Eset Business Endpoint will not activate behind firewall

[GBO 0]

I have ESMC version 7.1.12006.0

Server was installed with standard port of 2222

Operating System is Windows Server 2016 Standard

All clients on the same LAN as the server install and activate ok, and are fully functional

Clients (mix of Windows 7 and Windows 10) on a remote customer’s network have a restricted connection to my local LAN. Port 2222 is open to allow traffic.

From the client computer, I can ping the server.

After installing the client, it fails to activate. Although the clients are listed on the ESMC console, but show errors because they are not receiving updates

When run a repair on the Eset Management agent, it confirms that the connection to the server is Server: 2222

The clients connect to the Internet through a Proxy. From a browser, when I enter https://edf.eset.com/edf  it displays the xml code

<ecp:message xmlns:ecp="hxxp://www.eset.com/2012/02/ecp">

<ecp:response>

<code>20101003</code>

<message>Unsupported Content-type: unknown</message>

</ecp:response>

</ecp:message>

 

From the client, I have also tried to activate the client via my license key

After a long delay, if fails and says it could not reach the activation server with an error code of ECP.20003

When I try to activate via the Security Admin Account login, I get this screen about ‘Unit Distributions’ ?

I also logged the above message via the web site, and direct to au.support@eset.com but did not receive any confirmation that a support case is created.

Note, everything worked fine previously with v5 of the ESMC and v5 clients.

 

Please help, what else do I have to get this clients activated ?

 

[Marcos 5,070]

As for the code ECP.20003, it means that communication with the host failed. Please make sure that communication with activation servers is allowed as per https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall. You will need to allow also communication with other ESET servers to take advantage of some other protection features.

The fact that you didn't have issues with v5 is that activation was first supported in v6. V5 required only a username and password to update.

As for the problem contact ESET support in Australia, you can try contacting them via phone (https://www.eset.com/au/about/support/). If a support ticket was created, you would have received a confirmation email with a ticket ID. Please check your junk and spam folders, just in case.

[GBO 0]

Hi Marcos,

My email to support was initially blocked because of the log file. The case number raised is 376091, support advised us how to create and apply an Offline activation. It seems the client is now activated – but the Endpoint fails to update the Modules. Times out, trying to find the server. Although the Console is showing the client as connecting every 20 mins

When I create the installer from the ESMC, do I have specifically configure it so the updates come from the ESMC. Or is this automatic ?

What else can I check to establish why it is not finding the update server ?

Thanks

[Marcos 5,070]

If the machines can connect to the Internet via a proxy, you should not use an offline file for activation. Since the clients cannot obviously communicate with activation servers, it's not a problem now but you won't be able to take advantage of other protection features such as LiveGrid or streamed updates. If you fixed the problem with the proxy at a later time and the clients would start to communicate with ESET's servers, you'd get notifications in EBA and lose the ability to create offline license files.

[GBO 0]

The machines do connect to the Internet via a proxy, but the customer decides what web sites are accessible. I realize some features such as Live Grid will not be available

So the clients show up on the ERA Console, reporting that they are connecting every 20 mins. But they are not receiving updates.

Does all of the update communication between the client and the ERA go via 2222. If not which port does it use. Looking at this diagram https://help.eset.com/esmc_install/70/en-US/ports_used.html, I assume all updates would go via port 2222 ?

[Marcos 5,070]

The question is how you configured the clients to update. If from a local mirror, is a correct path to the mirror configured in the update setup? If configured to update from ESET's servers, communication with the update servers listed in the KB article must be allowed and the proxy server must be configured correctly. In case of update from a mirror, there are two possibilities: update via http (mirrored files must be made available through an http server) or update from a share. This communication has nothing to do with the ESMC server listening on port 2222.

LiveGrid is a crucial feature which affects detection, malware cleaning and scan performance. We recommend keeping LiveGrid enabled and working. Also streamed updates delivering up to date detections as soon as new malware emerges are possible only when updating from ESET's update servers.

[GBO 0]

So, are you saying it is not possible for the clients to get their updates directly the ESMC server ?

We did it this way in v5

[Marcos 5,070]

The ESMC server does not download updates. We recommend using a proxy server in larger networks to cache update files. Alternatively it's possible to create a mirror with the mirror tool (https://help.eset.com/esmc_install/70/en-US/mirror_tool_windows.html) or use an ESET security product to create the mirror.

[GBO 0]

I used the Mirror Tool to create a  offline repository. I wanted an English, Windows version of Antivirus Security. I used the following commands:

MirrorTool.exe --mirrorType regular ^
--repositoryServer AUTOSELECT ^
--intermediateRepositoryDirectory E:\Temp\IntermediaryFiles ^
--outputRepositoryDirectory E:\Temp\FinalRepository
--languageFilterForRepository en_US ^
--productFilterForRepository Antivirus Security ^
--offlineLicenseFilename c:\temp\Esetendpointsecurityforwindows.lf

But I also get the files for Linux, Mac and all Languages. Am I doing something wrong ?

Thanks