Jump to content

Archived

This topic is now archived and is closed to further replies.

slarkins

2016 Server Definition Randomly Stops Updating

Recommended Posts

I am starting to migrate form v5 to V7 and ESMC. I currently have 2 2016 Servers running 7.0.12018 file server agent. Twice i have noticed that one of both of these servers just stop updating definitions. No errors i can see. 2 Days ago one of the 2 servers stopped updating again but as soon as i rdp in to server it updated on its own( i did not open the eset gui on that server). Both servers are getting the same 2 policies. Is there a bug with regards to this? Needing to be logged in for updates to happen?

Share this post


Link to post
Share on other sites

Does EFSW v7 update from ESET's servers or from a mirror? If from ESET's servers, does it connect through an http proxy or directly?

Please enable advanced update engine logging in the advanced setup -> Tools -> Diagnostics, reproduce the issue, disable logging and gather logs with ESET Log Collector. When done, upload the generated archive here.

Share this post


Link to post
Share on other sites

The esmc updates directly from eset servers and both endpoints use proxy to get updates from the esmc server. One of the 2 protected 2016 servers is the ESMC server. As i mentioned, when i noticed this on the other 2016 server (stopped updating on May 1 when i discovered yesterday May 2), as soon as i logged in to the server, just leaving it as desktop and not opening anything, it updated on its own. Its not an issue of the esmc server downloading definitions for the file security endpoint as the last time this happened, one of the 2 servers was updating fine. I have a total of 8 endpoints (6 windows pcs and 2 servers) on the ESMC. They all use the custom Management agent policy I created and the windows pcs have no issues. I noticed this problem a week or so ago when both servers wernt updating. I logged in to each server just to see what the actual endpoint log files said. I originally thought it was something i changed in the server policy  but now thinking back, i logged in to both and they started updating again on their own.

 

How can i reproduce a random issue?

Share this post


Link to post
Share on other sites

ESMC doesn't create a mirror. Do you mean than HTTP Proxy is installed on the same machine as the ESMC server and workstations connect through it to ESET's update server ?

Share this post


Link to post
Share on other sites

yes...

 

i had to go back and read my reply...no where did i mention mirror and i said in first line that the endpoints use proxy to get their updates

Share this post


Link to post
Share on other sites

Please generate an advanced update engine log and gather logs with ELC as advised above. The log should shed more light into it.

Share this post


Link to post
Share on other sites

i enabled the update engine logging...how do i gather logs with ESET Log Collector? i never used that tool

Share this post


Link to post
Share on other sites
5 minutes ago, slarkins said:

i enabled the update engine logging...how do i gather logs with ESET Log Collector? i never used that tool

Check the FAQ section at the right-hand side of this forum or the link in my signature.

Share this post


Link to post
Share on other sites

do you want me to try to leave it running to possibly capture the problem again or should i run the log collector now after the diagnostics has only been turned on for a few minutes?

Share this post


Link to post
Share on other sites

The log must be from time when ESET was supposed to update but it didn't. So leave logging on and only after reproducing the issue disable it and gather logs with ESET Log Collector.

Share this post


Link to post
Share on other sites

ok...maybe i will log out of the rdp session to see if i can reproduce problem

Share this post


Link to post
Share on other sites

The other server ( the esmc server) stopped updates on May 3. As soon as i logged in to it...it updated....i enabled the advanced logging oin that server also....see if i can capture nnext time this happens....

Share this post


Link to post
Share on other sites

I had the logging on when this happened again on one of the 2016 servers. As i stated, i have 2 servers with same polices. The other one has experienced the same problem but it is currently updating fine. The current one stopped updating on May 3. I logged in yesterday morning and as soon as i opened the gui, it updated on its own. I turned on logging right after this. That update right before 8am yesterday was the only one it did then stopped. The esmc console shows last connected time as current (within connect time i specified in policies). One thing i do notice is that when i rdp in to the server, the eset icon is not in the taskbar. I have to open up via programs list. I still think it has something to do with a combination of the admin logged in at the console and also rdp session to same server or a combination of logged in one place and not the other. I ran the log collector but its 186mb which is too large. I did run all option. Let me kknow when options i need to choose for the logs to capture and i will rerun it.

Share this post


Link to post
Share on other sites

If an advanced update engine log is included in the archive generated by ELC, upload it to Onedrive, Dropbox, etc. and provide me with a download link.

Share this post


Link to post
Share on other sites

i am asking which option in need to select in ESET Log Collector...if i choose all its 186mb...largest file i can upload here is 100mb...i do not have onedrive or dropbox...

 

I see no line item in the list of items in ESET Log Collector that references advanced update engine log

Share this post


Link to post
Share on other sites

You can use default settings profile which has diagnostic logs pre-selected.

Share this post


Link to post
Share on other sites

Anyone out there?????????????????

Share this post


Link to post
Share on other sites

Please keep in mind that this forum is not meant to substitute contacting customer care. This is not a trivial issue and analyzing the logs would take more time which I currently don't have. If you have contacted customer but didn't get a response withing a reasonable time, please provide the ticket number as well as information whether the ticket was created for ESET, LLC or another partner who would then contact ESET HQ for troubleshooting.

Share this post


Link to post
Share on other sites

I uploaded log file almost 2 weeks ago...a simple reply that you got it and are currently reviewing would have been nice

Share this post


Link to post
Share on other sites

I've checked the logs but didn't find any issues. The event log is error free and the debug log showed that we always received files that we attempted to download; all attempts ended with 200 OK.

In order to troubleshoot complex issues, please contact customer care so that a regular support ticket is created that will be tracked to ensure that you receive a timely and accurate response.

Share this post


Link to post
Share on other sites

Maybe it had something to do with admin logged in at console then me rdp in as admin...leaving session running and disconnected. It always seemed that the update would work on its own as soon as i logged both sessions out then logged back in with one. The icon in taskbar never showed up for any user other than first one logged in. Taking this scenario, i set start mode to terminal for the server policy. I have not had issues since. Maybe a coincidence?? I dont need icon in taskbar on servers...i can run thru start menu...

 

thanks for looking on to this

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...