slarkins 5 Posted May 3, 2019 Share Posted May 3, 2019 I am starting to migrate form v5 to V7 and ESMC. I currently have 2 2016 Servers running 7.0.12018 file server agent. Twice i have noticed that one of both of these servers just stop updating definitions. No errors i can see. 2 Days ago one of the 2 servers stopped updating again but as soon as i rdp in to server it updated on its own( i did not open the eset gui on that server). Both servers are getting the same 2 policies. Is there a bug with regards to this? Needing to be logged in for updates to happen? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 3, 2019 Administrators Share Posted May 3, 2019 Does EFSW v7 update from ESET's servers or from a mirror? If from ESET's servers, does it connect through an http proxy or directly? Please enable advanced update engine logging in the advanced setup -> Tools -> Diagnostics, reproduce the issue, disable logging and gather logs with ESET Log Collector. When done, upload the generated archive here. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 3, 2019 Author Share Posted May 3, 2019 The esmc updates directly from eset servers and both endpoints use proxy to get updates from the esmc server. One of the 2 protected 2016 servers is the ESMC server. As i mentioned, when i noticed this on the other 2016 server (stopped updating on May 1 when i discovered yesterday May 2), as soon as i logged in to the server, just leaving it as desktop and not opening anything, it updated on its own. Its not an issue of the esmc server downloading definitions for the file security endpoint as the last time this happened, one of the 2 servers was updating fine. I have a total of 8 endpoints (6 windows pcs and 2 servers) on the ESMC. They all use the custom Management agent policy I created and the windows pcs have no issues. I noticed this problem a week or so ago when both servers wernt updating. I logged in to each server just to see what the actual endpoint log files said. I originally thought it was something i changed in the server policy but now thinking back, i logged in to both and they started updating again on their own. How can i reproduce a random issue? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 3, 2019 Administrators Share Posted May 3, 2019 ESMC doesn't create a mirror. Do you mean than HTTP Proxy is installed on the same machine as the ESMC server and workstations connect through it to ESET's update server ? Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 3, 2019 Author Share Posted May 3, 2019 yes... i had to go back and read my reply...no where did i mention mirror and i said in first line that the endpoints use proxy to get their updates Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 3, 2019 Administrators Share Posted May 3, 2019 Please generate an advanced update engine log and gather logs with ELC as advised above. The log should shed more light into it. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 3, 2019 Author Share Posted May 3, 2019 i enabled the update engine logging...how do i gather logs with ESET Log Collector? i never used that tool Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 3, 2019 Administrators Share Posted May 3, 2019 5 minutes ago, slarkins said: i enabled the update engine logging...how do i gather logs with ESET Log Collector? i never used that tool Check the FAQ section at the right-hand side of this forum or the link in my signature. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 3, 2019 Author Share Posted May 3, 2019 do you want me to try to leave it running to possibly capture the problem again or should i run the log collector now after the diagnostics has only been turned on for a few minutes? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 3, 2019 Administrators Share Posted May 3, 2019 The log must be from time when ESET was supposed to update but it didn't. So leave logging on and only after reproducing the issue disable it and gather logs with ESET Log Collector. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 3, 2019 Author Share Posted May 3, 2019 ok...maybe i will log out of the rdp session to see if i can reproduce problem Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 6, 2019 Author Share Posted May 6, 2019 The other server ( the esmc server) stopped updates on May 3. As soon as i logged in to it...it updated....i enabled the advanced logging oin that server also....see if i can capture nnext time this happens.... Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 7, 2019 Author Share Posted May 7, 2019 I had the logging on when this happened again on one of the 2016 servers. As i stated, i have 2 servers with same polices. The other one has experienced the same problem but it is currently updating fine. The current one stopped updating on May 3. I logged in yesterday morning and as soon as i opened the gui, it updated on its own. I turned on logging right after this. That update right before 8am yesterday was the only one it did then stopped. The esmc console shows last connected time as current (within connect time i specified in policies). One thing i do notice is that when i rdp in to the server, the eset icon is not in the taskbar. I have to open up via programs list. I still think it has something to do with a combination of the admin logged in at the console and also rdp session to same server or a combination of logged in one place and not the other. I ran the log collector but its 186mb which is too large. I did run all option. Let me kknow when options i need to choose for the logs to capture and i will rerun it. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 9, 2019 Author Share Posted May 9, 2019 Marcos??????? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 9, 2019 Administrators Share Posted May 9, 2019 If an advanced update engine log is included in the archive generated by ELC, upload it to Onedrive, Dropbox, etc. and provide me with a download link. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 9, 2019 Author Share Posted May 9, 2019 (edited) i am asking which option in need to select in ESET Log Collector...if i choose all its 186mb...largest file i can upload here is 100mb...i do not have onedrive or dropbox... I see no line item in the list of items in ESET Log Collector that references advanced update engine log Edited May 9, 2019 by slarkins Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 9, 2019 Administrators Share Posted May 9, 2019 You can use default settings profile which has diagnostic logs pre-selected. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 9, 2019 Author Share Posted May 9, 2019 log attached efsw_logs.zip Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 13, 2019 Author Share Posted May 13, 2019 Updates? Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 21, 2019 Author Share Posted May 21, 2019 Anyone out there????????????????? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted May 21, 2019 Administrators Share Posted May 21, 2019 Please keep in mind that this forum is not meant to substitute contacting customer care. This is not a trivial issue and analyzing the logs would take more time which I currently don't have. If you have contacted customer but didn't get a response withing a reasonable time, please provide the ticket number as well as information whether the ticket was created for ESET, LLC or another partner who would then contact ESET HQ for troubleshooting. Link to comment Share on other sites More sharing options...
slarkins 5 Posted May 21, 2019 Author Share Posted May 21, 2019 I uploaded log file almost 2 weeks ago...a simple reply that you got it and are currently reviewing would have been nice Link to comment Share on other sites More sharing options...
slarkins 5 Posted June 17, 2019 Author Share Posted June 17, 2019 any updates on this? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted June 19, 2019 Administrators Share Posted June 19, 2019 I've checked the logs but didn't find any issues. The event log is error free and the debug log showed that we always received files that we attempted to download; all attempts ended with 200 OK. In order to troubleshoot complex issues, please contact customer care so that a regular support ticket is created that will be tracked to ensure that you receive a timely and accurate response. Link to comment Share on other sites More sharing options...
slarkins 5 Posted June 20, 2019 Author Share Posted June 20, 2019 Maybe it had something to do with admin logged in at console then me rdp in as admin...leaving session running and disconnected. It always seemed that the update would work on its own as soon as i logged both sessions out then logged back in with one. The icon in taskbar never showed up for any user other than first one logged in. Taking this scenario, i set start mode to terminal for the server policy. I have not had issues since. Maybe a coincidence?? I dont need icon in taskbar on servers...i can run thru start menu... thanks for looking on to this Link to comment Share on other sites More sharing options...
Recommended Posts