Jump to content

Archived

This topic is now archived and is closed to further replies.

jimmy09

ERA Agent V7 issues

Recommended Posts

Any chance you opened support issue with ESET regarding this issue? We will need more details and especially memory dump of ERAServer.exe process (in moment clients are not connecting correctly) so that we can check what is going on. It contains sensitive information so it is not suitable to upload it on public storage ...

Share this post


Link to post
Share on other sites

Yes, I have multiple tickets open related to V7 issues.  The last ticket I had opened with ESET about this, they closed saying the solution was changing the Agent check-in time to 20 min.  My ticket number was 179128 opened with ESET North America support.

Share this post


Link to post
Share on other sites

Should I start implementing the ERA Proxy?  I have about 1,400 clients.

Share this post


Link to post
Share on other sites

All 200 desktops stopped connecting to the server at the same time with same Deadline exceeded error. I'm not sure if agent check in time would help. I will contact ESET support and ask for help if this repeats.

Share this post


Link to post
Share on other sites

That's what happens for us as well. They all stop connecting at the exact same time until you restart the ESMC service.

Share this post


Link to post
Share on other sites
On 10/1/2018 at 4:01 PM, jimmy09 said:

Should I start implementing the ERA Proxy?  I have about 1,400 clients.

ERA Proxy is not supported in ESMC

Share this post


Link to post
Share on other sites

@jimmy09 For a network consisting of 1400 clients, even in case of ERA 6.5, deployment of ERA proxy is not necessary, as single server should handle such amount of computers with ease. We are currently investigating a case, when under certain conditions server stops receiving connections. Have you opened a ticket with US customer care? Do you have more details, about the frequency of the problem (does it happen once a day, or once a week, or there is no regular interval in which this event happens).

@Pinni3 It looks similar to your issue, but we have customers that are having connection issues for different reasons that were the ones in your case. 

Share this post


Link to post
Share on other sites

Im happy that my problems are finally solved and Im continue to upgrade clients @MichalJ:) 

Share this post


Link to post
Share on other sites

I got tired of contacting support and not getting a resolution. I've listed the support numbers for the issues I've had in this forum post already.  I just created a task schedule that restarts the ESMC every couple hours. So far, it has been working.

 

For others that are interested, here is the powershell command I have the task schedule running.

Restart-Service -Name EraServerSvc

 

Thanks.

Share this post


Link to post
Share on other sites

@Jimmy09 can You paste Your logs while server drops connections? Pm me with details about Your env configuration. I will try to help You. Restarting server isnt an option

Share this post


Link to post
Share on other sites

Have all the same issues after upgrade from ERA6 to ESMC7. I restarting server every 2-3 days, otherwise new clients not appearing, client tasks not working, scheduled tasks not starting. Opened case with Russian ESET support, sent dumps to them today. Any ETA with fixes? ERA6 worked very well, never had problems...

Share this post


Link to post
Share on other sites

All of You guys use windows as a os for esmc?

Share this post


Link to post
Share on other sites
59 minutes ago, Pinni3 said:

All of You guys use windows as a os for esmc?

In my environment - yes, ESMC on Win Server 2012R2 

Share this post


Link to post
Share on other sites

All I can say is, I had similar problems to You guys. Version 6 worked for me without any problems. Then after upgrade I noticed several issues. I was sure that it was ESET console, but I was wrong. In my case problems were caused by security profiles on UTM (enterprise firewall). Console works like a charm....so...

Im almost sure its not ESET when it comes to Your console. I would start with basic info :

  • is this server within Your network (when agents) or its remote
  • how many agents
  • what are server specifications
  • what type of database are You using
  • what logs shows console when dropping connections
  • when server starting to drop connections it drops agents v7 ot v6 or both ?
  • have You migrated agents to v7 (what is percentage)

Share this post


Link to post
Share on other sites

In my case:

  • Firewall disabled on server and clients (only perimeter firewalls enabled). Some clients in same subnet, some in others - doesn't matter.
  • My network
  • ~400 agents
  • VM with 4 vCPU, 10GB RAM (when it was ERA6 it had 6GB RAM and no issues)
  • MSSQL 2014 Standard on separate server with 2CPU and 64GB RAM
  • Looks like issue only with v7 agents. It was situation, when I enabled 2 old VMs with v6 installed on it - they appeared in ESMC instantly in "Lost & Found" with all info. I removed agent v.6 and installed agent v.7 on VMs. After that 2 new instances with same name appeared in "Lost & found", but without any info. I waited for 1 hour, restarted both VMs - nothing. After restarting of ESMC service they are instantly become as computers with agent v7 installed.
  • Now I migrated ~99% of computers to v7 agent, so problem with ESMC appearing every 2-3 days

Share this post


Link to post
Share on other sites

From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections.

It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these.

And one more thing : gateway is some sort of router or maybe UTM ? Maybe there are some IPS profiles on policy for internal packets ?

Share this post


Link to post
Share on other sites
Just now, Pinni3 said:

From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections.

It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these.

Disabling firewall only doing issues if you disabling service. If it disabled correctly by GPO or by network profiles - nothing wrong with it, ICMP will work, no any issues. I already sent logs and Wireshark dumps to ESET support.

Share this post


Link to post
Share on other sites

I'm getting similar issues here. A ton of machines are losing connection to ESET. The workaround has been to re-install the agent; however, the last time I did this, the machines show up in the ESET Management Center, but their status isn't a green check. It's been sitting with an empty circle for the past 2 days, modules unknown, and most last connected the same exact time the agent was reinstalled.  

 

Share this post


Link to post
Share on other sites

Just an update.  The reboot of the service every 4 hours is working well for me.  Just not a long term solution.  Hopefully it gets resolved soon.

Share this post


Link to post
Share on other sites

Same here, waiting for fix. Scheduled service restart works as a workaround.

Share this post


Link to post
Share on other sites

Hi There, 

I wonder if a permanent fix has been found for this? My client has the exact same issue.

I migrated my clients Eset RA 6.5 Appliance to a new v7 appliance and it was all ok with 6.X Agents. 

I then upgraded the agents to v7 and they all stopped checking in after a couple of days, and all stopped getting AV signature updates. So far this is effecting about 170 clients

The work around is rebooting the virtual appliance. Which is not a good look. 

Any help would be great!!!

Regards,

Andy Denley

old Engineer... 

Share this post


Link to post
Share on other sites

All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network).

Share this post


Link to post
Share on other sites
1 minute ago, Pinni3 said:

All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network).

Yeah, all worked fine with ERA6, now not working with  with ESMC7 (with same issues by many clients in many countries) and the problem is in our environment. L - Logic...

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...