Update Failure

[Prasannamad 0]

Hi,

We have facing some detection engine update issues from today on words.We use update mirrors to deploy updates to clients.Mirror update completed successfully but clients getting failed with below error.Please look into this matter ASAP.I have also tried with clear update cache option also.But it not worked.

 

[Marcos 5,189]

How do you create the mirror? With the Mirror tool or you are using an ESET product for that? If so, what product and version? What is the version of Endpoint that is reporting the general compiler error?

[Prasannamad 0]

Thanks for the quick response.We use ESET product for mirroring. ESET remote administrator 6.5 version and for clients ESET endpoint security 6.5 and 6.6 versions.We identified this error reporting on ESET endpoint security 6.5 installed clients.

 

[Marcos 5,189]

And what product creates the mirror? Endpoint v6.5 or v6.6? Updates for EP6.5 and 6.6 are not compatible and a separate mirror needs to be created for each.

Instead of using the mirror, we strongly recommend using HTTP Proxy which will save you a lot of traffic. The thing is a big portion of files downloaded to the mirror with each update is not used by clients at all.

[jkknight 2]

I am having this same issue with EPS for Windows, but we are not using the mirror function as recommended. The last successful update for this machine was Aug 3 which was the last time it was used.

Just installed 6.62086.1 on a machine that had the previous version and was getting module updates fine. After upgrading to newest release the "updating product" just sits as if it's trying to connect to the server and will eventually fail (or time out). I've cleared the update cache under UPDATE>GENERAL, changed UPDATE>PROFILES>BASIC>update type to pre-release, uninstalled and reinstalled EPS, made sure that UPDATE>PROFILES>BASIC>UPDATE SERVER was set to choose automatically and checked that the Firewall was not blocking anything important.

 

The Event Logs show that the download was interrupted by user NT AUTHORITY\SYSTEM

 

Is there anything I am missing to double check?

[jkknight 2]

Just a bit of an update - I have turned off the proxy settings for both the server and the clients to force it to connect to the ESET update servers. The IP it is trying to connect to is 38.90.226.39 (um10.eset.com) - our trace route is below.

 

traceroute to 38.90.226.39 (38.90.226.39), 64 hops max, 72 byte packets

1  internal gateway  0.727 ms  0.299 ms  0.320 ms

2  external IP  2.635 ms  1.843 ms  1.826 ms

3  xe0-0-1-0.agr01.chrx01-nc.us.windstream.net (169.130.167.181)  1.772 ms  1.846 ms  1.771 ms

4  xe5-3-3-0.pe07.chrl01-nc.us.windstream.net (40.130.35.235)  1.846 ms  1.800 ms  1.798 ms

5  et8-0-0-0.cr02.chrl01-nc.us.windstream.net (40.128.248.160)  1.994 ms  1.873 ms  1.857 ms

6  ae8-0.cr02.atln02-ga.us.windstream.net (40.132.59.32)  6.668 ms  6.884 ms  6.748 ms

7  atl-bb1-link.telia.net (80.239.194.9)  9.330 ms  6.900 ms  7.227 ms

8  cogent-ic-332070-atl-b22.c.telia.net (62.115.157.143)  7.496 ms  7.030 ms  7.108 ms

9  be2848.ccr42.atl01.atlas.cogentco.com (154.54.6.117)  7.345 ms  7.144 ms  7.220 ms

10  be2690.ccr42.iah01.atlas.cogentco.com (154.54.28.130)  25.962 ms  26.054 ms  26.013 ms

11  be2928.ccr21.elp01.atlas.cogentco.com (154.54.30.162)  48.273 ms  48.148 ms  48.334 ms

12  be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77)  57.055 ms  56.960 ms  56.720 ms

13  be2941.rcr52.san01.atlas.cogentco.com (154.54.41.33)  57.064 ms  57.313 ms  57.108 ms

14  te0-0-2-3.nr12.b036483-1.san01.atlas.cogentco.com (154.24.24.186)  57.663 ms  57.534 ms  57.488 ms

15  38.88.58.18 (38.88.58.18)  57.646 ms  57.685 ms  57.940 ms

16  um10.eset.com (38.90.226.39)  57.239 ms  57.650 ms  57.257 ms

 

The client still says that the download is interrupted... I can ping that IP address from inside our network so I know it's not an issue with the connection being made. I am actually able to watch the ekrn.exe process make the connection over HTTP and then it kicks off several HTTPS connections to several different IP's which I assume are where the modules are to be downloaded from?

[Marcos 5,189]

The error "download interrupted" has always been a communication error between users' pc and ESET's update servers. In some cases, we suspected a firewall or trasparent proxy at users to be causing these issues.

Please do the following:
- enable advanced update engine and firewall logging under Tools -> Diagnostics
- try to update Endpoint
- stop logging
- collect logs with ESET Log Collector
- drop me a personal message with a download link to the generated archive with logs.