Jump to content

Unable to send wake up call after upgrading from 6.5 to 7


Amity_Support
 Share

Recommended Posts

  • ESET Staff

ESMC is using new mechanisms for waking up AGENT. It will work only with EST Management Agent v7, and it requires connection to ESET infrastructure -> it is no longer based on local network broadcasts.

More information can be found in EPNS service documentation.

Link to comment
Share on other sites

7 часов назад, сказал Маркос:

Отправка вызова пробуждения невозможна, если не обновить агент до v7.

Do we understand correctly that without access to the eset infrastructure based on external servers, the send wake-up function does not work?Customers are not very happy with this fact, maybe we have the opportunity to use a third-party solution for this function?

Link to comment
Share on other sites

Hi, I am one of those customers.

As I said, I don't think that external servers is needed by direct access for activation, management and wake-up (otherwise, what reason for wake-up port setting?).

I think, unable activation and wake-up agents - is Endpoint/File Security and/or ERA server glitch, because web-browser correctly opens eset.com thru Apache proxy which provided on download page.

Or I don't understood Eset configuration philosophy, where settings should be different than what I think.

 

Upd: I have installed ERA 7 as new installation, not upgrade from previous version.

Edited by Sky172
Update
Link to comment
Share on other sites

Some strings from provided Apache error.log:

[Thu Sep 06 09:34:43.720495 2018] [proxy:error] [pid 1332:tid 12468] (OS 10060)Попытка установить соединение была безуспешной, т.к. от другого компьютера за требуемое время не получен нужный отклик, или было разорвано уже установленное соединение из-за неверного отклика уже подключенного компьютера.  : AH00957: HTTP: attempt to connect to 91.228.167.133:80 (*) failed
[Thu Sep 06 09:34:43.720495 2018] [proxy_http:error] [pid 1332:tid 12468] [client 192.168.151.3:52988] AH01114: HTTP: failed to make connection to backend: update.eset.com

But browser is able to open it thru HTTP - this page asks for login and password. Thru HTTPS is unable - browser says "Connection..." and after some time - "Can't connect to update.eset.com. Timeout".

update.eset.com resolved as updf5.wip.eset.com [91.228.167.133].

Link to comment
Share on other sites

Yea, but our local support invited  me to join the discussion in this topic, saying earlier, that activation is needed continuous direct connection (without any proxy, etc.) to Eset servers in Internet. At this time nobody has confirmed or denied this. Otherwise, as I said in previous post, it should be glitch of Endpoint/File Security, and want info how resolve it. So I wrote a messages from logs here.

Upd:

4 minutes ago, Marcos said:

Both the ESMC Server and Agent must be able to connect to epns.eset.com on port 8883. Is that condition fulfilled?

Okay, now I shall know. Should be connected? What the reason for agent connection to epns.eset.com, if ERA server exists here? And what purpose of Apache proxy in ERA 7 installation? Some of our computers placed in other restricted network segment and shouldn't have any access to Internet. And what if our Internet connection will be broken for some time?

Link to comment
Share on other sites

  • Administrators

Currently there is no no way to send a wake-up call to offline computers. We will consider and most likely come up with a solution since we fully understand your needs but currently it is not possible.

Link to comment
Share on other sites

1 minute ago, Marcos said:

Currently there is no no way to send a wake-up call to offline computers. We will consider and most likely come up with a solution since we fully understand your needs but currently it is not possible.

Hmm, I thought make agent listen port on local machine is much easier and faster, than build datacenter for serve agent for whole world.

And second part of of question - why Endpoint/File Security couldn't activated and updated thru Apache proxy? As I said, some of our computers don't have access to Internet. What should we do in this case?

Link to comment
Share on other sites

  • ESET Moderators

Hello @Sky172,

Endpoints and the products for Windows servers as well can be updated and activated as well via the proxy.

When it comes to updates it is moreover recommended as it caches the update data files.

Only the wake up calls cannot get through proxy.

Regards, P.R.

Link to comment
Share on other sites

57 minutes ago, Peter Randziak said:

Hello @Sky172,

Endpoints and the products for Windows servers as well can be updated and activated as well via the proxy.

When it comes to updates it is moreover recommended as it caches the update data files.

Only the wake up calls cannot get through proxy.

Regards, P.R.

No. Until I let one of machines with File Security directly to Internet, it couldn't be activated. With Endpoint too. And with directly access to Internet for both Server and Agent wake up is unable. Employee of local ESET tech support was see it, when I showed him this issue. He invited me here.

Link to comment
Share on other sites

1 hour ago, Marcos said:

Currently there is no no way to send a wake-up call to offline computers. We will consider and most likely come up with a solution since we fully understand your needs but currently it is not possible.

The Problem of wake up call via epns server is that if internet connection is down for 2 to 4 hours  then we can't send wake-up call for local computer.

Link to comment
Share on other sites

It sounds like let's deliver parcels from Moscow to Warsaw through Rio de Janeiro. Facepalm. Excuse me.

How shortly we can wait for direct wake up implementation?

P. S. And problem of unable wake up Agent which have direct access to Internet is still have. Agent 7.0.553.0, ERA server 7.0.553.0, Web-console 7.0.413.0. Clear installation, not update.

 

Upd. Brothers and sisters! Our prayers were heard! Wake up thru epsn.eset.com (holy, holy) begin works. It seems to be.

Edited by Sky172
Link to comment
Share on other sites

  • ESET Moderators
17 hours ago, Sky172 said:

No. Until I let one of machines with File Security directly to Internet, it couldn't be activated. With Endpoint too. And with directly access to Internet for both Server and Agent wake up is unable. Employee of local ESET tech support was see it, when I showed him this issue. He invited me here.

Please check if the addresses required for activation are accessible via the proxy https://support.eset.com/kb332/?locale=en_EN 

Link to comment
Share on other sites

I've checked addresses on those page thru Apache proxy (preconfigured, by ESET provided) and directly. Results is same:

um10.za.eset.com -> no dns record. Google's dns agrees with it too.

download.eset.com  ->  www.eset.com
dlm1.eset.com -> no dns record
dlm2.eset.com -> no dns record
dlm3.eset.com -> no dns record
dlm4.eset.com -> www.eset.com
dlm5.eset.com -> www.eset.com
dlm6.eset.com -> www.eset.com

expire.eset.com -> 403 forbidden

subreq.eset.eu -> no dns

um01.eset.com to um01.cn.eset.com asks for login/pass

esa.eset.com -> esa.eset.com

m.esa.eset.com -> esa.eset.com

All ESET Live greed addresses -> 400 Bad request.

List "Domains used by ESET Live Grid" - most of them  400 bad request or 403 forbidden.

 

Apparently, not everything is good in the state of Denmark. And I even guess who should fix it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...