[SOLVED] ESMC logs

[Pinni3 21]

Hey guys.

I started new thread as I want to read as many stuff members as possible. As You know, there are some bugs I have in new ESMC server. Yesterday I migrated my db to official VA as I wanted to eliminate possible errors caused by server configuration and I see errors. There was a topic in past and fix but I guess it will not work for newer version

2018-09-19 10:35:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:35:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:35:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:35:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:35:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:36:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:36:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:36:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:36:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:36:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:36:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:37:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:37:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:37:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:37:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:37:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:37:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:38:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:38:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:38:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:38:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:38:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:38:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:39:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:39:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:39:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:39:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:39:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:39:54 Warning: CReplicationModule [Thread 7f241aff5700]: VerifyDeviceAuthenticationToken: Verification of authentication token: d90bdec23e0594d31cb26cf70e2a3759b8cf22cbd34d4c5e64501dd6ceca4658 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-19 10:39:54 Warning: CReplicationModule [Thread 7f241aff5700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-19 10:39:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:40:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:40:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:40:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:40:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:40:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:40:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:41:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:41:19 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:41:29 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:41:39 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:41:49 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:41:59 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor
2018-09-19 10:42:09 Error: NetworkModule [Thread 7f2472ffd700]: remote_endpoint: Bad file descriptor

 

older topic :

 

https://forum.eset.com/topic/8196-server-dies-regularly-with-remote_endpoint-bad-file-descriptor/

Edited October 2, 2018 by Pinni3

[Marcos 5,072]

Do you use a 3rd party plug-in for the ESMC server, e.g. ConnectWise?

 

[MartinK 378]

Could you please check how many open files / sockets has ESMC service, using command:

lsof | grep ERAServer | wc -l

executed in appliance terminal? If number will be somewhere near ~1024, could you please also provide number of AGENT connecting to this appliance? Is there any functionality problem reported by ESMC in console?

We have recently identified problem with socket limits in appliance to be too low for new AGENTs that are using persistent connections. If previous command was reaching ~1024, please execute following command:

echo -e "*\tsoft\tnofile\t65535\n*\thard\tnofile\t65535" > /etc/security/limits.d/50-nofile.conf

and restart ESMC (I would recommend to reboot whole appliance). It will increase problematic socket limits.

[Pinni3 21]

15 hours ago, Marcos said:

Do you use a 3rd party plug-in for the ESMC server, e.g. ConnectWise?

 

No, Im not using any 3rd party plugins

[Pinni3 21]

10 hours ago, MartinK said:

We have recently identified problem with socket limits in appliance to be too low for new AGENTs that are using persistent connections. If previous command was reaching ~1024, please execute following command:

I have 21376, doing :

10 hours ago, MartinK said:

echo -e "*\tsoft\tnofile\t65535\n*\thard\tnofile\t65535" > /etc/security/limits.d/50-nofile.conf

and gonna see what happens

[Pinni3 21]

10 hours ago, MartinK said:

could you please also provide number of AGENT connecting to this appliance?

about 6k agents

[Pinni3 21]

For now, I get only these logs :

2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: VerifyDeviceAuthenticationToken: Verification of authentication token: c462a2a472d73d8f8ebd45f0e56ccbfa3f3ac33e1110177609e0bd148a1732ab failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: VerifyDeviceAuthenticationToken: Verification of authentication token: af5473e412308c5e4ab465953eab18b400c3f34593bc8fa90c673ab99f36019d failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: a37ada7cccc1fe3fef1401151cfa61d8c1d95a627d21b7622e69b56562de9288 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:42:38 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 3c500c3bce37ce091a72355aa23c0cd919b03d61ac8d033dab0c239ea175cdd3 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=

 

[Pinni3 21]

