Jump to content

ERA Agent V7 issues


Recommended Posts

I have a decent amount of clients that agents are checking in.  When I go to re-install or uninstall the agent, it gets stuck at "Stopping Service".  Attached are the trace logs from a Windows 10 client.  This is happening to both Windows 10 agents and Windows Server agents.  Anyone else having these issues?

trace.log

Link to comment
Share on other sites

When looking at the status.html file, I noticed this error on the Last replication section.

 

ERROR: InitializeConnection: Initiating replication connection to 'host: "**ServerName Removed**" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "**ServerName Removed**" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 4, error message: Deadline Exceeded, and error details:
  • Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: **ServerName Removed**:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: c4eccab2-b7d6-4dee-a92b-ac6fd4c8e1f4, Sent logs: 0, Cached static objects: 59, Cached static object groups: 9, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
  • All replication attempts: 22

 

Link to comment
Share on other sites

I too am having this issue. I then ran the Offline Uninstaller, removing both Agent and Client in Safe Mode. The re-installs go fine but then the ESMC shows the computers as Unmanaged. On the computer itself all looks fine.

Link to comment
Share on other sites

I think I am having the same issue. 

About a week ago, I upgraded the ESET ERA 6 server to the new ESMC 7, that went fine, clients continued to check in. It was an in place upgrade on Windows server 2016.

On Aug 24, I upgraded the agents on all my Windows servers and most of the workstations (both in office and remote), using the ESMC component upgrade tool. Didn't push any endpoint upgrades as of yet, just agent.

Today I looked in ESMC, and I see only 1 of my servers is still reporting to ESMC, and less than half of my workstations reporting.. All the others stopped on Aug27, around 9:20pm local time. I looked at task execution histories and don't see anything happening on the 27th. No windows patches were pushed out that day, and this is in 2 different sites.

I ran agent diagnostic logs on one of the windows servers, and no errors reported there. It shows a last authentication with todays date, but in ESMC it shows Aug27 for this machine.

Last authentication 2018-Aug-30 12:13:14 Enrollment OK
Peer certificate 2018-Aug-30 12:13:08 OK
  • Agent peer certificate with subject 'CN=Agent certificate for host *,---removed---' issued by 'CN=Server Certification Authority, C=US' with serial number '---removed---' is and will be valid in 30 days
Product 2018-Aug-30 12:13:03 Product install configuration:
  • Product type: Agent
  • Product version: 7.0.553.0
  • Product locale: en_US
Replication security 2018-Aug-30 12:13:15 OK
  • Remote host: ---eset.removed---
  • Remote product: Server
 
 
 
I tried uninstalling agent on one of the windows servers, and it got stuck at stopping the service. Windows services console showed it as "stopping", and still was 10 minutes later. Killed it by PID, and it restarted but still didn't report in.
 
At this point, I decided to reboot the ESMC server, and now it appears I have all my servers and clients starting to report in.
So not sure what would cause ESMC to glitch in such a way that some clients still were recorded at reporting in, but others weren't.
 
I'll monitor and see if the issue re-occurs.
Link to comment
Share on other sites

Funny mine also last checked in on the 27th. And a reboot of the ESMC server have clients checking back in now. Odd...

Edited by JoTho
Link to comment
Share on other sites

  • ESET Staff

Could you please try to reboot/restart ESMC service, whether it helps as already noted? We have been reported similar issue, where for some reason, persistent connections were opened, but server was not responding.

Link to comment
Share on other sites

  • ESET Staff

In case issue re-appears, please contact ESET support. We will need more data, especially full memory dump of ESMC process (ERAServer.exe) from moment when AGENT are no longer able to connect. Public forum is not suitable to transfer such large and sensitive files.

We could possibly take look at "minidump" if you could provide me one via PM (minidump can be created for example using Process Explorer) -> it should be created in the same moment, as would full memory dump. Be aware, that it might contain sensitive data, even it is much smaller than full memory dump.

Link to comment
Share on other sites

Hi

I had few Window 7 machines failed to install Agent v7.The error is

Services "ESET Managment Agent' (EraAgentSvc) failed to start.Verify that you have sufficient privileges to start system services

Please find attach file for the logs

install.log

setupapi.dev.log

setupapi.app.log

ees_logs.zip

Capture.PNG

Link to comment
Share on other sites

9 hours ago, Ali Akbar said:

Hi

I had few Window 7 machines failed to install Agent v7.The error is

Services "ESET Managment Agent' (EraAgentSvc) failed to start.Verify that you have sufficient privileges to start system services

Please find attach file for the logs

install.log

setupapi.dev.log

setupapi.app.log

ees_logs.zip

Capture.PNG

 

We have the same issue as well on a lot of our windows 10 clients. 

Link to comment
Share on other sites

On 9/2/2018 at 9:57 AM, MartinK said:

In case issue re-appears, please contact ESET support. We will need more data, especially full memory dump of ESMC process (ERAServer.exe) from moment when AGENT are no longer able to connect. Public forum is not suitable to transfer such large and sensitive files.

We could possibly take look at "minidump" if you could provide me one via PM (minidump can be created for example using Process Explorer) -> it should be created in the same moment, as would full memory dump. Be aware, that it might contain sensitive data, even it is much smaller than full memory dump.

