Jump to content

ERA Agent V7 issues

jimmy09
 Share

Recommended Posts

mrac

mrac 5

Posted
Posted

Ok, I read and see, that in your case the problem was with firewall settings, right? I already wrote, that have same issue in same subnet, there is no firewall or router between ESMC and clients, it is L2-level. I sent logs and Wireshark dumps to support, but answers were:

1. Try to change clients connections from every 1 minute to every 20 minutes (didn't help)

2. Change data limit from client from 100MB to 300MB (testing now, but I think i wouldn't help too).

For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...

Link to comment
Share on other sites
ludolf

ludolf 6

Posted
Posted

- here is no third party plugin

- also eraserver.exe process cpu utilization is ~50%, when the issue happens

- clients don't seem to able to connect to the server (not all, but almost all), last connected time is the same hour, minute, second

- clients don't get the modified policy on the servers, configuration tab shows "older" instead of actual (just a proof for the previous line)

- notification emails are stuck on the server, until the next service restart

Restarting the service solves all the above issues.

I have no doubt, that the problem is with the service.

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted
8 minutes ago, mrac said:

Ok, I read and see, that in your case the problem was with firewall settings, right? I already wrote, that have same issue in same subnet, there is no firewall or router between ESMC and clients, it is L2-level. I sent logs and Wireshark dumps to support, but answers were:

1. Try to change clients connections from every 1 minute to every 20 minutes (didn't help)

2. Change data limit from client from 100MB to 300MB (testing now, but I think i wouldn't help too).

For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...

Not firewall itself, but security profile. In my case, UTM was a gateway. There was IPS and Antivirus profile enabled.

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted
15 minutes ago, mrac said:

For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...

Is there any chance to launch second server, based on linux (there is VA to download) and connect some testing machines to it ? You dont need extra licence for it, as all You need is agent connection...just to make things clear

Link to comment
Share on other sites
mrac

mrac 5

Posted
Posted
3 minutes ago, Pinni3 said:

Is there any chance to launch second server, based on linux (there is VA to download) and connect some testing machines to it ? You dont need extra licence for it, as all You need is agent connection...just to make things clear

I need this server on Windows (it is VM with other services on it, like WSUS and selfservice portal, I cannot move them to Linux) and have no free resources for additional VM.

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted
1 minute ago, mrac said:

I need this server on Windows (it is VM with other services on it, like WSUS and selfservice portal, I cannot move them to Linux) and have no free resources for additional VM.

You can try to download VA and launch it on Your desktop (via virtualbox for example)...I dont know Your resources, You know them better.

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted

Am I wrong ? All of You guys use windows server right ? Maybe there is some bug, but I had similar problems. Not similar, same problems...lets call things by its name.

And one more time. I had no problems at all with version 6.5 until upgrade. I need to mention, that I noticed more bugs noone else wrote here :

  • sometimes after upgrade to era agent, computer missing info about v7 agent installed (even if its running and connects to server)
  • my virtual machine have problems with connecting when I enable vlan on host machine...

 

Link to comment
Share on other sites
jimmy09

jimmy09 2

Posted
  • Author
Posted

Most of us are in production environments that don't allow us to install ESMC on a Linux machine without going through a whole change process procedure.  The issue I'm having is not related to our firewall at all.  This is an issue with the ESMC service hanging.  We have sent logs to ESET and we are awaiting their findings.

Until then, the scheduled restart of the service has been taking care of the issue for us. 

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted

@jimmy09 I dont know how's Your env, but mine is 35+ locations and about 6k agents. So yeah, my env is production env...high scaled. I told You guys that I had SAME problems, SAME result. I was sure that there is some server problem or agent broken. It wasnt server problem....

You dont read what Im writing. My configuration was same for era 6 and ESMC ....and with era 6 I didnt had any problems at ALL. ESMC works in different way than it was in past, thats why You need to consider re-check Your environment.

Why same product works for me but not for You guys ?

Do what You want, I wasnt passive in looking after my issues. I talked with my local support and staff from here, and now Im where I'm. Im off, if someone want to look after possibly issue feel free to PM me. I will try to give my best to help.

 

Greetz

Link to comment
Share on other sites
ludolf

ludolf 6

Posted
Posted

I understand that this issue doesn't exist at you, which is good.

When I experienced this issue and restarted the service:

- the clients reported back to the server

- got the modified policy

- email notifications are sent out

Instantly.

Nothing changed, fw, configuration, etc. Only the service has been restarted.

This can be a bug in eset service or incompatibily between the OS and eset service. But I couldn't debug this, the debug log is not enough, or just don't understand some messages which could be relevant.

If I could help to solve this, I would be the happiest.

 

 

Link to comment
Share on other sites
Pinni3

Pinni3 21

Posted
Posted

This issue happend to me and I had same problems. 

- agent stoped reporting to console

- reports stop incoming

...everything was ok when I restarted server...

And When it comes to configuration There were also no changes made. Just did an upgrade. 

 

Like I said. Just pm me and I will help. Thats it

Link to comment
Share on other sites
  • 2 weeks later...
jimmy09

jimmy09 2

Posted
  • Author
Posted
3 hours ago, mrac said:

As I see,  ESET published test patch for ESMC7, fixing clients disconnects (Windows-only) here: https://support.eset.com/ca7050/?locale=en_EN&viewlocale=en_US

I have applied the patch and disabled the scheduled restart of the service.  Time will tell.

Link to comment
Share on other sites
cssinfo

cssinfo 0

Posted
Posted
On 11/1/2018 at 10:51 AM, cssinfo said:

Oh thanks guys, I didnt see this post.

 

Just applied the fix ! 

 

Will give back news as soon as possible !

 

 

So, just confirming, the patch did the trick !  Thanks ! 

Link to comment
Share on other sites
NuclearSSD

NuclearSSD 3

Posted
Posted

Might have come across another post which got me thinking!

Looks like my issue is different as the ESET itself was blocking the agent from communicating, it made initial connection then stopped! making me think it was the server, but it seems once the policy had come across, ESET then detected a change to the application and blocked the replication!

image.png.64431e28da23225d2a0dec8eb9a76432.png

Allow the communication then resolved my issue....

Adjusting my policy to exclude this from "APPLICATION MODIFICATION DETECTION", or you could turn it off..

image.png.07a4848afb3f0eedee22c7801490570f.png

Unfortunately I am having to go around and allow it first before it can update the policy :(

Credit to https://forum.eset.com/profile/20566-finams/

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Could you please check directly on the client if the following setting is actually enabled? It's enabled by default.

image.png

Since the ESMC Agent is signed, the firewall should automatically allow communication for this application.

Also check if the ESMC Agent has a valid digital signature.

Link to comment
Share on other sites
NuclearSSD

NuclearSSD 3

Posted
Posted

Yes... This has been the routed I have taken, unfortunately, this by default is not enabled in the policy, or by default install on the client so I am having to do this manually :( but getting there :) 

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...