Jump to content

Archived

This topic is now archived and is closed to further replies.

jimmy09

ERA Agent V7 issues

Recommended Posts

Ok, I read and see, that in your case the problem was with firewall settings, right? I already wrote, that have same issue in same subnet, there is no firewall or router between ESMC and clients, it is L2-level. I sent logs and Wireshark dumps to support, but answers were:

1. Try to change clients connections from every 1 minute to every 20 minutes (didn't help)

2. Change data limit from client from 100MB to 300MB (testing now, but I think i wouldn't help too).

For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...

Share this post


Link to post
Share on other sites

- here is no third party plugin

- also eraserver.exe process cpu utilization is ~50%, when the issue happens

- clients don't seem to able to connect to the server (not all, but almost all), last connected time is the same hour, minute, second

- clients don't get the modified policy on the servers, configuration tab shows "older" instead of actual (just a proof for the previous line)

- notification emails are stuck on the server, until the next service restart

Restarting the service solves all the above issues.

I have no doubt, that the problem is with the service.

Share this post


Link to post
Share on other sites
8 minutes ago, mrac said:

Ok, I read and see, that in your case the problem was with firewall settings, right? I already wrote, that have same issue in same subnet, there is no firewall or router between ESMC and clients, it is L2-level. I sent logs and Wireshark dumps to support, but answers were:

1. Try to change clients connections from every 1 minute to every 20 minutes (didn't help)

2. Change data limit from client from 100MB to 300MB (testing now, but I think i wouldn't help too).

For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...

Not firewall itself, but security profile. In my case, UTM was a gateway. There was IPS and Antivirus profile enabled.

Share this post


Link to post
Share on other sites
15 minutes ago, mrac said:

For me it looks like all issues with ESMC appearing in same time (clients stop connecting, client tasks stop working, scheduled tasks stop working too), after 2-3 days of work and it looks like some internal ESMC component crashing...

Is there any chance to launch second server, based on linux (there is VA to download) and connect some testing machines to it ? You dont need extra licence for it, as all You need is agent connection...just to make things clear

Share this post


Link to post
Share on other sites
3 minutes ago, Pinni3 said:

Is there any chance to launch second server, based on linux (there is VA to download) and connect some testing machines to it ? You dont need extra licence for it, as all You need is agent connection...just to make things clear

I need this server on Windows (it is VM with other services on it, like WSUS and selfservice portal, I cannot move them to Linux) and have no free resources for additional VM.

Share this post


Link to post
Share on other sites
1 minute ago, mrac said:

I need this server on Windows (it is VM with other services on it, like WSUS and selfservice portal, I cannot move them to Linux) and have no free resources for additional VM.

You can try to download VA and launch it on Your desktop (via virtualbox for example)...I dont know Your resources, You know them better.

Share this post


Link to post
Share on other sites

Am I wrong ? All of You guys use windows server right ? Maybe there is some bug, but I had similar problems. Not similar, same problems...lets call things by its name.

And one more time. I had no problems at all with version 6.5 until upgrade. I need to mention, that I noticed more bugs noone else wrote here :

  • sometimes after upgrade to era agent, computer missing info about v7 agent installed (even if its running and connects to server)
  • my virtual machine have problems with connecting when I enable vlan on host machine...

 

Share this post


Link to post
Share on other sites

Most of us are in production environments that don't allow us to install ESMC on a Linux machine without going through a whole change process procedure.  The issue I'm having is not related to our firewall at all.  This is an issue with the ESMC service hanging.  We have sent logs to ESET and we are awaiting their findings.

Until then, the scheduled restart of the service has been taking care of the issue for us. 

Share this post


Link to post
Share on other sites

@jimmy09 I dont know how's Your env, but mine is 35+ locations and about 6k agents. So yeah, my env is production env...high scaled. I told You guys that I had SAME problems, SAME result. I was sure that there is some server problem or agent broken. It wasnt server problem....

You dont read what Im writing. My configuration was same for era 6 and ESMC ....and with era 6 I didnt had any problems at ALL. ESMC works in different way than it was in past, thats why You need to consider re-check Your environment.

Why same product works for me but not for You guys ?

Do what You want, I wasnt passive in looking after my issues. I talked with my local support and staff from here, and now Im where I'm. Im off, if someone want to look after possibly issue feel free to PM me. I will try to give my best to help.

 

Greetz

Share this post


Link to post
Share on other sites

I understand that this issue doesn't exist at you, which is good.

When I experienced this issue and restarted the service:

- the clients reported back to the server

- got the modified policy

- email notifications are sent out

Instantly.

Nothing changed, fw, configuration, etc. Only the service has been restarted.

This can be a bug in eset service or incompatibily between the OS and eset service. But I couldn't debug this, the debug log is not enough, or just don't understand some messages which could be relevant.

If I could help to solve this, I would be the happiest.

 

 

Share this post


Link to post
Share on other sites

This issue happend to me and I had same problems. 

- agent stoped reporting to console

- reports stop incoming

...everything was ok when I restarted server...

And When it comes to configuration There were also no changes made. Just did an upgrade. 

 

Like I said. Just pm me and I will help. Thats it

Share this post


Link to post
Share on other sites

Oh thanks guys, I didnt see this post.

 

Just applied the fix ! 

 

Will give back news as soon as possible !

 

 

Share this post


Link to post
Share on other sites

Did anyone resolve this issue? My customer is using the VA (CentOS). Is there a fix for it, as well? 

Share this post


Link to post
Share on other sites
On 11/1/2018 at 10:51 AM, cssinfo said:

Oh thanks guys, I didnt see this post.

 

Just applied the fix ! 

 

Will give back news as soon as possible !

 

 

So, just confirming, the patch did the trick !  Thanks ! 

Share this post


Link to post
Share on other sites

Yes, patch helped me too with clients disconnects. But issue with non-working scheduled tasks still present.

Share this post


Link to post
Share on other sites

Might have come across another post which got me thinking!

Looks like my issue is different as the ESET itself was blocking the agent from communicating, it made initial connection then stopped! making me think it was the server, but it seems once the policy had come across, ESET then detected a change to the application and blocked the replication!

image.png.64431e28da23225d2a0dec8eb9a76432.png

Allow the communication then resolved my issue....

Adjusting my policy to exclude this from "APPLICATION MODIFICATION DETECTION", or you could turn it off..

image.png.07a4848afb3f0eedee22c7801490570f.png

Unfortunately I am having to go around and allow it first before it can update the policy :(

Credit to https://forum.eset.com/profile/20566-finams/

Share this post


Link to post
Share on other sites

Could you please check directly on the client if the following setting is actually enabled? It's enabled by default.

image.png

Since the ESMC Agent is signed, the firewall should automatically allow communication for this application.

Also check if the ESMC Agent has a valid digital signature.

Share this post


Link to post
Share on other sites

Yes... This has been the routed I have taken, unfortunately, this by default is not enabled in the policy, or by default install on the client so I am having to do this manually :( but getting there :) 

 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...