linuxhitman 0 Posted April 14, 2021 Share Posted April 14, 2021 I have a temporary license and an I created a business account. I installed on a test machine from the rpm file efs-8.0.375.0.x86_64.rpm. What I cannot do yet is get the client activated. Is there some documentation I can use to get this moving? I tried: sudo /opt/eset/efs/sbin/lic --key=TEMP_OR_ARY_LICENCE_KEY but it just returns after a minute or so with: Activation error: Activation failed in association. This is a headless machine without a GUI so command line only. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted April 15, 2021 Administrators Share Posted April 15, 2021 Please carry on as follows: 1, Enable activation log service by executing the following command as a privileged user: sudo /opt/eset/eea/sbin/ecp_logging.sh -e -f 2.Try the activation process again. If it fails, run the log collecting script as a privileged user: sudo /opt/eset/eea/sbin/collect_logs.sh 3.Open a support ticket with your local ESET distributor and send them the collected logs. 4.Disable activation logs by executing the following command as a privileged user: sudo /opt/eset/eea/sbin/ecp_logging.sh -d -f Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted April 15, 2021 Author Share Posted April 15, 2021 First thing I noticed is that I must have picked the wrong package to install. I installed efs-8.0.375.0.x86_64.rpm which does not have the utility listed. Once the other package -- eea-8.0.3.0-el7.x86_64.rpm -- was installed, I tried again. Same error I did find this in the logs: Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Cannot receive data from server: Network is unreachable Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation failed in association. Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation was not successful: 0x4e26 Any idea what server the software is trying to go to? It may need to be whitelisted at the firewall. I can see an established connection to 38.90.226.51 on port 8883. The certificate from that IP and port identities it as epns.eset.com which has at least two IPs -- 38.90.226.51 and 91.228.165.145. Link to comment Share on other sites More sharing options...
ESET Staff kurco 10 Posted April 15, 2021 ESET Staff Share Posted April 15, 2021 Hi, @Marcos sadly script from above steps is not present in EFS package (your steps are from EEA). But still there is possibility to enable ecp logging. But firstly, @linuxhitman what kind of distribution are you using? For enabling ECP logs you need to proceed according this steps: 1) stop efs service 2) edit this file: /var/opt/eset/efs/licensed/license_cfg.json (this file is created after first activation attempt, also when it fails with association) 2.1) change "Logging": false -> "Logging": true 2) start efs service 3) run again activation through lic utility 4) logs should appear in this folder: /var/opt/eset/efs/licensed/ecp 5) collect all xml files and please attach these files here, I will look if there is something suspicious on first sight. Maybe also tcpdump from activation could help, if you are able to provide it. Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted April 15, 2021 Administrators Share Posted April 15, 2021 For a list of addresses and ports that ESET products communicate with and must be allowed on a firewall, please read https://support.eset.com/en/kb332. Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted April 15, 2021 Author Share Posted April 15, 2021 (edited) @kurco The dump was good idea. It established to a high degree of confidence that traffic is being blocked. I see SYN packets to 91.228.166.181:80 leaving but no SYN-ACK packets come back. This may have to wait unitl the firewall admin gets back from Arizona. At elat unitl tomorrow morning... Edited April 15, 2021 by linuxhitman Link to comment Share on other sites More sharing options...
ESET Staff kurco 10 Posted April 16, 2021 ESET Staff Share Posted April 16, 2021 @linuxhitman Looks like this communication issues could be really the cause of activation fails. Please let us know, if firewall rules resolves it. If not we will investigate it further. Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted April 26, 2021 Author Share Posted April 26, 2021 OK, it was definitlly that the communal NAT IP could not talk to servers in Slovakia. Why is a mystery of the Cisco Firepower security model. The next step is to create a proxy so how do I configure your software to use a proxy? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted April 27, 2021 Administrators Share Posted April 27, 2021 You will need to configure the proxy in agent and Endpoint via a policy. As for the ESET PROTECT server, proxy can be set up in the server settings. Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted April 27, 2021 Author Share Posted April 27, 2021 Policy implies Windows. These are being installed on Linux. Specifically, CentOS and Oracle Linux. Does this means I cannot just set up an Apache proxy and point the individual installations to it? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted April 27, 2021 Administrators Share Posted April 27, 2021 Is it that EFS doesn't report to ESET PROTECT? If so, you should be able to configure the proxy via a policy as shown below: Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted April 27, 2021 Author Share Posted April 27, 2021 Oh. I see now. You didn't mean a policy in AD but in ESET Protect. I'll give it a try. Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted May 6, 2021 Author Share Posted May 6, 2021 Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html. I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request. $ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that. Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path I am listening. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 376 Posted May 7, 2021 ESET Staff Share Posted May 7, 2021 Is there any reason or limitation, why you are not using standard web GUI of product to configure HTTP proxy there? In case local web gui is not accessible, there should be also possibility to configure HTTP proxy via policies from ESMC or PROTECT management consoles. Link to comment Share on other sites More sharing options...
linuxhitman 0 Posted May 17, 2021 Author Share Posted May 17, 2021 Thanks for the help and I was able to get a node registered. However, the word came down today that management has decided to use Microsoft Defender for Endpoint. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,929 Posted May 17, 2021 Administrators Share Posted May 17, 2021 3 hours ago, linuxhitman said: Thanks for the help and I was able to get a node registered. However, the word came down today that management has decided to use Microsoft Defender for Endpoint. That's unfortunate since ESET typically outperforms Defender in performance, detection and FP tests. Link to comment Share on other sites More sharing options...
Recommended Posts