Jump to content

ERA Agent V7 issues

jimmy09
 Share

Recommended Posts

  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted

Any chance you opened support issue with ESET regarding this issue? We will need more details and especially memory dump of ERAServer.exe process (in moment clients are not connecting correctly) so that we can check what is going on. It contains sensitive information so it is not suitable to upload it on public storage ...

Link to comment
Share on other sites
jimmy09

jimmy09 2

Posted
  • Author
Posted

Yes, I have multiple tickets open related to V7 issues.  The last ticket I had opened with ESET about this, they closed saying the solution was changing the Agent check-in time to 20 min.  My ticket number was 179128 opened with ESET North America support.

Link to comment
Share on other sites
Justin

Justin 0

Posted
Posted

All 200 desktops stopped connecting to the server at the same time with same Deadline exceeded error. I'm not sure if agent check in time would help. I will contact ESET support and ask for help if this repeats.

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted
On 10/1/2018 at 4:01 PM, jimmy09 said:

Should I start implementing the ERA Proxy?  I have about 1,400 clients.

ERA Proxy is not supported in ESMC

Link to comment
Share on other sites
  • ESET Staff
MichalJ

MichalJ 434

Posted
  • ESET Staff
Posted

@jimmy09 For a network consisting of 1400 clients, even in case of ERA 6.5, deployment of ERA proxy is not necessary, as single server should handle such amount of computers with ease. We are currently investigating a case, when under certain conditions server stops receiving connections. Have you opened a ticket with US customer care? Do you have more details, about the frequency of the problem (does it happen once a day, or once a week, or there is no regular interval in which this event happens).

@Pinni3 It looks similar to your issue, but we have customers that are having connection issues for different reasons that were the ones in your case. 

Link to comment
Share on other sites
jimmy09

jimmy09 2

Posted
  • Author
Posted

I got tired of contacting support and not getting a resolution. I've listed the support numbers for the issues I've had in this forum post already.  I just created a task schedule that restarts the ESMC every couple hours. So far, it has been working.

 

For others that are interested, here is the powershell command I have the task schedule running.

Restart-Service -Name EraServerSvc

 

Thanks.

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted (edited)

@Jimmy09 can You paste Your logs while server drops connections? Pm me with details about Your env configuration. I will try to help You. Restarting server isnt an option

Edited by Pinni3
Link to comment
Share on other sites
mrac

mrac 5

Posted
Posted

Have all the same issues after upgrade from ERA6 to ESMC7. I restarting server every 2-3 days, otherwise new clients not appearing, client tasks not working, scheduled tasks not starting. Opened case with Russian ESET support, sent dumps to them today. Any ETA with fixes? ERA6 worked very well, never had problems...

Link to comment
Share on other sites
mrac

mrac 5

Posted
Posted
59 minutes ago, Pinni3 said:

All of You guys use windows as a os for esmc?

In my environment - yes, ESMC on Win Server 2012R2 

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted

All I can say is, I had similar problems to You guys. Version 6 worked for me without any problems. Then after upgrade I noticed several issues. I was sure that it was ESET console, but I was wrong. In my case problems were caused by security profiles on UTM (enterprise firewall). Console works like a charm....so...

Im almost sure its not ESET when it comes to Your console. I would start with basic info :

  • is this server within Your network (when agents) or its remote
  • how many agents
  • what are server specifications
  • what type of database are You using
  • what logs shows console when dropping connections
  • when server starting to drop connections it drops agents v7 ot v6 or both ?
  • have You migrated agents to v7 (what is percentage)
Link to comment
Share on other sites
mrac

mrac 5

Posted
Posted

In my case:

  • Firewall disabled on server and clients (only perimeter firewalls enabled). Some clients in same subnet, some in others - doesn't matter.
  • My network
  • ~400 agents
  • VM with 4 vCPU, 10GB RAM (when it was ERA6 it had 6GB RAM and no issues)
  • MSSQL 2014 Standard on separate server with 2CPU and 64GB RAM
  • Looks like issue only with v7 agents. It was situation, when I enabled 2 old VMs with v6 installed on it - they appeared in ESMC instantly in "Lost & Found" with all info. I removed agent v.6 and installed agent v.7 on VMs. After that 2 new instances with same name appeared in "Lost & found", but without any info. I waited for 1 hour, restarted both VMs - nothing. After restarting of ESMC service they are instantly become as computers with agent v7 installed.
  • Now I migrated ~99% of computers to v7 agent, so problem with ESMC appearing every 2-3 days
Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted (edited)

From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections.

It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these.

And one more thing : gateway is some sort of router or maybe UTM ? Maybe there are some IPS profiles on policy for internal packets ?

Edited by Pinni3
Link to comment
Share on other sites
mrac

mrac 5

Posted
Posted
Just now, Pinni3 said:

From my personal experience, disabling firewall on server and clients (or only on clients) cause problems with connections. ICMP doesnt work for example. I would try to enable it on test machine + on server. Allow inbound and outbound for era services on server + client. Yeah, I know...it worked before, now its not. ESMC use persistent connections. Please try it and provide client + server logs when it drops connections.

It would be great to record network packets via wireshark (client + server). These are base information, they will help to understand where we have a problem. Is it network fail or maybe some o/s limitations etc. Try to provide these.

Disabling firewall only doing issues if you disabling service. If it disabled correctly by GPO or by network profiles - nothing wrong with it, ICMP will work, no any issues. I already sent logs and Wireshark dumps to ESET support.

Link to comment
Share on other sites
brandobot

brandobot 2

Posted
Posted (edited)

I'm getting similar issues here. A ton of machines are losing connection to ESET. The workaround has been to re-install the agent; however, the last time I did this, the machines show up in the ESET Management Center, but their status isn't a green check. It's been sitting with an empty circle for the past 2 days, modules unknown, and most last connected the same exact time the agent was reinstalled.  

 

Edited by brandobot
Link to comment
Share on other sites
jimmy09

jimmy09 2

Posted
  • Author
Posted

Just an update.  The reboot of the service every 4 hours is working well for me.  Just not a long term solution.  Hopefully it gets resolved soon.

Link to comment
Share on other sites
Andy D

Andy D 0

Posted
Posted

Hi There, 

I wonder if a permanent fix has been found for this? My client has the exact same issue.

I migrated my clients Eset RA 6.5 Appliance to a new v7 appliance and it was all ok with 6.X Agents. 

I then upgraded the agents to v7 and they all stopped checking in after a couple of days, and all stopped getting AV signature updates. So far this is effecting about 170 clients

The work around is rebooting the virtual appliance. Which is not a good look. 

Any help would be great!!!

Regards,

Andy Denley

old Engineer... 

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted

All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network).

Link to comment
Share on other sites
mrac

mrac 5

Posted
Posted
1 minute ago, Pinni3 said:

All of You guys write are results of something. There is a problem with Your console. ESMC connects in kinda different way so You all should re-analyze Your current environment (network).

Yeah, all worked fine with ERA6, now not working with  with ESMC7 (with same issues by many clients in many countries) and the problem is in our environment. L - Logic...

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted
Just now, mrac said:

Yeah, all worked fine with ERA6, now not working with  with ESMC7 (with same issues by many clients in many countries) and the problem is in our environment. L - Logic...

Mate...

https://forum.eset.com/topic/16883-solved-esmc-logs/

Read first, comment after ok ?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...