sdnian 6 Posted June 13, 2019 Posted June 13, 2019 Product activation failed. The two days ago, I just installed a new server, ESMC 7.0.577, the client is EEA 7.1.2045. I tried to activate the product many times. But don't work all the time. I entered the license key directly in the Client and got the error code of ECP.20006. On the ESMC, use Wireshark to find the red line below, always get the 404 Not Found error, the full content can be found in the attachment. Please help me to resolve this problem, thanks! activation.zip
ESET Moderators Peter Randziak 1,181 Posted June 13, 2019 ESET Moderators Posted June 13, 2019 Hello @sdnian, thank you for the packet capture, I will have it checked. May I ask you you have any SSL inspection in place? Regards, Petertracking key: P_EESW-3955
sdnian 6 Posted June 14, 2019 Author Posted June 14, 2019 15 hours ago, Peter Randziak said: Hello @sdnian, thank you for the packet capture, I will have it checked. May I ask you you have any SSL inspection in place? Regards, Petertracking key: P_EESW-3955 I think it might be related to Firewall - Sophos XG115w. But I can't confirm if there is SSL inspection so far.
ESET Staff MartinK 384 Posted June 15, 2019 ESET Staff Posted June 15, 2019 (edited) 15 hours ago, sdnian said: I think it might be related to Firewall - Sophos XG115w. But I can't confirm if there is SSL inspection so far. Certificate that is considered by ESET products as untrusted, i.e. injected into communication has following identifiers inside: IP Address=fe80:0000:0000:0000:...:2a5a IP Address=192.....204 DNS Name=localhost DNS Name=G....net.local which might help you identify source. Otherwise certificate contains no other details, it actually like like default certificate that is generated for ESMC Webconsole, but it makes no sense to be injected into communication. Could you verify this certificate is used by your ESMC console for Apache Tomcat connections (I have made some redaction of data present in certificate)? Also as you mentioned, MAC addresses from communication with ESET licensing server (IP=13.91.57.145) indicates that next device is Sophos, but it does not mean it is source of this injected certificate. Edited June 15, 2019 by MartinK Redation of hostnames & IP addresses Peter Randziak 1
sdnian 6 Posted June 17, 2019 Author Posted June 17, 2019 Thanks for @MartinK and @Peter Randziak help. I have found a solution to resolve this issue. The Sophos Firewall have a function - Web Proxy, it works as transparent proxy mode by default, after I added a rule to bypass transparent proxy for ESMC host, the product activation works well. Peter Randziak 1
Recommended Posts