qbuache 0 Posted November 19, 2019 Share Posted November 19, 2019 Hello, We updated our ESMC server to version 7.1.717.0 last week and since then we need to reboot it every 1-2 days to unblock the clients which cannot contact "ESET LiveGrid" anymore. Over the day, an overgrowing number of clients report the issue "ESET LiveGrid is not reachable". Rebooting the server fixes the issue immediately. This happens with up to date clients (antivirus and agents) and not yet up to date clients. We made no change to our network infrastructure. Do I need to care about my Windows server DNS cache ? Thank you for your help. Have a nice day Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted November 19, 2019 Administrators Share Posted November 19, 2019 Do you know what is the reason for clients getting that LiveGrid is not reachable? Does the notification show up only in the ESMC console or on clients too? Link to comment Share on other sites More sharing options...
qbuache 0 Posted November 19, 2019 Author Share Posted November 19, 2019 (edited) Hello, No I don't know. All clients properly contact the ESMC server and accepts tasks and modules updates. The error message is shown both in the ESMC console and on clients. Edited November 19, 2019 by qbuache Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted November 19, 2019 Administrators Share Posted November 19, 2019 In order for LiveGrid to work on clients, they must be able to access ESET's LiveGrid servers listed in https://support.eset.com/en/ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall: Hostname IP address h1-c01-b.eset.com 91.228.166.45 h1-c02-b.eset.com 91.228.166.46 h1-c03-s.eset.com 91.228.165.43 h1-c04-s.eset.com 91.228.165.44 h1-c06-b.eset.com 91.228.166.52 h3-c01-b.eset.com 91.228.167.86 h3-c02-b.eset.com 91.228.167.87 h3-c03-b.eset.com 91.228.167.46 h3-c04-b.eset.com 91.228.167.103 h5-c01-b.eset.com, 38-90-226-11.ptr.eset.com 38.90.226.11 h5-c02-b.eset.com, 38-90-226-12.ptr.eset.com 38.90.226.12 h5-c03-b.eset.com, 38-90-226-13.ptr.eset.com 38.90.226.13 h3-c01.eset.com 91.228.167.137 h3-c02.eset.com 91.228.167.43 Domains used by ESET Live Grid: Hostnames a.cwip.eset.com ae.cwip.eset.com c.cwip.eset.com ce.cwip.eset.com dnsj.e5.sk dnsje.e5.sk i1.cwip.eset.com i1e.cwip.eset.com i3.cwip.eset.com i4.cwip.eset.com i4e.cwip.eset.com u.cwip.eset.com ue.cwip.eset.com c.eset.com a.c.eset.com u.eset.com i1.c.eset.com i3.c.eset.com i4.c.eset.com These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53. Link to comment Share on other sites More sharing options...
qbuache 0 Posted November 19, 2019 Author Share Posted November 19, 2019 I can confirm that my clients can Ping every hostname provided in your documentation. And the port 53 is open in their firewall. I don't understand why rebooting the server unlock the situation. Do clients contact your servers through the local ESMC server ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted November 19, 2019 Administrators Share Posted November 19, 2019 Not sure what the issue could be if DNS works. You can try temporarily enabling diagnostic logging verbosity and see if more details about the issue are logged. It may be necessary to generate a pcap log with Wireshark when the issue occurs and provide it to customer care along with logs collected with ESET Log Collector for perusal. Link to comment Share on other sites More sharing options...
Vladimirov E.A. 0 Posted November 21, 2019 Share Posted November 21, 2019 Is your problem resolved? We had such a problem after updating the server. Solved by upgrading the entire software package Link to comment Share on other sites More sharing options...
qbuache 0 Posted November 21, 2019 Author Share Posted November 21, 2019 Hello, I also discovered that I can't update the Modules and the Product. I have two error lines in the client stating that "The download was interrupted"... I try Wireshark, diagnostics and Log collector to see what happen. Link to comment Share on other sites More sharing options...
qbuache 0 Posted November 21, 2019 Author Share Posted November 21, 2019 (edited) @Vladimirov E.A. sorry I missed your message. No it's not solved. Today I had 125 out of 400 computers unable to update their modules and reach LiveGrid. Rebooting the server instantly solved the problem... the issue is linked to it, but I don't understand how. What do you mean by "upgrading the entire software package" My ESMC server is up to date : ESET Management Agent 7.1.717.0 ESET Security Management Center Server 7.1.717.0 ESET Rogue Detection Sensor 1.1.693.0 ESET Endpoint Antivirus 7.2.2055.0 Edited November 21, 2019 by qbuache Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted November 21, 2019 Administrators Share Posted November 21, 2019 Do the clients update through an http proxy? If so, does restarting its service resolve the issue? Link to comment Share on other sites More sharing options...
qbuache 0 Posted November 21, 2019 Author Share Posted November 21, 2019 (edited) 26 minutes ago, Marcos said: Do the clients update through an http proxy? If so, does restarting its service resolve the issue? I rebooted the server a few hours ago so I can't test right now, but the HTTP proxy is enabled in "Server settings > Advanced settings > HTTP proxy" and the clients have a policy setting the proxy. I will restart the Apache service for testing. The HTTP Proxy is on the same server that the ESMC server Edited November 21, 2019 by qbuache http proxy location Link to comment Share on other sites More sharing options...
DRGluke 0 Posted November 25, 2019 Share Posted November 25, 2019 I had the same issue with my system. Restarting the ApacheHTTP service worked (which I assume is why a reboot works). After some checking I noticed that when you do the update via the SMC web interface it doesn't update ApacheHTTP or Tomcat. I downloaded the latest SMC installer from the ESET downloads pages and ran the upgrade task, which then selected just the Apache related items for update. After this, everything seems to be running ok, though its not been long since I did that and can't confirm if that has resolved the issue fully as yet. Link to comment Share on other sites More sharing options...
qbuache 0 Posted November 25, 2019 Author Share Posted November 25, 2019 @DRGluke thank you for that info. The problem did not occur since last thursday. That day, I went in the "HTTP proxy" server setting I disabled and enabled. Maybe that fixed the issue. If it happen again, I will restart the service and then try an update as DRGluke advised. Thank you for your help Link to comment Share on other sites More sharing options...
qbuache 0 Posted December 2, 2019 Author Share Posted December 2, 2019 Hello, It did not occur since november 21. I think that, as noted in my previous post, disabling and reenabling the "HTTP proxy" server setting fixed the situation. This is the only change I made on that day (or it was a DNS issue on my side or a faulty server on ESET side). You can close that topic as you want. Thanks again for your help Link to comment Share on other sites More sharing options...
Recommended Posts