Jump to content
FinAms

Agent v7.x not connecting to ESMC server

Recommended Posts

Hi all,

Recently, we have upgraded Eset Remote Administrator 6.5 to Eset Security Management Center 7.
Everything works fine, old Eset Remote Administrator Agents 6.X are connecting succesfully to ESMC.

However, when we are upgrading the agents to Eset Security Management Agent 7.X, the client could not connect to the server.
See attached screenshot for the status log details.

As suggested in other topics, I have restarted the ESMC server several times and reinstalled the Agent. Unfortunately, this does not resolve the issue.

Policies and proxy are created as described in https://support.eset.com/kb6750/?locale=en_US&viewlocale=en_US
A username and password are not set in HTTP Apache Proxy.


Anyone have the solution for this issue?308773861_Statuslog.thumb.jpg.2c0f4151d88524ed5b4f894139b46fea.jpg

Edited by FinAms
Wrong spelling

Share this post


Link to post
Share on other sites

Relevant error in this case is "Connect failed" which indicates problem with network connectivity -> could you verify there is no firewall blocking access? Or is AGENT correctly configured in terms of ESMC visibility. HTTP Proxy is not set, is it correct and AGENT should reach ESMC directly? Is OS where ESMC is running capable of holding TCP connection for all connecting clients? This might be problem especially on desktop operating systems. Only this specific client has problem, or no AGENT is able to connect?

If there will be no obvious reason why it does not work, please capture network traffic on client using tcpdump/wireshark so that it can be verified.

Share this post


Link to post
Share on other sites
On 10/11/2018 at 2:01 PM, MartinK said:

Relevant error in this case is "Connect failed" which indicates problem with network connectivity -> could you verify there is no firewall blocking access? Or is AGENT correctly configured in terms of ESMC visibility. HTTP Proxy is not set, is it correct and AGENT should reach ESMC directly? Is OS where ESMC is running capable of holding TCP connection for all connecting clients? This might be problem especially on desktop operating systems. Only this specific client has problem, or no AGENT is able to connect?

If there will be no obvious reason why it does not work, please capture network traffic on client using tcpdump/wireshark so that it can be verified.

We are testing the new agent on three clients now. None of these clients is connecting to ESMC.
Old agent 6.5 can connect successfully.

No firewall is blocking the used ports.
ESMC holds TCP connection, as the old client agents are still connected.

We are using HTTP Apache Proxy and the http.conf is configured according to the manuals on ESET.
The existing file used for 6.5 is used an a line is added:

#Allow connection to my ESMC Server machine
<ProxyMatch ^(Hotname(:[0-9]+)?(\/.*)?|IPAddress(:[0-9]+)?(\/.*)?)$>

Allow from all

</ProxyMatch>

AllowCONNECT 443 563 2222
 

An 'ESET Management Agent' policy has been applied with the settings:

Connection
Servers to connect to
Ip Address of the ESMC / Apache Proxy server
Port 2222
Not sure if this is really needed

Advanced Settings
- Proxy Configuration Type: Different Proxy Per Service
- Replication (to ESMC Server)
* Use Proxy server
* Host: IP of ESMC / HTTP Apache Proxy server
* Port: 3128
* Username and Password not configured
- ESET services (updates, packages, telemetry...)
* Use Proxy server
* Host: hostname of ESMC / HTTP Apache Proxy server
* Port: 3128
* Username and Password not configured

There is also an 'ESET Endpoint for Windows' policy applied with the settings:

Use Proxy server
* Proxy server: hostname of ESMC / HTTP Apache Proxy server
* Port: 3128

I am not sure why the text next to the scope 'Last Authentication' in the status.html report says "........... port 2222 with proxy set as: Proxy: Connection: :3128.
As you already suggests, it looks like there is not proxy configured.

You have any idea what causes this issue?
If it is related to the configuration of HTTP Apache Proxy, perhaps you can provide me with an example of the 'http.conf' file?

Share this post


Link to post
Share on other sites

Could you please check, that "Proxy configuration type" is explicitly marked as "apply". In case it is not applied, client will be using default value, which might be different, which might result in fact that your configuration is ignored.

Has this AGENT connected before? Or it has never connected, and thus it has not applied any policies?

Also there is Diagnostic.exe helper tool located in program files of AGENT and it can be used to extract AGENTs configuration - could you please check it contains HTTP proxy configuration?

Share this post


Link to post
Share on other sites
2 hours ago, MartinK said:

Could you please check, that "Proxy configuration type" is explicitly marked as "apply". In case it is not applied, client will be using default value, which might be different, which might result in fact that your configuration is ignored.

Has this AGENT connected before? Or it has never connected, and thus it has not applied any policies?

Also there is Diagnostic.exe helper tool located in program files of AGENT and it can be used to extract AGENTs configuration - could you please check it contains HTTP proxy configuration?

Could you specify where I need to check that "Proxy configuration type" is marked as "apply"? Do you mean forcing the policy setting?
Attached the configuration file that was collected with the diagnostic.exe

configuration.txt

In this file the actual hostname is replaced with <HOSTNAME>.

The line
{"ce_val":"1","ce_flg":"2"}},"proxy_configuration_type":
does not have a configuration, so it could be right that there is no setting applied.

 

EDIT:

It seems that HTTP Proxy was not enabled.
I have enabled "Use Proxy server" under Admin > Server Settings > Advanced Settings.
The status.html is slightly different.
Also the configuration file (configuration_new.txt) does contain more information.
The actual IP address of the hostname is replaced by <IP HOSTNAME>


configuration_new.txt

Status log.jpg

Edited by FinAms

Share this post


Link to post
Share on other sites

From exported configuration you provided we can see that HTTP proxy is set, but only for ESET services, i.e. it will be used only for downloading updates, installers, activation, etc., but not for so called "replication" which is how we call communication between AGENT and ESMC/ERA.

In order to resolve this issue, you have technically two possibilities:

  1. Use the same HTTP proxy for both ESET services and also for AGENT connection to ESMC. In such case, you can use "Global Proxy" configuration type, and add proxy settings to "Global Proxy". Make sure that both proxy parameter and "Proxy Configuration Type" field are applied (= full dot on left pane). Policy should look like this:image.png
  2. Use separate HTTP proxy configuration, or not use HTTP proxy for ESET services, just for AGENT to ESMC communication. In such case, configuration can look like this:image.png

In both case, you have to properly set specific hostname/port values for selected profiles, i.e. use "Edit".

Share this post


Link to post
Share on other sites

@MartinK,

EDIT:

A found the solution by comparing the policies within ESET ESMC and another restart of the server.

Still one problem as the ESET firewall seems to blocking some traffic.
After installing the agent, I receive the same errors in the status.html report.
When pausing the firewall (allow all traffic), the agent will successfully connect to ESMC.

Edited by FinAms

Share this post


Link to post
Share on other sites
On 10/15/2018 at 12:35 PM, FinAms said:

@MartinK,

EDIT:

A found the solution by comparing the policies within ESET ESMC and another restart of the server.

Still one problem as the ESET firewall seems to blocking some traffic.
After installing the agent, I receive the same errors in the status.html report.
When pausing the firewall (allow all traffic), the agent will successfully connect to ESMC.

Found the solution by disabling the option "Enable detection of application modification" within the Firewall settings.

 

2018-10-17 13_59_15-Advanced setup - ESET Endpoint Security.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×