManager: Replication (network) connection to 'host: "<snip>.<snip>.<snip>" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found

 

[karlisi 26]

Can you ping ERA server from these clients? Perhaps you have DNS name in installer's configuration and clients can't resolve it.

[fchelp 3]

 

8 hours ago, karlisi said:

Can you ping ERA server from these clients? Perhaps you have DNS name in installer's configuration and clients can't resolve it.

Yes i am able to ping the ERA server

[fchelp 3]

Update: it seems that the issue is unrelated to AIO installer, the issue appears even on computers that the agent was installed through ERA.

Edited March 6, 2018 by fchelp

[MartinK 378]

14 hours ago, fchelp said:

Update: it seems that the issue is unrelated to AIO installer, the issue appears even on computers that the agent was installed through ERA.

Does this happens only on specific machine or on all? Error " The requested name is valid, but no data of the requested type was found" seems to be generic and provided by Windows itself in case it is not able to resolve DNS name.

Could you try to use IP address instead of hostname, or possibly some kind of alternate name? Is it IPv4 network, or hostname is using IPv6 addresses?

[fchelp 3]

3 hours ago, MartinK said:

1. Does this happens only on specific machine or on all?
   Error " The requested name is valid, but no data of the requested type was found" seems to be generic and provided by Windows itself in case it is not able to resolve DNS name.
2. Could you try to use IP address instead of hostname, or possibly some kind of alternate name?
3. Is it IPv4 network, or hostname is using IPv6 addresses?

1. It happens on most new machines i am adding to ERA except one. (the only common denominator is they are all exactly the same model computer, and windows was cloned, I manually reinstalled ERA agent on each computer)
2. Where do i change the IP or the hostname in the clients ERA agent?
3. It's a IPv4 network

Thanks

Edited March 7, 2018 by fchelp

[MartinK 378]

In case AGENT is not connecting (i.e. remote management is not possibly), only way how to force it co connect to different hostname or IP address is to use installation repair. I have described it in one of my previous posts. I would recommend to check whether AGENT will be able to connect to SERVER in case IP address is provided. Be aware that this will work only in case IP address or wildcard "*" was used in SERVER's SSL certificate (this can be verified in SERVER's settings).

Does command:

nslookup <hostname of ERA>

return correct response on client machine? Hostname must be exactly the same as AGENT is using to be sure there is no typo.

[fchelp 3]

21 hours ago, MartinK said:

In case AGENT is not connecting (i.e. remote management is not possibly), only way how to force it co connect to different hostname or IP address is to use installation repair. I have described it in one of my previous posts. I would recommend to check whether AGENT will be able to connect to SERVER in case IP address is provided. Be aware that this will work only in case IP address or wildcard "*" was used in SERVER's SSL certificate (this can be verified in SERVER's settings).

Does command:

nslookup <hostname of ERA>

return correct response on client machine? Hostname must be exactly the same as AGENT is using to be sure there is no typo.

the commend nslookup returns the correct ip, and i'm able to ping it as said already in a previous post.

[fchelp 3]

Is there anyway i could see in ESET endpoint application, to which ERA server it tries to connect?

[MichalJ 434]

Only in the "status.html" which is located in C://ProgramData/ESET/RemoteAdministrator/Agent/... (there is a section for logs, and there is "status.html" which should give you the information about the machine, where it is trying to connect. 

[fchelp 3]

I just check in the status.html file and the server name is the correct one, and nslookup was successful as well.

So could someone please tell me what the hack is wrong with ERA agent that it doesn't connect to the ERA server?!

[ewong 8]

Could the firewall be blocking port 2222?

Edited March 20, 2018 by ewong

[Marcos 5,074]

On 3/9/2018 at 4:27 PM, fchelp said:

I just check in the status.html file and the server name is the correct one, and nslookup was successful as well.

So could someone please tell me what the hack is wrong with ERA agent that it doesn't connect to the ERA server?!

Please post status.html here.

[Guest sindbad]

A good way is to telnet. To see if the port is open. 

 

Happened to me before. 

[ewong 8]

On 2/27/2018 at 2:02 AM, fchelp said:

Hi,

I created an all in one installer, and installed a few computers with it, for some unknown reason the computers don't connect to era.

Where  could be the issue? ( i already disabled the firewall) 

Thanks in advance

Which firewall did you disable?  The client or the server?

 

[ewong 8]

Here's another possibility and I think this is what's horking me up a bit (though I have no explanations).

Look into the Programs and Features (or whatever the equivalent option is) in Control Panel.  The look for your ESET Agent.  Ensure that it exists.

Now, go into c:\Program Files\ESET and check if Agent exists.

If not, you have an installation issue and will have to use the ESETUninstaller to uninstall it and then install it again.   The rationale for using the ESETUninstaller is because you can't use the Program and FEatures uninstall option as it won't find c:\program files\ESET\Agent directory and thusly choke.

After you've run the Esetuninstaller,  try to install the Agent again with the correct installation setup parameters (era server ip, port, etc).

