Jump to content

V5 to V7 upgrade not activating


tomrgsd
 Share

Recommended Posts

I have thousands of machines running version 5 (mostly version 5.0.2254). I have a new server running ESET Management Center latest version. I am pushing out management agent upgrades from the server to get machines communicating, then I initiate Endpoint upgrades form there. The clients are upgrading, however they are not activating. I try to push activation but it fails. It shows red and has an alert that says ESET Security Product is not activated and your computer is not protected.  When I view the Prodcuts installed, it shows ESET Management Agent 7.0.577.0 Up-to-date version and ESET Endpoint Security 7.1.2053.0 Up-to-date Version. On one of the machines, I manually removed the Endpoint software and did manual install and it worked. I don't want to have to do that for 3000+ devices. Any help is appreciated

Edited by tomrgsd
Link to comment
Share on other sites

  • Administrators

You wrote " On one of the machines, I manually removed the Endpoint software and did manual install and it worked. "

Does activation also work if you don't uninstall Endpoint first and try to activate it via gui -> Help and support -> Change license? If that fails, enable advanced network protection and advanced licensing logging in the advanced setup -> tools -> diagnostics -> advanced logging, try to activate the product, disable logging, collect logs with ESET Log Collector (https://support.eset.com/kb3466/) and post the generated archive here.

Link to comment
Share on other sites

1 hour ago, Marcos said:

You wrote " On one of the machines, I manually removed the Endpoint software and did manual install and it worked. "

Does activation also work if you don't uninstall Endpoint first and try to activate it via gui -> Help and support -> Change license? If that fails, enable advanced network protection and advanced licensing logging in the advanced setup -> tools -> diagnostics -> advanced logging, try to activate the product, disable logging, collect logs with ESET Log Collector (https://support.eset.com/kb3466/) and post the generated archive here.

 

ees_logs.zip

Link to comment
Share on other sites

  • Administrators

There's only one "client hello" in the pcap log for SSL communication with 10.1.10.121 which is your proxy. If SSL inspection is performed by the proxy, you will need to set up an exception for communication with ESET licensing servers. For a list of addresses, please visit  https://support.eset.com/kb332/.

You mentioned that activation works after uninstalling Endpoint and installing it from scratch. Couldn't it be because you didn't configure the proxy then and Endpoint connected directly to the activation servers?

Link to comment
Share on other sites

3 hours ago, Marcos said:
52 minutes ago, Marcos said:

There's only one "client hello" in the pcap log for SSL communication with 10.1.10.121 which is your proxy. If SSL inspection is performed by the proxy, you will need to set up an exception for communication with ESET licensing servers. For a list of addresses, please visit  https://support.eset.com/kb332/.

You mentioned that activation works after uninstalling Endpoint and installing it from scratch. Couldn't it be because you didn't configure the proxy then and Endpoint connected directly to the activation servers?

I already have those addresses allowed. I believe the same policy is applied for a fresh install. It is a packaged setup with our configuration bundled.  

Link to comment
Share on other sites

  • ESET Staff
4 hours ago, tomrgsd said:

I already have those addresses allowed. I believe the same policy is applied for a fresh install. It is a packaged setup with our configuration bundled.  

I would recommend to double check configuration of proxy (or security-related network device) you are using whether it is configured in a way that communication with ESET licensing servers is not only enabled, but also TLS introspection is disabled, so that traffic is not modified.

In provided network capture there is no attempt to bypass HTTP proxy configuration  - is HTTP proxy fallback explicitly disabled in configuration? In case activation works manually, it might be because of HTTP proxy available to logged-in user, which might have different configuration and thus working.

Link to comment
Share on other sites

  • Administrators

Looks like SSL introspection is performed on the proxy. This looks like a self-signed certificate, not ESET's one:

Certificate:
        Issuer: C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=Unknown
        Validity
            Not Before: Jul  8 15:56:58 2019 GMT
            Not After : Jul  5 15:56:58 2029 GMT
        Subject: C=Unknown, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=Unknown
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                IP Address:FE80:0:0:0:649D:D79:552A:4648, IP Address:10.1.10.121, DNS:localhost, DNS:RGSD-ESETMC.rgsd.local

 

SSL communication with ESET's activation servers must be excluded from SSL introspection.

Link to comment
Share on other sites

I am now working with support on this issue. It seems we had a policy that enabled Proxy communication which does not work with activation. Turning off Proxy option allows machine to activate. Unable to get proxy setting turned off remotely, but still working to see if that can be rectified.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...