karsayor 6 Posted July 14, 2020 Share Posted July 14, 2020 I successfully activated a Dynamic Threat Defense on a device, activate it through policy, now I get this : ESET Dynamic Threat Defense is not working. Connection to authentication servers failed. I wonder because we have a HTTP Proxy setup for Agents / Products, it seems that EDTD does not use the HTTP Proxy ? Or what could be missing ? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted July 14, 2020 Administrators Share Posted July 14, 2020 According to https://help.eset.com/edtd/en-US/troubleshooting.html, the error means: The ESET license servers are not accessible. •Firewall (another setting) is blocking the communication. •The service is temporarily unavailable. Check your firewall settings. Can clients connect to ESET license servers listed at https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#services as well as to edf.eset.com? edf.eset.com 40.114.143.2 13.64.117.133 13.91.57.145 Link to comment Share on other sites More sharing options...
karsayor 6 Posted July 14, 2020 Author Share Posted July 14, 2020 Ok so endpoints should connect directly to these address ? They cannot use the http proxy on esmc ? that was not clear to me Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted July 14, 2020 Administrators Share Posted July 14, 2020 The question is if clients can contact those servers via http proxy. Do you use Apache http proxy that was installed with the all-in-one ESMC installer? Our users use EDTD and our http proxy without issues. Link to comment Share on other sites More sharing options...
karsayor 6 Posted July 15, 2020 Author Share Posted July 15, 2020 (edited) Yes we use the Apache HTTP Proxy of ESMC appliance and it works fine for the base product and agents. Our proxy.conf is as follows, maybe there is an issue with it ? # # Enable HTTP Cache # CacheEnable disk hxxp:// CacheDirLevels 4 CacheDirLength 2 CacheDefaultExpire 3600 CacheMaxFileSize 200000000 CacheMaxExpire 604800 CacheQuickHandler Off CacheRoot /var/cache/httpd/proxy AllowCONNECT 443 2222 ProxyRequests On ProxyVia On SetEnv proxy-initial-not-pooled 1 ErrorLog "|/usr/sbin/rotatelogs -n 10 /var/log/httpd/error_log 1M" <VirtualHost *:3128> ProxyRequests On </VirtualHost> <VirtualHost *:3128> ServerName r.edtd.eset.com ProxyRequests Off CacheEnable disk / SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=10 smax=10 ProxyPassReverse / hxxp://r.edtd.eset.com/ keepalive=On </VirtualHost> <Proxy *> Deny from all </Proxy> #*.eset.com: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.eu: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.systems: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[s,S][y,Y][s,S][t,T][e,E][m,M][s,S](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Antispam module (ESET Mail Security only): <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Services (activation) <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #ESET servers accessed directly via IP address: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> Also, what are the required ports to connect to r.edtd.eset.com and d.edtd.eset.com ? It's not specified in the doc and might be the issue as well. Edited July 15, 2020 by karsayor Link to comment Share on other sites More sharing options...
karsayor 6 Posted July 30, 2020 Author Share Posted July 30, 2020 (edited) do you see anything wrong with my proxy conf ? thanks whats ports are used for the services ? Because our appliances can only do HTTP / HTTPS to any address on the internet. Edited July 30, 2020 by karsayor Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted July 31, 2020 Administrators Share Posted July 31, 2020 Do you use both the EBA and EMA accounts and use the same email address for both by chance? If so, this is a known issue that we are trying to solve. Link to comment Share on other sites More sharing options...
karsayor 6 Posted July 31, 2020 Author Share Posted July 31, 2020 Yes we are 😀 Do you know how / when it can be fixed ? Will you update this topic ? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 948 Posted August 3, 2020 ESET Moderators Share Posted August 3, 2020 Hello @karsayor, we do not have an ETA for the systematical fix, yet. However you can send me your EDTD public license ID and your EBA / EMA e-mail address via private message and I can ask the devs to fix it manually... Peter note: I_EDF-1275 Link to comment Share on other sites More sharing options...
Recommended Posts