Jump to content

Archived

This topic is now archived and is closed to further replies.

ewong

Product Activation w/ task set in ESMC

Recommended Posts

I'm completely befuddled as to why the Product Activation process on the ESMC.  Having created a new ClientActivationProduct task to activate the product on my system, I set it up and have it run ASAP.   However, after a bit, it would say "Task Failed" with no errors and other messages.  I looked at the event viewer on my local system and couldn't find anything corresponding to the attempt.  In hindsight, since it's a 'network' thing, I doubt it would have anything to do with the activation.  

I can ping the activation server from my system, so the next thing I'm looking at is the firewall.

I can manually activate the product, but I don't think it is a viable option for anything other than my system and it defeats the purpose of having a Product Activation task.

So what I'd like to know is how I can troubleshoot why the task failed?   With all due respect, "Task failed" is not helpful at all.

Thanks

Edmund

Share this post


Link to post
Share on other sites

Actually, I think I might know what might be the problem (though I don't know how to solve it yet).

How did I install the ESMC agent/av on the systems?  via GPO policies (+ install_config.ini),  though I'm not entirely sure *if* the installation actually read the install_config.ini. (Does anyone know a way to find if it picks it up?)

So what I *think* is happening is that while the Agent + AV is installed,  it isn't picking up the install_config.ini and ergo, it's trying to connect to no where to activate the product.

Edmund

 

Share this post


Link to post
Share on other sites

I was incorrect in my assumption that it didn't pick up the install_config.ini file.  It did.  I basically went into the Agent logs and discovered the following lines:

 

2018-12-17 02:21:47 Error: CReplicationModule [Thread 16e8]: InitializeConnection: Initiating replication connection to 'host: "avsrv.sys.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "avsrv.sys.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Endpoint read failed, and error details:
2018-12-17 02:21:47 Warning: CReplicationModule [Thread 16e8]: InitializeConnection: Not possible to establish any connection (Attempts: 1)

So either the password is bad (though I'm wondering about the empty name) *or* something is blocking port 2222.  I've checked the avsrv's firewall and port 2222 is opened to all incoming traffic.  So I'm looking at the name being empty and seeing if I can reset the password.

Edmund

 

 

Share this post


Link to post
Share on other sites

The trace.log has the following:

2018-12-17 06:06:48 Error: CReplicationModule [Thread 12f8]: SendRequestAndHandleResponse: Rpc message response AUTHENTICATION_FAILURE (Token status: TOKEN_INVALID) -> Request new session token and resend replication request
2018-12-17 06:06:48 Warning: CReplicationModule [Thread 12f8]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet)
2018-12-17 06:42:31 Warning: CPushNotificationsModule [Thread 16ac]: Failed to configure EPNS resource (retrying in 5120 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-12-17 08:07:39 Warning: CPushNotificationsModule [Thread d20]: Failed to configure EPNS resource (retrying in 10240 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-12-17 10:06:23 Error: CUpdatesModule [Thread 1a94]: PerformUpdate: Module update failed with error: Could not connect to server. (error code 8449)
2018-12-17 10:58:19 Warning: CPushNotificationsModule [Thread b0]: Failed to configure EPNS resource (retrying in 20480 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-12-17 15:06:20 Error: CUpdatesModule [Thread 1910]: PerformUpdate: Module update failed with error: Could not connect to server. (error code 8449)
2018-12-17 16:39:39 Warning: CPushNotificationsModule [Thread 1d30]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)
2018-12-17 21:06:20 Error: CUpdatesModule [Thread 368]: PerformUpdate: Module update failed with error: Could not connect to server. (error code 8449)
2018-12-17 22:39:39 Warning: CPushNotificationsModule [Thread 4b4]: Failed to configure EPNS resource (retrying in 21600 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108)

To note, my system's time has a 1 minute difference with the ESMC server.  Could this be an issue?

Thanks

Edmund

Share this post


Link to post
Share on other sites

Your problem is clearly in agent - server communication. So the task could not run, as the agent would never pick it up and the ASAP trigger expires. Maybe @MartinK might be able to give you more insights, with regards to particular errors in the logs. 