*This* is what I'm choking with.  I think it stems with the fact that I was using GPO to deploy the agents and I MISSED including the extra install configuration.  I'm attempting to fix this.

Edited March 21, 2018 by ewong

[ewong 8]

I noticed that while 'repairing' the Agent on the 'client' system,  the first screen it shows was the host setup (where ERA was) and it showed localhost.  So what I'm guessing is that the Agent was contacting localhost:2222 and not getting any response (naturally).

[fchelp 3]

 

On 3/20/2018 at 4:34 AM, ewong said:

Could the firewall be blocking port 2222?

I have other computers with era that are connecting, it's only a few that don't.

On 3/20/2018 at 5:05 AM, Marcos said:

Please post status.html here.

status (2).zip (i removed the server name for security reasons)

On 3/20/2018 at 3:07 PM, sindbad said:

A good way is to telnet. To see if the port is open. 

 

Happened to me before. 

As written before, it can't be that the issue is that the port is blocked, as i have a lot of computers that are connecting to era.

18 hours ago, ewong said:

Which firewall did you disable?  The client or the server?

Client Firewall.

11 hours ago, ewong said:

Here's another possibility and I think this is what's horking me up a bit (though I have no explanations).

1. Look into the Programs and Features (or whatever the equivalent option is) in Control Panel.  The look for your ESET Agent.  Ensure that it exists.

2. Now, go into c:\Program Files\ESET and check if Agent exists.

3. If not, you have an installation issue and will have to use the ESETUninstaller to uninstall it and then install it again.   The rationale for using the ESETUninstaller is because you can't use the Program and FEatures uninstall option as it won't find c:\program files\ESET\Agent directory and thusly choke.

After you've run the Esetuninstaller,  try to install the Agent again with the correct installation setup parameters (era server ip, port, etc).

*This* is what I'm choking with.  I think it stems with the fact that I was using GPO to deploy the agents and I MISSED including the extra install configuration.  I'm attempting to fix this.

It's showing in "Programs and Features" and in "c:\Program Files\ESET" folder.

It's wasn't deployed using GPO, it was installed using an AIO.

10 hours ago, ewong said:

I noticed that while 'repairing' the Agent on the 'client' system,  the first screen it shows was the host setup (where ERA was) and it showed localhost.  So what I'm guessing is that the Agent was contacting localhost:2222 and not getting any response (naturally).

That's unrelated, as it's asking you for new configuration, but your old one you should be able to see in Status.html

 

I was able to find a common denominator between all computers that are not connecting to era, all of them are clones from one image, so most probably there lies the issue, but i can't pinpoint exactly where, i already uninstalled and reinstalled the era agent on the computers.

 

Thanks in advance.

[ewong 8]

Just to summarize for clarification:

•  You deployed the Agent on a number of systems via ERA.
• The firewall on these systems were disabled(for the sake of testing). 
• You pinged the server from the affected system and it worked.
• ESET Agent exists and is running.
• The affected systems are clones of a single image. [assuming their ips are all unique]

(You didn't mention if  you tried telneting into the server's 2222 port from the affected system)

So at this point,  I can only suggest the following:

- Have you tried deleting the (cannot-connect-to-the-server) entries in ERA and wait for the Agent to contact the server?

- Have you tried running wireshark on one system and seeing if indeed it is trying to connect to the server's 2222 port?

 

 

[MartinK 378]

According to provided status log, this AGENT is successfully connecting to ERA.

Could you be more precise why you consider it not connecting? There is not even entry in ERA console? Or computer you are checking has outdated last connection time? Any chance you are using machine cloning in your environment - asking because that could cause confusion in ERA? There is also chance that this computer is named differently in ERA console, for example in case it changed hostname in ERA it will be named using original name it used during first connection ... only exception is automatic renaming task.

[MichalJ 434]

What I would suggest, is to simply run a "reset cloned agent task" on the machine, which was the source for the cloning.

If you have cloned a machine that was having ERA agent installed already, it will simply report to the same entry, as during cloning, the agent UUID is not changed. This behavior will be greatly improved in the upcoming V7, where server will automatically detect change in the computer HW (which is automatically changed in case of virtual machines), and alert on a potential conflict, with option to resolve it by "one click".

[ELIMA 0]

On 22/03/2018 at 4:16 AM, MartinK said:

According to provided status log, this AGENT is successfully connecting to ERA.

Could you be more precise why you consider it not connecting? There is not even entry in ERA console? Or computer you are checking has outdated last connection time? Any chance you are using machine cloning in your environment - asking because that could cause confusion in ERA? There is also chance that this computer is named differently in ERA console, for example in case it changed hostname in ERA it will be named using original name it used during first connection ... only exception is automatic renaming task.

I am exactly with the same problem described, status.log informs that a machine is connected to the ERA server, using wireshark (server side), I confirm that the machine is actually connecting to the server. However, the machine does not appear on the console.

Any suggestion?

ServerSideCapture.zip