Jump to content

Accumulation of computers showing "ESET LiveGrid is not reachable" requiring a server reboot to fix


qbuache

Recommended Posts

Hello,

We updated our ESMC server to version 7.1.717.0 last week and since then we need to reboot it every 1-2 days to unblock the clients which cannot contact "ESET LiveGrid" anymore.

Over the day, an overgrowing number of clients report the issue "ESET LiveGrid is not reachable".

Rebooting the server fixes the issue immediately.

This happens with up to date clients (antivirus and agents) and not yet up to date clients.

We made no change to our network infrastructure.

Do I need to care about my Windows server DNS cache ?

 

Thank you for your help.

Have a nice day

Link to comment
Share on other sites

  • Administrators

Do you know what is the reason for clients getting that LiveGrid is not reachable? Does the notification show up only in the ESMC console or on clients too?

Link to comment
Share on other sites

Hello,

No I don't know. All clients properly contact the ESMC server and accepts tasks and modules updates.

The error message is shown both in the ESMC console and on clients.

Edited by qbuache
Link to comment
Share on other sites

  • Administrators

In order for LiveGrid to work on clients, they must be able to access ESET's LiveGrid servers listed in https://support.eset.com/en/ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall:

Hostname IP address
h1-c01-b.eset.com 91.228.166.45
h1-c02-b.eset.com 91.228.166.46
h1-c03-s.eset.com 91.228.165.43
h1-c04-s.eset.com 91.228.165.44
h1-c06-b.eset.com 91.228.166.52
h3-c01-b.eset.com 91.228.167.86
h3-c02-b.eset.com 91.228.167.87
h3-c03-b.eset.com 91.228.167.46
h3-c04-b.eset.com 91.228.167.103
h5-c01-b.eset.com, 38-90-226-11.ptr.eset.com 38.90.226.11
h5-c02-b.eset.com, 38-90-226-12.ptr.eset.com 38.90.226.12
h5-c03-b.eset.com, 38-90-226-13.ptr.eset.com 38.90.226.13
h3-c01.eset.com 91.228.167.137
h3-c02.eset.com 91.228.167.43

Domains used by ESET Live Grid:

Hostnames
a.cwip.eset.com
ae.cwip.eset.com
c.cwip.eset.com
ce.cwip.eset.com
dnsj.e5.sk
dnsje.e5.sk
i1.cwip.eset.com
i1e.cwip.eset.com
i3.cwip.eset.com
i4.cwip.eset.com
i4e.cwip.eset.com
u.cwip.eset.com
ue.cwip.eset.com
c.eset.com
a.c.eset.com
u.eset.com
i1.c.eset.com
i3.c.eset.com
i4.c.eset.com

These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53.

Link to comment
Share on other sites

I can confirm that my clients can Ping every hostname provided in your documentation.

And the port 53 is open in their firewall.

I don't understand why rebooting the server unlock the situation. Do clients contact your servers through the local ESMC server ?

 

Link to comment
Share on other sites

  • Administrators

Not sure what the issue could be if DNS works. You can try temporarily enabling diagnostic logging verbosity and see if more details about the issue are logged. It may be necessary to generate a pcap log with Wireshark when the issue occurs and provide it to customer care along with logs collected with ESET Log Collector for perusal.

Link to comment
Share on other sites

Hello,


I also discovered that I can't update the Modules and the Product. I have two error lines in the client stating that "The download was interrupted"...

I try Wireshark, diagnostics and Log collector to see what happen.

 

Link to comment
Share on other sites

@Vladimirov E.A. sorry I missed your message.

No it's not solved. Today I had 125 out of 400 computers unable to update their modules and reach LiveGrid.

Rebooting the server instantly solved the problem... the issue is linked to it, but I don't understand how.

What do you mean by "upgrading the entire software package"

 

My ESMC server is up to date

ESET Management Agent 7.1.717.0  
ESET Security Management Center Server 7.1.717.0  
ESET Rogue Detection Sensor 1.1.693.0  
ESET Endpoint Antivirus 7.2.2055.0
Edited by qbuache
Link to comment
Share on other sites

26 minutes ago, Marcos said:

Do the clients update through an http proxy? If so, does restarting its service resolve the issue?

I rebooted the server a few hours ago so I can't test right now, but the HTTP proxy is enabled in "Server settings > Advanced settings > HTTP proxy" and the clients have a policy setting the proxy.

I will restart the Apache service for testing.

 

The HTTP Proxy is on the same server that the ESMC server

Edited by qbuache
http proxy location
Link to comment
Share on other sites

I had the same issue with my system.

Restarting the ApacheHTTP service worked (which I assume is why a reboot works).

After some checking I noticed that when you do the update via the SMC web interface it doesn't update ApacheHTTP or Tomcat.

I downloaded the latest SMC installer from the ESET downloads pages and ran the upgrade task, which then selected just the Apache related items for update.

After this, everything seems to be running ok, though its not been long since I did that and can't confirm if that has resolved the issue fully as yet.

Link to comment
Share on other sites

@DRGluke thank you for that info.

The problem did not occur since last thursday. That day, I went in the "HTTP proxy" server setting I disabled and enabled.  Maybe that fixed the issue.

If it happen again, I will restart the service and then try an update as DRGluke advised.

Thank you for your help

Link to comment
Share on other sites

Hello,

It did not occur since november 21. I think that, as noted in my previous post, disabling and reenabling the "HTTP proxy" server setting fixed the situation. This is the only change I made on that day (or it was a DNS issue on my side or a faulty server on ESET side).

You can close that topic as you want.

Thanks again for your help

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...