ESET Staff MartinK 384 Posted October 1, 2018 ESET Staff Posted October 1, 2018 Any chance you opened support issue with ESET regarding this issue? We will need more details and especially memory dump of ERAServer.exe process (in moment clients are not connecting correctly) so that we can check what is going on. It contains sensitive information so it is not suitable to upload it on public storage ...
jimmy09 2 Posted October 1, 2018 Author Posted October 1, 2018 Yes, I have multiple tickets open related to V7 issues. The last ticket I had opened with ESET about this, they closed saying the solution was changing the Agent check-in time to 20 min. My ticket number was 179128 opened with ESET North America support.
jimmy09 2 Posted October 1, 2018 Author Posted October 1, 2018 Should I start implementing the ERA Proxy? I have about 1,400 clients.
Justin 0 Posted October 1, 2018 Posted October 1, 2018 All 200 desktops stopped connecting to the server at the same time with same Deadline exceeded error. I'm not sure if agent check in time would help. I will contact ESET support and ask for help if this repeats.
jimmy09 2 Posted October 1, 2018 Author Posted October 1, 2018 That's what happens for us as well. They all stop connecting at the exact same time until you restart the ESMC service.
Pinni3 21 Posted October 4, 2018 Posted October 4, 2018 On 10/1/2018 at 4:01 PM, jimmy09 said: Should I start implementing the ERA Proxy? I have about 1,400 clients. ERA Proxy is not supported in ESMC
ESET Staff MichalJ 434 Posted October 4, 2018 ESET Staff Posted October 4, 2018 @jimmy09 For a network consisting of 1400 clients, even in case of ERA 6.5, deployment of ERA proxy is not necessary, as single server should handle such amount of computers with ease. We are currently investigating a case, when under certain conditions server stops receiving connections. Have you opened a ticket with US customer care? Do you have more details, about the frequency of the problem (does it happen once a day, or once a week, or there is no regular interval in which this event happens). @Pinni3 It looks similar to your issue, but we have customers that are having connection issues for different reasons that were the ones in your case.
Pinni3 21 Posted October 4, 2018 Posted October 4, 2018 (edited) Im happy that my problems are finally solved and Im continue to upgrade clients @MichalJ Edited October 4, 2018 by Pinni3
jimmy09 2 Posted October 4, 2018 Author Posted October 4, 2018 I got tired of contacting support and not getting a resolution. I've listed the support numbers for the issues I've had in this forum post already. I just created a task schedule that restarts the ESMC every couple hours. So far, it has been working. For others that are interested, here is the powershell command I have the task schedule running. Restart-Service -Name EraServerSvc Thanks.
Pinni3 21 Posted October 4, 2018 Posted October 4, 2018 (edited) @Jimmy09 can You paste Your logs while server drops connections? Pm me with details about Your env configuration. I will try to help You. Restarting server isnt an option Edited October 4, 2018 by Pinni3
mrac 5 Posted October 5, 2018 Posted October 5, 2018 Have all the same issues after upgrade from ERA6 to ESMC7. I restarting server every 2-3 days, otherwise new clients not appearing, client tasks not working, scheduled tasks not starting. Opened case with Russian ESET support, sent dumps to them today. Any ETA with fixes? ERA6 worked very well, never had problems...
Pinni3 21 Posted October 5, 2018 Posted October 5, 2018 All of You guys use windows as a os for esmc?