same thing

2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: VerifyDeviceAuthenticationToken: Verification of authentication token: c462a2a472d73d8f8ebd45f0e56ccbfa3f3ac33e1110177609e0bd148a1732ab failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:37:56 Warning: CReplicationModule [Thread 7fe21dffb700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: VerifyDeviceAuthenticationToken: Verification of authentication token: af5473e412308c5e4ab465953eab18b400c3f34593bc8fa90c673ab99f36019d failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:38:45 Warning: CReplicationModule [Thread 7fe21effd700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: a37ada7cccc1fe3fef1401151cfa61d8c1d95a627d21b7622e69b56562de9288 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:41:45 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:42:38 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 3c500c3bce37ce091a72355aa23c0cd919b03d61ac8d033dab0c239ea175cdd3 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:42:38 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:46:42 Warning: CReplicationModule [Thread 7fe21e7fc700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 550d605402fe38047a1bc5ef03384f37019e66b51516ea2cbcd773a313c62e3f failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:46:42 Warning: CReplicationModule [Thread 7fe21e7fc700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:56:28 Error: CServerSecurityModule [Thread 7fe321147700]: AuthenticateNativeUser: Native user login failed
2018-09-20 05:57:23 Warning: CReplicationModule [Thread 7fe1ff7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 1566a582c0272be8e37182411f2423d2d9dd4a6b54d3935d9eedf2f94aaf7592 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:57:23 Warning: CReplicationModule [Thread 7fe1ff7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 05:57:55 Warning: CReplicationModule [Thread 7fe21effd700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 7f19bc999928c3c73993c564f41db5acb3b5db1614b1bbf20480083eb0cf54a5 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 05:57:55 Warning: CReplicationModule [Thread 7fe21effd700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 06:00:30 Warning: CReplicationModule [Thread 7fe21f7fe700]: VerifyDeviceAuthenticationToken: Verification of authentication token: c42f159c5918a189f79ddc0e63b77bf0b07b8ccc24379a614ae967f675f816b0 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 06:00:30 Warning: CReplicationModule [Thread 7fe21f7fe700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 06:00:44 Warning: CReplicationModule [Thread 7fe21e7fc700]: VerifyDeviceAuthenticationToken: Verification of authentication token: f1a8277e3f32df60d53d26e9b7f3ea220b2842419af22140c0ff83a0b3670472 failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 06:00:44 Warning: CReplicationModule [Thread 7fe21e7fc700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 06:01:30 Warning: CReplicationModule [Thread 7fe1fffff700]: VerifyDeviceAuthenticationToken: Verification of authentication token: 6de5da063bddaecccd1f7bf65440a0fbee937bb0b94cfd696fdedb774f9d21db failed (error_code=INVALID_TOKEN, status=TOKEN_EXPIRED, msg=
2018-09-20 06:01:30 Warning: CReplicationModule [Thread 7fe1fffff700]: RpcCheckReplicationConsistencyHandler: Token validation failure
2018-09-20 06:12:47 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:12:48 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:12:50 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:12:53 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:12:57 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:08 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:15 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:23 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:42 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:13:52 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:14:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:14:12 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:14:22 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:14:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:14:42 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:14:52 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:15:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:15:12 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:15:22 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:15:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:15:42 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:15:52 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:16:02 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:16:12 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:16:22 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor
2018-09-20 06:16:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor

 

[Pinni3 21]

just checked out my server and :

# odbcinst -q -d
[PostgreSQL]
[MySQL ODBC 8.0 Unicode Driver]
[MySQL ODBC 8.0 ANSI Driver]

I will try to downgrade that driver...

[Pinni3 21]

So I played with my.conf a bit as it was set up at lowest possibly values, and changed it to
 

Quote

innodb_log_file_size=200MB
innodb_log_files_in_group=100

and now I dont have that error ..., gonna watch it and if problem will showup again I will try to downgrade odbc driver (current repo's of centOS dont have 5.3 build)

 

EDIT: Same sh#t going.... gonna try to downgrade that driver.

EDIT2: current build of centOS doesnt have older versions of odbc drivers at all. Manual downgrade stops caused by dependencies

Edited September 20, 2018 by Pinni3
note

[Pinni3 21]

anyone will comment on VA situation ?

[Pinni3 21]

No comments....

As I was huge ERA supporter, Im so disappointed with new version of product. ESMC have so much bugs that it shouldn't be ever released in that state. I really cant understand what happend that these kind of product was released as a official stable release.

• Dynamic groups not always work, You need to often do negative conditions to get things work
• computers show that they are part of dynamic groups even if those dynamic groups are under different static groups
• agent upgrade leave old info about era agent
• agent upgrade but there is no info about agent on this computer at all
• virtual appliance is preinstalled with components You guys dont support
• there is no option to enable/disable new push mechanism. Maybe I dont want it ? I dont have any choice..
• Console hangs and rejects agents synchronization, dont make scheduled reports untill its restarted...etc

Guys, this is early alpha product, not completed product for managing computer security. There is no complete kB with error, agent status....NOTHING. There is also no info about http proxy dont support credentials : NOTHING. Im really pissed, because I dont know how to handle situation, and please dont tell me Im the only one with problem. Problem with console is real. I put that topic as a warning for other users that belived You and wanted to keep his managing server updated. DONT DO THAT. Keep console in version 6.x as version 7 is pure .