@MartinK Dumps have been made.  Contacted support.  (Case #179128) Uploaded dumps to https://eset.sharefile.com/share/upload/rb04f28f47c84d658

 

Thanks

Edited by jimmy09
Link to comment
Share on other sites

This issue has re-occured for us, many of our machines not reporting in Since Aug 30, but a bunch are still reporting in.

Tried installing on a brand new computer and it's not reported in so far.

Will open a case with ESET.

Link to comment
Share on other sites

Talked to ESET support today, they made a new agent check-in policy for every 20 minutes (we had it at 10), will see if it helps.

Also earlier today when I generated the logs, I got the same "Deadline Exceeded",  message jimmy reported for last synchronization.

 

Link to comment
Share on other sites

They had me change it to 20 min as well.  That didn't help.  Support is becoming a joke.  Have to wait over 24 hours for a call back and such.  I have multiple issues and have to wait 24 hours to talk to someone.   

Link to comment
Share on other sites

I did a bit more testing on my end.

Tried restarting apache, did not help.

Restarted ESMC service, agents reporting back in again.

Will talk to support on Monday, should be broken again by then.

Link to comment
Share on other sites

Good luck with support on Monday.  Update us as well.  I'll be trying to contact them as well.  We have trace logging turned on a couple of computers and the ESMC server.  So hopefully they can find something.  

Link to comment
Share on other sites

  • 2 weeks later...

I can say that I had same situation today. I pulled my db from old debian server to official VA, and it happend. Rebooted server and problem was solved. I dont know how You guys, but I look at server logs, and I get plenty of warning logs :

2018-09-19 09:54:54 Warning: CReplicationModule [Thread 7f24177ee700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-19 09:55:25 Warning: CReplicationModule [Thread 7f241aff5700]: VerifyDeviceAuthenticationToken: Verification of authentication token: e97553142e2d4fcf300f07ccb8ace7bf36d8ee08cdca73ec92d4b3844821fa5a failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-19 09:55:25 Warning: CReplicationModule [Thread 7f241aff5700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-19 09:56:14 Warning: CReplicationModule [Thread 7f24177ee700]: VerifyDeviceAuthenticationToken: Verification of authentication token: dec4abac002fb2d567428794519deeaf02128a642968e9c4166d3e9d9377df00 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-19 09:56:14 Warning: CReplicationModule [Thread 7f24177ee700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-19 09:56:16 Warning: CReplicationModule [Thread 7f2417fef700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 60948ac44f0860c1ec8552f928887f7e7cab7fb6a189bb56c8a22b99df549fdf failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-19 09:56:16 Warning: CReplicationModule [Thread 7f2417fef700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-19 09:56:53 Warning: CReplicationModule [Thread 7f241aff5700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 21d9eb5ae615f67102079218f39763266ee8a4b2dbd6a33b4ae80b95d5cde065 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=

 

I wonder are these logs are caused by old agents ?

 

Link to comment
Share on other sites

  • ESET Staff
On 9/4/2018 at 6:05 AM, Ali Akbar said:

Hi

I had few Window 7 machines failed to install Agent v7.The error is

Services "ESET Managment Agent' (EraAgentSvc) failed to start.Verify that you have sufficient privileges to start system services

Please find attach file for the logs

install.log

setupapi.dev.log

setupapi.app.log

ees_logs.zip

Capture.PNG

Hello.

The logs sadly do not contain Agent logs (that is we can't determine why it failed to start). If this issue is reproducible please do following at the time You get this error (before You press cancel) please zip entire folder C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData and PM it to me.

Thanks and sorry for the inconvenience.

Edited by LegacyConnectorSupport
Link to comment
Share on other sites

Still the same, oddly though it look like one has checked in today at 3 in the morning, but bit actually given any information to what's installed...

It's like it said hello then goodbye and not given any further information other than its name!

 

image.png.7bec33834078554487b977cb53570ab6.png

Edited by WebbyTech
Link to comment
Share on other sites

Hi, I encounter the same matter.

I have around 200 computer not checking in anymore.

I tried installing agent V7 on a new computer => not reporting

Running agent upgrade task from ESMC (6.5 to 7) = most of the time the agent gets upgraded on client station but as it doesn't report anymore after upgrade well ESMC says the client has an outdated agent....

I guess we have to wait ?

Please Help !

Link to comment
Share on other sites

  • Administrators
16 minutes ago, Quentin Fouse said:

Running agent upgrade task from ESMC (6.5 to 7) = most of the time the agent gets upgraded on client station but as it doesn't report anymore after upgrade well ESMC says the client has an outdated agent....

Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html as well as trace.log on such client for possible errors.

Link to comment
Share on other sites

On 8/27/2018 at 11:30 PM, jimmy09 said:

When looking at the status.html file, I noticed this error on the Last replication section.

 

ERROR: InitializeConnection: Initiating replication connection to 'host: "**ServerName Removed**" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "**ServerName Removed**" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 4, error message: Deadline Exceeded, and error details:
  • Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: **ServerName Removed**:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: c4eccab2-b7d6-4dee-a92b-ac6fd4c8e1f4, Sent logs: 0, Cached static objects: 59, Cached static object groups: 9, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
  • All replication attempts: 22 

 

 

Had this same error for around 200 desktops which were upgraded to ESET 7 before a month. Restarted the server, had to wait for sometime to get proper status.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...