Share this post


Link to post
Share on other sites

From previous logs, relevant connection error is:

failed with error code: 14, error message: Endpoint read failed

which tells us that established connection is closed before any data could be received. This might mean that connection was dropped due to timeout, or there is network component blocking communication. This AGENT is not connecting at all (as visible in webconsole)? Asking because this error might mean that ESMC is not able to handle connections for all AGENTs or that persistent connection was dropped -> new one has to be opened.

There are also other errors indicating that AGENT is not able to update its modules from update.eset.com (is this AGENT behind HTTP proxy?) and also it is not able to contact epns.eset.com (ESET Push Notification service).

Share this post


Link to post
Share on other sites

Thanks MichalJ...  I'm wondering if I had screwed up the firewall settings on Windows.

Share this post


Link to post
Share on other sites

I have disabled both the Windows Firewall  and the 3rd party firewall, and still it's not activating.

What I don't understand is that once I had disabled the Windows Firewall,  ESMC adds another Alert to my system (saying the Windows firewall is disabled), so I *know* the Agent is talking to the ESMC server.   That said, looking at the below log:

2018-12-19 02:40:48 Error: CReplicationModule [Thread 12f8]: InitializeConnection: Initiating replication connection to 'host: "avsrv.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "avsrv.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Endpoint read failed, and error details:
2018-12-19 02:40:48 Warning: CReplicationModule [Thread 12f8]: InitializeConnection: Not possible to establish any connection (Attempts: 1)
2018-12-19 02:40:48 Error: CReplicationModule [Thread 12f8]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current)
2018-12-19 02:40:48 Error: CReplicationModule [Thread 12f8]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "avsrv.local" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "avsrv.local" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message:  Endpoint read failed, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: avsrv.local:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: ad0f9505-a908-42bd-b46d-5f5e8984e0ae, Sent logs: 0, Cached static objects: 47, Cached static object groups: 9, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]

Looking at the above carefully, I think I'm beginning to know what the problem is.  Since ESMC has no HTTP Proxy, my system is basically connecting to nothing; but since in the AV, the proxy server setting is greyed out,  I'll need to uninstall the current AV and install it via GPO again but using the non HTTP Proxy setting.

Edmund

 

PS: As a side note, that "Ignore language when deploying the Antivirus via GPO" isn't such a good idea.  As when I went to uninstall the item through the control panel (Windows 8.1), it's in Bulgarian (or Russian..can't tell).   I only guessed what the uninstallation process entailed.

 

Share this post


Link to post
Share on other sites

Regarding the product activation item, I've finally managed to get my system activated via ESMC; but it wasn't a simple process.

  1.  I had to uninstall the Agent and AV manually via esetuninstaller.
  2. I had to reboot and gpupdate quite a few times before the Agent would install.
  3. I did a Software Install push task to install AV7.
  4. Once that's done,  I had to push an product activation task; but that failed, so I disabled the firewall and tried again and it worked. (So I'm guessing I need to tweak the firewall settings.

However, that said, I did encounter a few issues that could be possible bugs:

  1. Installing the Agent on a system with multiple NICs would be a crapshoot as it's possible that the agent enumerates the NICs differently and so takes the first NiC it finds, which unfortunately was the wrong one.  I had to disable the 'wrong' nic, (and firewalls) before it could activate the product.
    1. Possible solution: Check if there is an internet connection on both and take the one with the internet connection.  If none of the NICs have internet connection, then it wouldn't matter which one to take (I would think).
  2. Software Install push will not complete.  It will continue to say Running long after I've rebooted the system in question. [attachment shown to have a system that's already activated + pending Module update but the software install task is still running (which it isn't)]

 

Thanks

Edmund

PS: Even if I product activate and module update, when I re-enable the 2nd NIC, the Agent immediately uses it and thusly any subsequent tasks that require access to the Internet fails.   What I need to do is disable the 2nd NIC, run the updates, and then re-enable them again.   A workaround, for sure; but it is a hassle to do this.(Just saying... no offense to anyone).

 

eset3.png

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...