Jump to content

ESET Security Management Center constantly out of touch with clients


Recommended Posts

Locally managed, VM appliance on site.

ESET Security Management Center (Server), Version 7.1 (7.1.503.0)
ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)
 
CentOS (64-bit), Version 7.7.1908
 
Connected Clients: 30
Active Licenses: 3

Installed Components:

 
NAME
 
VERSION
 
 
Update module 1074.3 (20200217)
Translation support module 1790.1 (20200330)
SysInspector module 1274 (20180918)
SSL module 1041B (20190913)
Push Notification Service module 1060 (20200219)
Configuration module 1822.1 (20191028)

 

Ok, so now you know what I have...here is the issue...the ESMC constantly shows all the managed workstations as not connected recently, so there is a big red smear across everything. Funny thing is, I have workstations that have only been connected in the last couple weeks showing up red, as in not connected recently. Yet every workstation that supposedly hasn't connected recently, the ESET client on the workstation shows green across the board, everything is up to date, running fine. All workstations were installed using the generated install file from the server. The server has been restarted and I have tried using the wake up call. I had 3 workstation suddenly show as connected, but over the weekend I lost two. I have tried restarting the server. Not quite sure what else to do here...the boss wants to see everything free of yellow and red, and dont know what else to do. Any suggestions? TIA.

Link to post
Share on other sites
  • Administrators

What errors are logged in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log on clients that stopped connecting to the ESMC server?

Link to post
Share on other sites

Status log

Scope

Time

Text

Dynamic groups

2020-Mar-31 14:07:09

Device is not member of any dynamic group

Last authentication

2020-Mar-31 14:39:46

Enrollment failed with error: Request: Era.Common.Services.Authentication.RPCEnrollmentRequest on connection: host: "eset-es.company.com" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 2, error message: Failed to create subchannel, and error details:

Last replication

2020-Mar-31 14:39:41

ERROR: InitializeConnection: Initiating replication connection to 'host: "eset-es.company.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time

  • Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: eset-es.company:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 00000000-0000-0000-0000-000000000000, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
  • All replication attempts: 318

Peer certificate

2020-Mar-30 17:26:51

OK

  • Agent peer certificate with subject 'CN=Agent at *, C=US' issued by 'CN=Server Certification Authority, C=US' with serial number '01d0a68b060d6a423b941fdba7c12da04001' is and will be valid in 30 days

Product

2020-Mar-30 17:26:50

Product install configuration:

  • Product type: Agent
  • Product version: 7.1.717.0
  • Product locale: en_US

Performance

Indicator

Value

Up time

21:12:56

Memory private usage

19 MB

Available physical memory

5638 MB


Generated at 2020-Mar-31 14:39:46 (2020-Mar-31 10:39:46 local time)

Link to post
Share on other sites
  • ESET Staff
1 hour ago, Mazterjedi said:

This specific client is not able to resolve DNS name of your ESMC, i.e. error is:

GRPC:Failed to resolve: eset-es.<redacted>.com:2222

Could you please verify that clients can actually resolve this hostname? There is an alternative to instruct clients to connect to both hostname and IP as an alternative, but it has certain requirements to ESMC's TLS certificate so should be used carefully.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...