kapela86 11 Posted December 1, 2021 Share Posted December 1, 2021 (edited) After migrating ESMC to Protect i pointed two computers to that new server, then updated them to 9.0.2032.2 On both computers I get notification that it can't connect to ESET Push Notification Service I checked that outgoing TCP connections to port 8883 are allowed, I even checked it with nmap Edited December 1, 2021 by kapela86 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 If you are able to reproduce the warning quickly after a reboot, please carry on as follows: - under Help and support -> Technical support enable advanced logging - reboot the machine - reproduce the warning - disable logging - provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 How do I upload them? Should I contact Technical Support, or can I upload it to our hosting and paste link here? Will link be visible to everyone or only to mods/admins? And do you need all 30 days, or just 1 day? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 If the archive is not too big, you can upload it here. Only the ESET staff can access attachments here. Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 It's 2.15 GB, even 1 day log Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 For how long did you have advanced logging enabled? The archive also contains all network communication captured in a pcap log so it's important to quit any unnecessary network intensive applications that may be running which I forgot to mention. Would it be possible to upload the archive to a file sharing service, such as Dropbox, OneDrive, etc. and supply me with a download link? It's also possible to raise a support ticket; in this case support would provide you with instructions how to upload the file to our ftp sever. Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 I rebooted PC immediately after enabling logging, and after reboot I ran my usual programs and waited few minutes for that notification to show up in ESET, then I disabled logging. I checked that zip and biggest files are EpfwLog.pcapng EsetProxyInner.pcapng EsetProxyOuter.pcapng EsetSslInner.pcapng EsetSslOuter.pcapng But never mind that, I captured logs on second pc, it's fresh laptop with almost nothing on it, logs occupy 92 MB, I attached them here. ees_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 I see a problem obtaining name server addresses between 11:18:54 and 11:18:59. Do you have a clue what could be going on during this period? Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 This was right after reboot, in event logs I see that exactly on 11:18:54 DHCP client started, so there was no network configuration at that time and probably after few seconds it received ip adress etc from dhcp server. Link to comment Share on other sites More sharing options...
sdnian 6 Posted December 1, 2021 Share Posted December 1, 2021 I have the same situation. After some troubleshooting, I found that it was the "License interval check" setting, originally I set it to limited, but after changing it to Automatic the warning disappeared. https://help.eset.com/eea/8/en-US/idh_config_license.html Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 Would it be possible to test if the notification appears even if Endpoint connects directly to the Internet and not through the proxy? Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 @sdnian It's not that, I had it on Automatic @Marcos I checked /var/log/httpd/access_log and there are lot of entries [01/Dec/2021:13:38:47 +0100] "CONNECT epns.eset.com:8883 HTTP/1.1" 200 - "-" "-" but no GET entries. I disabled proxy in policy, after waiting a bit that notification is gone, so now we know that proxy is the culprit here. I didn't have it enabled on ESMC policies, I only changed it in Protect. I can live without it, but we have almost 90 computers in our LAN that use ESET, so I would like to start using proxy. Kamilos 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 Please upload also httpd.conf from the Apache http proxy. Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 httpd.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,393 Posted December 1, 2021 Administrators Share Posted December 1, 2021 If you are using a virtual appliance, it should be located here: /etc/httpd/conf/httpd.conf Or did you use the All-In-One installer of ESET PROTECT for Windows? Link to comment Share on other sites More sharing options...
Kamilos 3 Posted December 1, 2021 Share Posted December 1, 2021 Hi I've got the same problem. In eset endp. av. version 8.1.2037.2 haven't got notification with error. After update few workstations to 9.0.2032.2 and using proxy http server in policy the note appears. Turning off policy with proxy make it disapears. I have over 150 workstations connectet to Eset Protect so turning off proxy polixy is unacceptable. ESET Management Agent 9.0.1141.0, ESET PROTECT (Server), ver. 9.0 (9.0.2144.0) in virtual appliance Zen11t, kapela86 and ElieB 3 Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 1, 2021 Author Share Posted December 1, 2021 (edited) VA, I uploaded whole httpd directory because proxy settings are in proxy.conf. And just to let you know, I changed CacheMaxFileSize and added that last ProxyMatch (it was in migration instruction) Edited December 1, 2021 by kapela86 Link to comment Share on other sites More sharing options...
labynko 5 Posted December 1, 2021 Share Posted December 1, 2021 Do I understand correctly that the notification that "Endpoint Security can't connect to Push Notification Service" cannot be disabled via policy? If so, will such an opportunity appear in the future? Link to comment Share on other sites More sharing options...
labynko 5 Posted December 1, 2021 Share Posted December 1, 2021 P.S. This notification cannot even be disabled locally. Kamilos 1 Link to comment Share on other sites More sharing options...
ElieB 0 Posted December 2, 2021 Share Posted December 2, 2021 Hi, I have the same issue but for me it was on all the computer of the company. Can I ask to Kapela86 where the migration instruction are, and/or the instructions to do the change that he do. Waiting for your answer. I will post the solution when I get it. Link to comment Share on other sites More sharing options...
sim0r 2 Posted December 2, 2021 Share Posted December 2, 2021 Hi. Same problem. I did update few (over 800) endopints to 9.0.2032.2 , most of them have same notification. ESET PROTECT ver. 9.0.2141.0 Kamilos 1 Link to comment Share on other sites More sharing options...
labynko 5 Posted December 2, 2021 Share Posted December 2, 2021 It is strange, but good at the same time, that this warning is not displayed in ESET PROTECT 9.0.10.1. Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 2, 2021 Author Share Posted December 2, 2021 (edited) 10 minutes ago, labynko said: It is strange, but good at the same time, that this warning is not displayed in ESET PROTECT 9.0.10.1. It's not displayed in ESET Protect, it's displayed in Endpoint Security. Although it's probably sent to Protect. Edited December 2, 2021 by kapela86 Link to comment Share on other sites More sharing options...
Ionut C. 1 Posted December 2, 2021 Share Posted December 2, 2021 I have CentOS VA as console, I updated only my laptop to version ESET Endpoint Security 9.0.2032.2 and I have also this error. The firewall permit the ports/IPs to ESET Push Notification. Link to comment Share on other sites More sharing options...
kapela86 11 Posted December 2, 2021 Author Share Posted December 2, 2021 4 hours ago, ElieB said: Hi, I have the same issue but for me it was on all the computer of the company. Can I ask to Kapela86 where the migration instruction are, and/or the instructions to do the change that he do. Waiting for your answer. I will post the solution when I get it. Migration instructions are here, they are for VA (virtual appliance) https://help.eset.com/protect_deploy_va/90/en-US/va_upgrade_migrate.html If you are asking for solution how I "fixed" this error, I just disabled proxy in policies. To be absolutely sure I forced those settings (second dot) Link to comment Share on other sites More sharing options...
Recommended Posts