 

At this moment Im thinking about downgrade, but for sure it isnt possible....

[MichalJ 434]

Hello @Pinni3

First of all, let me apologize for the issues you are having. I will try to comment to individual points, that you have mentioned:

1. We are not aware DGs are not working. Can you please report specific examples of the conditions that are not working the way you expect? Many dynamic group conditions / expressions are non-trivial and there might be quite basic syntax error. We are eager to understand the problem, and provide either change of the behavior of guidance / explanation.
2. This is an issue that you have identified, we have fixed it and it will be addressed in the next service release which we are preparing as of now.
3. This is a known issue, we will address it in the upcoming service release
4. I do not have enough information about this. Have you reported it here on forum, or created a customer care ticket? Do you mean, that old registry entries are removed, however new are not correctly added, therefore agent things there is no agent (as the information about installed software is extracted via WMI).
5. With regards to the "appliance being distributed with components we do not support" I assume you are referring to the ODBC driver, as mentioned above, correct? However, without initial update, the appliance should contain the correct driver (at least to my knowledge).
6. This is correct. Old wake-up-call functionality was replaced by the EPNS. EPNS was created due to our "journey to the cloud" and upcoming release of ECA, where we need to have mechanism that will work also in cases when ESMC / ECA is located completely off premises of the customers. We will examine options whether it would be possible to have both functionalities.
7. This issue is under investigation. The best would be to report it via official customer care request to your local distributor, as we are still lacking proper data / dumps that would allows us to determine the root cause of the hanged connections. Console do not hang, issue is caused by the new replication protocol, which uses GRPC and permanent connections, which do hang under specific conditions (might be related to the fact that you are using a VMware Appliance, but as mentioned above, we are still investigating this issue, and we will do our best to address this in the upcoming service release). 

You have mentioned that there is no complete KB? Can you please be more specific? Information about HTTP proxy not supporting authentication for agent-server communication forwarding is listed in the documentation (we will also remove the redundant fields, which were kept there by re-using configuration components).  https://help.eset.com/esmc_install/70/en-US/upgrade_infrastructure_proxy.html

 

We do have many customers, that have upgraded to V7 without issues. ESET internally runs the V7 for months, far before the beta (that you was part of) started. We are monitoring the forums / support and are working hard, to resolve any real-life issues, that are reported by customers.

In case you have already upgraded to V7, downgrade is possible, but will be painful, as V7 agent is not able to talk to V6.5 server. You will have to remove older agents, and basically redeploy the 6.5 agents, as 7.0=>6.5 "downgrade" is not supported (MSI will recognize there is a newer version and would quit itself).

 

Last but not least, the absence of the response here is, that @MartinK is currently out of the office. I would encourage you to contact your local support, as that´s the proper way of addressing problems you might have with the software.

 

Regardless the issues, I do look forward talking to you later today.

Michal

 

[bbahes 29]

On 9/21/2018 at 9:58 AM, MichalJ said:

Hello @Pinni3

First of all, let me apologize for the issues you are having. I will try to comment to individual points, that you have mentioned:

1. We are not aware DGs are not working. Can you please report specific examples of the conditions that are not working the way you expect? Many dynamic group conditions / expressions are non-trivial and there might be quite basic syntax error. We are eager to understand the problem, and provide either change of the behavior of guidance / explanation.
2. This is an issue that you have identified, we have fixed it and it will be addressed in the next service release which we are preparing as of now.
3. This is a known issue, we will address it in the upcoming service release
4. I do not have enough information about this. Have you reported it here on forum, or created a customer care ticket? Do you mean, that old registry entries are removed, however new are not correctly added, therefore agent things there is no agent (as the information about installed software is extracted via WMI).
5. With regards to the "appliance being distributed with components we do not support" I assume you are referring to the ODBC driver, as mentioned above, correct? However, without initial update, the appliance should contain the correct driver (at least to my knowledge).
6. This is correct. Old wake-up-call functionality was replaced by the EPNS. EPNS was created due to our "journey to the cloud" and upcoming release of ECA, where we need to have mechanism that will work also in cases when ESMC / ECA is located completely off premises of the customers. We will examine options whether it would be possible to have both functionalities.
7. This issue is under investigation. The best would be to report it via official customer care request to your local distributor, as we are still lacking proper data / dumps that would allows us to determine the root cause of the hanged connections. Console do not hang, issue is caused by the new replication protocol, which uses GRPC and permanent connections, which do hang under specific conditions (might be related to the fact that you are using a VMware Appliance, but as mentioned above, we are still investigating this issue, and we will do our best to address this in the upcoming service release). 

