Jump to content

Endpoint Security can't connect to Push Notification Service


kapela86
Go to solution Solved by Marcos,

Recommended Posts

After migrating ESMC to Protect i pointed two computers to that new server, then updated them to 9.0.2032.2

On both computers I get notification that it can't connect to ESET Push Notification Service

obraz.png.cabfb896f58dfbb9333521b18a5d0eee.png

 

I checked that outgoing TCP connections to port 8883 are allowed, I even checked it with nmap

obraz.png.e77ff7b764f2c42a00c0ac25d8be2036.png

 

Edited by kapela86
Link to comment
Share on other sites

  • Administrators

If you are able to reproduce the warning quickly after a reboot, please carry on as follows:

- under Help and support -> Technical support enable advanced logging
- reboot the machine
- reproduce the warning
- disable logging
- provide logs collected with ESET Log Collector.

Link to comment
Share on other sites

How do I upload them? Should I contact Technical Support, or can I upload it to our hosting and paste link here? Will link be visible to everyone or only to mods/admins? And do you need all 30 days, or just 1 day?

Link to comment
Share on other sites

  • Administrators

For how long did you have advanced logging enabled? The archive also contains all network communication captured in a pcap log so it's important to quit any unnecessary network intensive applications that may be running which I forgot to mention.

Would it be possible to upload the archive to a file sharing service, such as Dropbox, OneDrive, etc. and supply me with a download link? It's also possible to raise a support ticket; in this case support would provide you with instructions how to upload the file to our ftp sever.

Link to comment
Share on other sites

I rebooted PC immediately after enabling logging, and after reboot I ran my usual programs and waited few minutes for that notification to show up in ESET, then I disabled logging. I checked that zip and biggest files are
EpfwLog.pcapng
EsetProxyInner.pcapng
EsetProxyOuter.pcapng
EsetSslInner.pcapng
EsetSslOuter.pcapng

But never mind that, I captured logs on second pc, it's fresh laptop with almost nothing on it, logs occupy 92 MB, I attached them here.

ees_logs.zip

Link to comment
Share on other sites

  • Administrators

I see a problem obtaining name server addresses between 11:18:54 and 11:18:59. Do you have a clue what could be going on during this period?

Link to comment
Share on other sites

This was right after reboot, in event logs I see that exactly on 11:18:54 DHCP client started, so there was no network configuration at that time and probably after few seconds it received ip adress etc from dhcp server.

Link to comment
Share on other sites

  • Administrators

Would it be possible to test if the notification appears even if Endpoint connects directly to the Internet and not through the proxy?

Link to comment
Share on other sites

@sdnian

It's not that, I had it on Automatic

@Marcos

I checked /var/log/httpd/access_log and there are lot of entries

[01/Dec/2021:13:38:47 +0100] "CONNECT epns.eset.com:8883 HTTP/1.1" 200 - "-" "-"

but no GET entries.

I disabled proxy in policy, after waiting a bit that notification is gone, so now we know that proxy is the culprit here. I didn't have it enabled on ESMC policies, I only changed it in Protect. I can live without it, but we have almost 90 computers in our LAN that use ESET, so I would like to start using proxy.

Link to comment
Share on other sites

  • Administrators

If you are using a virtual appliance, it should be located here:

/etc/httpd/conf/httpd.conf

Or did you use the All-In-One installer of ESET PROTECT for Windows?

Link to comment
Share on other sites

Hi

I've got the same problem. In eset endp. av. version 8.1.2037.2 haven't got notification with error. After update few workstations to 9.0.2032.2 and using proxy http server in policy the note appears. Turning off policy with proxy make it disapears.

I have over 150 workstations connectet to Eset Protect so turning off proxy polixy is unacceptable.
ESET Management Agent 9.0.1141.0, ESET PROTECT (Server), ver. 9.0 (9.0.2144.0) in virtual appliance
Link to comment
Share on other sites

VA, I uploaded whole httpd directory because proxy settings are in proxy.conf.

And just to let you know, I changed CacheMaxFileSize and added that last ProxyMatch (it was in migration instruction)

Edited by kapela86
Link to comment
Share on other sites

Do I understand correctly that the notification that "Endpoint Security can't connect to Push Notification Service" cannot be disabled via policy?
If so, will such an opportunity appear in the future?

Link to comment
Share on other sites

Hi, I have the same issue but for me it was on all the computer of the company. 

Can I ask to Kapela86 where the migration instruction are, and/or the instructions to do the change that he do.

Waiting for your answer. I will post the solution when I get it.

 

Link to comment
Share on other sites

10 minutes ago, labynko said:

It is strange, but good at the same time, that this warning is not displayed in ESET PROTECT 9.0.10.1.

It's not displayed in ESET Protect, it's displayed in Endpoint Security. Although it's probably sent to Protect.

Edited by kapela86
Link to comment
Share on other sites

I have CentOS VA as console, I updated only my laptop to version ESET Endpoint Security 9.0.2032.2   and I have also this error. The firewall permit the ports/IPs to ESET Push Notification.

image.png.b02d0c8a935c2ed8ee54527f9fdd4be3.png

Link to comment
Share on other sites

4 hours ago, ElieB said:

Hi, I have the same issue but for me it was on all the computer of the company. 

Can I ask to Kapela86 where the migration instruction are, and/or the instructions to do the change that he do.

Waiting for your answer. I will post the solution when I get it.

 

Migration instructions are here, they are for VA (virtual appliance)

https://help.eset.com/protect_deploy_va/90/en-US/va_upgrade_migrate.html

If you are asking for solution how I "fixed" this error, I just disabled proxy in policies. To be absolutely sure I forced those settings (second dot)

obraz.png.ffa34d952a758cdbbc851d708b82d418.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...