davidenco 1 Posted April 16, 2019 Share Posted April 16, 2019 What does this mean? The last update was successful and the event log says nothing about there being a problem with the last check. This is also happening for a handful of our Endpoint Antivirus clients and File Security servers. Is this EDTD all over again? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted April 16, 2019 Administrators Share Posted April 16, 2019 It means that you have enabled ESET Dynamic Threat Defense in a policy but in fact you don't have an EDTD license or EDTD was not activated in EMSX via an EBA account from ESMC. Please disable EDTD in policies that are applied to EMSX: Link to comment Share on other sites More sharing options...
davidenco 1 Posted April 16, 2019 Author Share Posted April 16, 2019 Did you read the entire post or just the reference I made to EDTD? This is nothing to do with EDTD, I don't even see it in the UI! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted April 16, 2019 Administrators Share Posted April 16, 2019 I'm sorry. You mentioned EDTD in your post and there was a message about unauthorized access so I erroneously concluded it was related. Please enable diagnostic logging, run manual update, disable logging and finally gather logs with ESET Log Collector and post the generated archive here. Link to comment Share on other sites More sharing options...
davidenco 1 Posted April 16, 2019 Author Share Posted April 16, 2019 The message disappears when I check for an update manually (as it has already done), so doing what you've suggested isn't going to work. Any suggestions? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted April 16, 2019 Administrators Share Posted April 16, 2019 2 hours ago, davidenco said: The message disappears when I check for an update manually (as it has already done), so doing what you've suggested isn't going to work. Any suggestions? Then enable diagnostic logging and wait until the error occurs without running manual update and only then disable logging. Link to comment Share on other sites More sharing options...
davidenco 1 Posted May 9, 2019 Author Share Posted May 9, 2019 I just noticed these entries in the error_log on the ESMC Virtual Appliance. Could this be the problem? [Thu May 09 10:21:02.646568 2019] [access_compat:error] [pid 4373:tid 139798693996288] [client 10.1.1.76:3148] AH01797: client denied by server configuration: proxy:http:/repository.eset.com/v1/com/eset/apps/business/eea/windows/metadata3 [Thu May 09 10:28:07.070201 2019] [access_compat:error] [pid 4373:tid 139798954215168] [client 10.1.1.17:43234] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:38:17.186629 2019] [access_compat:error] [pid 4588:tid 139798836672256] [client 10.1.1.17:43748] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:48:27.266414 2019] [access_compat:error] [pid 4588:tid 139798777923328] [client 10.1.1.17:44598] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 10:58:37.538603 2019] [access_compat:error] [pid 4373:tid 139798794708736] [client 10.1.1.17:45206] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:08:47.586300 2019] [access_compat:error] [pid 4372:tid 139798945822464] [client 10.1.1.17:46088] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:18:57.845311 2019] [access_compat:error] [pid 4374:tid 139798962607872] [client 10.1.1.17:46702] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:29:07.926779 2019] [access_compat:error] [pid 4374:tid 139798777923328] [client 10.1.1.17:47540] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:39:08.306905 2019] [access_compat:error] [pid 4374:tid 139798719174400] [client 10.1.1.17:48080] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:49:18.604284 2019] [access_compat:error] [pid 4588:tid 139798929037056] [client 10.1.1.17:48882] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 11:59:28.867581 2019] [access_compat:error] [pid 4588:tid 139798836672256] [client 10.1.1.17:49616] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 12:09:29.567019 2019] [access_compat:error] [pid 4588:tid 139798735959808] [client 10.1.1.17:50608] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 12:19:32.004482 2019] [access_compat:error] [pid 4373:tid 139798761137920] [client 10.1.1.17:51794] AH01797: client denied by server configuration: proxy:hxxp:/// [Thu May 09 12:23:40.539484 2019] [access_compat:error] [pid 4372:tid 139798920644352] [client 10.1.1.2:13054] AH01797: client denied by server configuration: proxy:http:/repository.eset.com/v1/com/eset/apps/business/ems/exchange/metadata3 [Thu May 09 12:29:33.354294 2019] [access_compat:error] [pid 4373:tid 139798937429760] [client 10.1.1.17:52960] AH01797: client denied by server configuration: proxy:hxxp:/// Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted May 9, 2019 Administrators Share Posted May 9, 2019 Did you enable http proxy on the VA during deployment or you installed it afterwards? Please provide httpd.conf and proxy.conf. What is weird is "proxy:hxxp:///" as there should be the actual url which was blocked instead of "hxxp:///". Also "http:/repository.eset.com/..." doesn't look ok to me, I'd expect "http://repository.eset.com/.." there. Please provide ELC logs from a machine that is configured to connect through the proxy and where updates are failing. Link to comment Share on other sites More sharing options...
Recommended Posts