Jump to content
tomrgsd

V5 to V7 upgrade not activating

Recommended Posts

Posted (edited)

I have thousands of machines running version 5 (mostly version 5.0.2254). I have a new server running ESET Management Center latest version. I am pushing out management agent upgrades from the server to get machines communicating, then I initiate Endpoint upgrades form there. The clients are upgrading, however they are not activating. I try to push activation but it fails. It shows red and has an alert that says ESET Security Product is not activated and your computer is not protected.  When I view the Prodcuts installed, it shows ESET Management Agent 7.0.577.0 Up-to-date version and ESET Endpoint Security 7.1.2053.0 Up-to-date Version. On one of the machines, I manually removed the Endpoint software and did manual install and it worked. I don't want to have to do that for 3000+ devices. Any help is appreciated

Edited by tomrgsd

Share this post


Link to post
Share on other sites

There is an error code of ECP.20006 which just says to contact support. 

Share this post


Link to post
Share on other sites

You wrote " On one of the machines, I manually removed the Endpoint software and did manual install and it worked. "

Does activation also work if you don't uninstall Endpoint first and try to activate it via gui -> Help and support -> Change license? If that fails, enable advanced network protection and advanced licensing logging in the advanced setup -> tools -> diagnostics -> advanced logging, try to activate the product, disable logging, collect logs with ESET Log Collector (https://support.eset.com/kb3466/) and post the generated archive here.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

You wrote " On one of the machines, I manually removed the Endpoint software and did manual install and it worked. "

Does activation also work if you don't uninstall Endpoint first and try to activate it via gui -> Help and support -> Change license? If that fails, enable advanced network protection and advanced licensing logging in the advanced setup -> tools -> diagnostics -> advanced logging, try to activate the product, disable logging, collect logs with ESET Log Collector (https://support.eset.com/kb3466/) and post the generated archive here.

 

ees_logs.zip

Share this post


Link to post
Share on other sites

There's only one "client hello" in the pcap log for SSL communication with 10.1.10.121 which is your proxy. If SSL inspection is performed by the proxy, you will need to set up an exception for communication with ESET licensing servers. For a list of addresses, please visit  https://support.eset.com/kb332/.

You mentioned that activation works after uninstalling Endpoint and installing it from scratch. Couldn't it be because you didn't configure the proxy then and Endpoint connected directly to the activation servers?

Share this post


Link to post
Share on other sites
3 hours ago, Marcos said:
52 minutes ago, Marcos said:

There's only one "client hello" in the pcap log for SSL communication with 10.1.10.121 which is your proxy. If SSL inspection is performed by the proxy, you will need to set up an exception for communication with ESET licensing servers. For a list of addresses, please visit  https://support.eset.com/kb332/.

You mentioned that activation works after uninstalling Endpoint and installing it from scratch. Couldn't it be because you didn't configure the proxy then and Endpoint connected directly to the activation servers?

I already have those addresses allowed. I believe the same policy is applied for a fresh install. It is a packaged setup with our configuration bundled.  

Share this post


Link to post
Share on other sites
4 hours ago, tomrgsd said:

I already have those addresses allowed. I believe the same policy is applied for a fresh install. It is a packaged setup with our configuration bundled.  

I would recommend to double check configuration of proxy (or security-related network device) you are using whether it is configured in a way that communication with ESET licensing servers is not only enabled, but also TLS introspection is disabled, so that traffic is not modified.

In provided network capture there is no attempt to bypass HTTP proxy configuration  - is HTTP proxy fallback explicitly disabled in configuration? In case activation works manually, it might be because of HTTP proxy available to logged-in user, which might have different configuration and thus working.

Share this post


Link to post
Share on other sites

Looks like SSL introspection is performed on the proxy. This looks like a self-signed certificate, not ESET's one:

Certificate:
        Issuer: C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=Unknown
        Validity
            Not Before: Jul  8 15:56:58 2019 GMT
            Not After : Jul  5 15:56:58 2029 GMT
        Subject: C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=Unknown
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                IP Address:FE80:0:0:0:649D:D79:552A:4648, IP Address:10.1.10.121, DNS:localhost, DNS:RGSD-ESETMC.rgsd.local

 

SSL communication with ESET's activation servers must be excluded from SSL introspection.

Share this post


Link to post
Share on other sites

I am now working with support on this issue. It seems we had a policy that enabled Proxy communication which does not work with activation. Turning off Proxy option allows machine to activate. Unable to get proxy setting turned off remotely, but still working to see if that can be rectified.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...