Accumulation of computers showing "ESET LiveGrid is not reachable" requiring a server reboot to fix

[qbuache 0]

Hello,

We updated our ESMC server to version 7.1.717.0 last week and since then we need to reboot it every 1-2 days to unblock the clients which cannot contact "ESET LiveGrid" anymore.

Over the day, an overgrowing number of clients report the issue "ESET LiveGrid is not reachable".

Rebooting the server fixes the issue immediately.

This happens with up to date clients (antivirus and agents) and not yet up to date clients.

We made no change to our network infrastructure.

Do I need to care about my Windows server DNS cache ?

 

Thank you for your help.

Have a nice day

[Marcos 5,143]

Do you know what is the reason for clients getting that LiveGrid is not reachable? Does the notification show up only in the ESMC console or on clients too?

[qbuache 0]

Hello,

No I don't know. All clients properly contact the ESMC server and accepts tasks and modules updates.

The error message is shown both in the ESMC console and on clients.

Edited November 19, 2019 by qbuache

[Marcos 5,143]

In order for LiveGrid to work on clients, they must be able to access ESET's LiveGrid servers listed in https://support.eset.com/en/ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall:

Hostname	IP address
h1-c01-b.eset.com	91.228.166.45
h1-c02-b.eset.com	91.228.166.46
h1-c03-s.eset.com	91.228.165.43
h1-c04-s.eset.com	91.228.165.44
h1-c06-b.eset.com	91.228.166.52
h3-c01-b.eset.com	91.228.167.86
h3-c02-b.eset.com	91.228.167.87
h3-c03-b.eset.com	91.228.167.46
h3-c04-b.eset.com	91.228.167.103
h5-c01-b.eset.com, 38-90-226-11.ptr.eset.com	38.90.226.11
h5-c02-b.eset.com, 38-90-226-12.ptr.eset.com	38.90.226.12
h5-c03-b.eset.com, 38-90-226-13.ptr.eset.com	38.90.226.13
h3-c01.eset.com	91.228.167.137
h3-c02.eset.com	91.228.167.43

Domains used by ESET Live Grid:

Hostnames
a.cwip.eset.com
ae.cwip.eset.com
c.cwip.eset.com
ce.cwip.eset.com
dnsj.e5.sk
dnsje.e5.sk
i1.cwip.eset.com
i1e.cwip.eset.com
i3.cwip.eset.com
i4.cwip.eset.com
i4e.cwip.eset.com
u.cwip.eset.com
ue.cwip.eset.com
c.eset.com
a.c.eset.com
u.eset.com
i1.c.eset.com
i3.c.eset.com
i4.c.eset.com

These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53.

[qbuache 0]

I can confirm that my clients can Ping every hostname provided in your documentation.

And the port 53 is open in their firewall.

I don't understand why rebooting the server unlock the situation. Do clients contact your servers through the local ESMC server ?

 

[Marcos 5,143]

Not sure what the issue could be if DNS works. You can try temporarily enabling diagnostic logging verbosity and see if more details about the issue are logged. It may be necessary to generate a pcap log with Wireshark when the issue occurs and provide it to customer care along with logs collected with ESET Log Collector for perusal.

[Vladimirov E.A. 0]

Is your problem resolved?
We had such a problem after updating the server.
Solved by upgrading the entire software package

[qbuache 0]

Hello,

I also discovered that I can't update the Modules and the Product. I have two error lines in the client stating that "The download was interrupted"...

I try Wireshark, diagnostics and Log collector to see what happen.

 

[qbuache 0]

@Vladimirov E.A. sorry I missed your message.

No it's not solved. Today I had 125 out of 400 computers unable to update their modules and reach LiveGrid.

Rebooting the server instantly solved the problem... the issue is linked to it, but I don't understand how.

What do you mean by "upgrading the entire software package"

 

My ESMC server is up to date : 

ESET Management Agent 7.1.717.0
ESET Security Management Center Server 7.1.717.0
ESET Rogue Detection Sensor 1.1.693.0
ESET Endpoint Antivirus 7.2.2055.0

Edited November 21, 2019 by qbuache

[Marcos 5,143]

Do the clients update through an http proxy? If so, does restarting its service resolve the issue?

[qbuache 0]

26 minutes ago, Marcos said:

Do the clients update through an http proxy? If so, does restarting its service resolve the issue?

I rebooted the server a few hours ago so I can't test right now, but the HTTP proxy is enabled in "Server settings > Advanced settings > HTTP proxy" and the clients have a policy setting the proxy.

I will restart the Apache service for testing.

 

The HTTP Proxy is on the same server that the ESMC server

Edited November 21, 2019 by qbuache
http proxy location

[DRGluke 0]

I had the same issue with my system.

Restarting the ApacheHTTP service worked (which I assume is why a reboot works).

After some checking I noticed that when you do the update via the SMC web interface it doesn't update ApacheHTTP or Tomcat.

I downloaded the latest SMC installer from the ESET downloads pages and ran the upgrade task, which then selected just the Apache related items for update.

After this, everything seems to be running ok, though its not been long since I did that and can't confirm if that has resolved the issue fully as yet.

[qbuache 0]

@DRGluke thank you for that info.

The problem did not occur since last thursday. That day, I went in the "HTTP proxy" server setting I disabled and enabled.  Maybe that fixed the issue.

If it happen again, I will restart the service and then try an update as DRGluke advised.

Thank you for your help

[qbuache 0]

Hello,

It did not occur since november 21. I think that, as noted in my previous post, disabling and reenabling the "HTTP proxy" server setting fixed the situation. This is the only change I made on that day (or it was a DNS issue on my side or a faulty server on ESET side).

You can close that topic as you want.

Thanks again for your help