mrac 5 Posted October 5, 2018 Posted October 5, 2018 59 minutes ago, Pinni3 said: All of You guys use windows as a os for esmc? In my environment - yes, ESMC on Win Server 2012R2
Pinni3 21 Posted October 5, 2018 Posted October 5, 2018 All I can say is, I had similar problems to You guys. Version 6 worked for me without any problems. Then after upgrade I noticed several issues. I was sure that it was ESET console, but I was wrong. In my case problems were caused by security profiles on UTM (enterprise firewall). Console works like a charm....so... Im almost sure its not ESET when it comes to Your console. I would start with basic info : is this server within Your network (when agents) or its remote how many agents what are server specifications what type of database are You using what logs shows console when dropping connections when server starting to drop connections it drops agents v7 ot v6 or both ? have You migrated agents to v7 (what is percentage)
mrac 5 Posted October 5, 2018 Posted October 5, 2018 In my case: Firewall disabled on server and clients (only perimeter firewalls enabled). Some clients in same subnet, some in others - doesn't matter. My network ~400 agents VM with 4 vCPU, 10GB RAM (when it was ERA6 it had 6GB RAM and no issues) MSSQL 2014 Standard on separate server with 2CPU and 64GB RAM Looks like issue only with v7 agents. It was situation, when I enabled 2 old VMs with v6 installed on it - they appeared in ESMC instantly in "Lost & Found" with all info. I removed agent v.6 and installed agent v.7 on VMs. After that 2 new instances with same name appeared in "Lost & found", but without any info. I waited for 1 hour, restarted both VMs - nothing. After restarting of ESMC service they are instantly become as computers with agent v7 installed. Now I migrated ~99% of computers to v7 agent, so problem with ESMC appearing every 2-3 days
Pinni3 21 Posted October 5, 2018 Posted October 5, 2018 (edited) From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections. It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these. And one more thing : gateway is some sort of router or maybe UTM ? Maybe there are some IPS profiles on policy for internal packets ? Edited October 5, 2018 by Pinni3
mrac 5 Posted October 5, 2018 Posted October 5, 2018 Just now, Pinni3 said: From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections. It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these. Disabling firewall only doing issues if you disabling service. If it disabled correctly by GPO or by network profiles - nothing wrong with it, ICMP will work, no any issues. I already sent logs and Wireshark dumps to ESET support.
brandobot 2 Posted October 5, 2018 Posted October 5, 2018 (edited) I'm getting similar issues here. A ton of machines are losing connection to ESET. The workaround has been to re-install the agent; however, the last time I did this, the machines show up in the ESET Management Center, but their status isn't a green check. It's been sitting with an empty circle for the past 2 days, modules unknown, and most last connected the same exact time the agent was reinstalled. Edited October 8, 2018 by brandobot
jimmy09 2 Posted October 12, 2018 Author Posted October 12, 2018 Just an update. The reboot of the service every 4 hours is working well for me. Just not a long term solution. Hopefully it gets resolved soon.
ludolf 6 Posted October 14, 2018 Posted October 14, 2018 Same here, waiting for fix. Scheduled service restart works as a workaround.
Andy D 0 Posted October 14, 2018 Posted October 14, 2018 Hi There, I wonder if a permanent fix has been found for this? My client has the exact same issue. I migrated my clients Eset RA 6.5 Appliance to a new v7 appliance and it was all ok with 6.X Agents. I then upgraded the agents to v7 and they all stopped checking in after a couple of days, and all stopped getting AV signature updates. So far this is effecting about 170 clients The work around is rebooting the virtual appliance. Which is not a good look. Any help would be great!!! Regards, Andy Denley old Engineer...
Pinni3 21 Posted October 15, 2018 Posted October 15, 2018 All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network).
mrac 5 Posted October 15, 2018 Posted October 15, 2018 1 minute ago, Pinni3 said: All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network). Yeah, all worked fine with ERA6, now not working with with ESMC7 (with same issues by many clients in many countries) and the problem is in our environment. L - Logic...
Pinni3 21 Posted October 15, 2018 Posted October 15, 2018 Just now, mrac said: Yeah, all worked fine with ERA6, now not working with with ESMC7 (with same issues by many clients in many countries) and the problem is in our environment. L - Logic... Mate... https://forum.eset.com/topic/16883-solved-esmc-logs/ Read first, comment after ok ?
Recommended Posts