You have mentioned that there is no complete KB? Can you please be more specific? Information about HTTP proxy not supporting authentication for agent-server communication forwarding is listed in the documentation (we will also remove the redundant fields, which were kept there by re-using configuration components).  https://help.eset.com/esmc_install/70/en-US/upgrade_infrastructure_proxy.html

 

We do have many customers, that have upgraded to V7 without issues. ESET internally runs the V7 for months, far before the beta (that you was part of) started. We are monitoring the forums / support and are working hard, to resolve any real-life issues, that are reported by customers.

In case you have already upgraded to V7, downgrade is possible, but will be painful, as V7 agent is not able to talk to V6.5 server. You will have to remove older agents, and basically redeploy the 6.5 agents, as 7.0=>6.5 "downgrade" is not supported (MSI will recognize there is a newer version and would quit itself).

 

Last but not least, the absence of the response here is, that @MartinK is currently out of the office. I would encourage you to contact your local support, as that´s the proper way of addressing problems you might have with the software.

 

Regardless the issues, I do look forward talking to you later today.

Michal

 

 

Hi!

Regarding "upcoming service release" do you have public information (web site, release note notification subscription) on these intervals that you share for customers?

For example:

1. By the end of each month service release for endpoint products
2. By the end of each quarter (Q1/2018, Q2/2018, Q3/2018, Q4/2018) service release for management products
(I'm thinking maybe endpoint products need to be prepared for changes for service update of management products)
3. Every six months feature update for management products
etc...
 

I know you have monthly Customer Advisories that you send by e-mail, but It seems to me that this is only informative. Correct me if I'm wrong, you send this newsletter month after changes have been already pushed to users?
For example, https://support.eset.com/ca7027 Modules Review for August 2018. was released on September 18.

 

[Marcos 5,072]

We do not share information about preliminary plans, only if a release date has been set. In individual cases we may say that a fix for a specific issue will be addressed in version XY which is preliminary planned for Q1/2019, however.

As for CA regarding module updates, we release them once a month, ie. it's a soft of digest that includes changes in modules released in the previous month.

[MartinK 378]

On 9/20/2018 at 8:17 AM, Pinni3 said:

same thing
2018-09-20 06:16:32 Error: NetworkModule [Thread 7fe2da7fc700]: remote_endpoint: Bad file descriptor

Please send me whole output of lsof for verification (via PM).

Also are there any visible problems with these errors? AGENT are not connecting? Error actually means that connection from AGENT was closed unexpectedly - this might be related also to firewalls dropping inactive connections -> what is AGENT connection interval? And are there any firewalls between AGENTs and ESMC that might be dropping inactive connections? This is mostly done by enterprise-grade firewalls after longer time (30 minutes, 1 hour, depending on configuration).

[Pinni3 21]

2 hours ago, MartinK said:

Please send me whole output of lsof for verification (via PM).

Also are there any visible problems with these errors? AGENT are not connecting? Error actually means that connection from AGENT was closed unexpectedly - this might be related also to firewalls dropping inactive connections -> what is AGENT connection interval? And are there any firewalls between AGENTs and ESMC that might be dropping inactive connections? This is mostly done by enterprise-grade firewalls after longer time (30 minutes, 1 hour, depending on configuration).

You have PM

Agent's stop connecting, agent connection interval is 20 minutes. I think its not firewall causing problems but I wont be sure...

but check that output :

# lsof | grep ERAServer | wc -l
90355

 

[Pinni3 21]

@MartinK Also there are firewalls. I have plenty of networks, quite large networks. Default firewall config show that ttl of session is 3600 seconds...

Edited September 24, 2018 by Pinni3

[Pinni3 21]

Looks like my problem is solved. Writing this as I want to clear things. Problem was caused by security profiles on UTM. Now everything works nice. Thank You ESET Crew for any help and Your private time You gaved me, I really appreciate it.

[bbahes 29]

38 minutes ago, Pinni3 said:

Looks like my problem is solved. Writing this as I want to clear things. Problem was caused by security profiles on UTM. Now everything works nice. Thank You ESET Crew for any help and Your private time You gaved me, I really appreciate it.

Thanks for sharing info. Out of curiosity, did you investigate UTM logs for this issue or used packet capture tool on server and client?

[Pinni3 21]

5 hours ago, bbahes said:

used packet capture tool on server and client

I used wireshark on client side and tcpdump on server side. Everyone was investigated in looking into my problem.