Endpoint Security can't connect to Push Notification Service

[Vitaly2021 1]

12 minutes ago, Marcos said:

We have found an issue in the configuration of Apache http proxy for Linux. Windows version is not affected. We'll provide more information and fix instructions soon.

We have the same issue at Windows 10 x64 just after updating from 8.1 to this 9.0.2032.2
All our workstations are showing error message.

So Windows version is affected too. I'm wondering why the new version was released without testing?

[Marcos 5,074]

1 hour ago, Vitaly2021 said:

So Windows version is affected too. I'm wondering why the new version was released without testing?

Are you saying that your Endpoint v9 connects to the Internet through Apache http proxy running on a Windows server? Did you get Apache http proxy from ESET or you installed and configured it on your own?

Endpoint v9 like any other products was extensively tested before the release. As I wrote, the problem seems to be in http proxy misconfiguration and not in Endpoint itself.

[BradAtkins 4]

I think there are 2 different categories of customer here.

1. 1st category uses a proxy. (Some have proxy installed on Linux, and some have proxy installed on Windows Server.)
2. 2nd category doesn't use a proxy.  We have ESET Endpoint Security installed on Windows 10 endpoints. 

You have to read between the lines in the posts above to tell which customer is in which category.

I'm in the 2nd category, we don't use a proxy, and yet we get the same error message.  (Please go back to my original post to see my screenshots.)  So, our problem is not caused by a proxy.

It seems to me, just based on experience, this seems like a problem with startup order.  When the Windows 10 endpoint boots up, maybe ESET client attempts to contact the management system before the OS has all the networking services up and running.  If this wild guess is correct, it could be solved by changing the startup order, or trying again later long after bootup is complete.

I solved the problem for myself by switching the License Interval Check from Limited to Automatic.  So, if my wild guess is correct, the Limited setting only checks once early in Windows bootup.  So, I switched the setting to Automatic, and the error went away with repeated connection attempts.

I'm well aware this is a wild- guess, I could be completely wrong about the reasons.  But the end result - problem solved by switching to Automatic.

[Marcos 5,074]

2 minutes ago, BradAtkins said:

I'm in the 2nd category, we don't use a proxy, and yet we get the same error message.  (Please go back to my original post to see my screenshots.)  So, our problem is not caused by a proxy.

Please carry on as follows:
- enable advanced Direct cloud logging under Tools -> Diagnostics in the advanced setup
- reboot the machine
- reproduce the issue
- disable logging
- collect logs with ESET Log Collector and upload the generated archive here.

[alur 1]

26 minutes ago, BradAtkins said:

I solved the problem for myself by switching the License Interval Check from Limited to Automatic.  So, if my wild guess is correct, the Limited setting only checks once early in Windows bootup.  So, I switched the setting to Automatic, and the error went away with repeated connection attempts.

checked, does not work

[BradAtkins 4]

1 hour ago, Marcos said:

Please carry on as follows:
- enable advanced Direct cloud logging under Tools -> Diagnostics in the advanced setup
- reboot the machine
- reproduce the issue
- disable logging
- collect logs with ESET Log Collector and upload the generated archive here.

I ran the log collector, but the file size is 103MB.  Just barely too big.  Is there anything I can remove from the .zip and reduce the size?

[Vitaly2021 1]

2 hours ago, Marcos said:

Are you saying that your Endpoint v9 connects to the Internet through Apache http proxy running on a Windows server? Did you get Apache http proxy from ESET or you installed and configured it on your own?

Endpoint v9 like any other products was extensively tested before the release. As I wrote, the problem seems to be in http proxy misconfiguration and not in Endpoint itself.

We don't use Apache proxy. Our Windows 10 workstations with Endpoint Antivirus 8.1 were working fine. All workstations get Internet from main router (Mikrotik) and  were controlled by ESET PROTECT installed on Windows Server in our network.  The issue has been started just after upgrading Windows workstations to version 9

[Marcos 5,074]

1 hour ago, BradAtkins said:

I ran the log collector, but the file size is 103MB.  Just barely too big.  Is there anything I can remove from the .zip and reduce the size?

You can upload it to OneDrive, Dropbox, etc. and drop me a private message with a download link. However, I'd like to ask you you generate the logs again and enable also advanced push messaging advanced logging besides advanced Direct cloud logging.

[Vitaly2021 1]

2 hours ago, BradAtkins said:

I solved the problem for myself by switching the License Interval Check from Limited to Automatic.  So, if my wild guess is correct, the Limited setting only checks once early in Windows bootup.  So, I switched the setting to Automatic, and the error went away with repeated connection attempts.

I'm well aware this is a wild- guess, I could be completely wrong about the reasons.  But the end result - problem solved by switching to Automatic.

It's a miracle...
As I mentioned above, the main settings of our workstations are controlled by policies at ESET PROTECT Server.
The setting of "License Interval Check" in the policy was Limited. Right now I set it to Automatic.

While doing that I had the only one workstation running at my company now and it had topic's warning message. The working day is over  so all other workstations were switched off.
After changing the policy, the warning on the workstation disappeared by itself. There was no need to reboot workstation.

Then I woke up (via ESET PROTECT) another workstation. After it booted up there is no warning too.
So BradAtkins suggestion is true. And it proves that there is a bug in 9.0.2032.2.
 

[kapela86 10]

I have it on Automatic, and with proxy I get that message about Push Notification Service, and when I disable proxy in policies then that message is gone. So maybe there are two different bugs here, one with proxy and one with License Interval Check

[Peter Randziak 1,130]

Hello guys,

 

Let me share few findings of our support and dev teams on this with you.

• Endpoint 9 started to use EPNS instead of DNS requests to check for license changes.
• Endpoints 8 and below didn’t report an issue if this check failed.

 

When it comes to issues reported on ESET PROTECT Virtual appliance

The issue seems to be the default setting of the following module "reqtimeout_module" which is used/loaded only on VA (this module provides a way to set timeouts and minimum data rates for receiving requests).

 The issue should not be present on the Windows version of the Apache HTTP PROXY because this module is not loaded there.
The workaround could be (1) disabling this module on the VA or (2) setting the appropriate values. We are not sure what is the preferred way and how it might affect other services, as it was not fully tested yet.

To disable limits (i.e. "(2) setting the appropriate values"):
set "RequestReadTimeout header=0 body=0"
in the newly created(in /etc/httpd/conf.d/) configuration file "reqtimeout.conf" with settings mentioned above
and of course the file has to be included in used configuration "IncludeOptional conf.d/reqtimeout.conf" in the "/etc/httpd/conf/httpd.conf"

We are expecting some official solution in the following days.

 

If the customers do not use the Apache HTTP Proxy on VA, enable the Direct Cloud advanced logging, reproduce the issue, collect the logs by ELC and open a ticket for our support teams to check.

  

• The configuration option for App status and Notification of "Eset Push Notification Service server cannot be reached" state will be added (P_EESW-8067)
• The  "Do not remind me again" from EPNS app status doesn't work issue is tracked to be fixed (P_EESW-8048)

 

Regards, Peter

 

[Marcos 5,074]

To sum it up, the issue may be caused by 2 things:

1, If you use Apache http proxy on Linux - the configuration of the http proxy is incorrect. Please refer to the post above how to fix it. Apache HTTP proxy for Windows is not affected.

2, If you don't use Apache http proxy - the issue is caused by a bug in Endpoint v9 which checks for EPNS connectivity even if checking for license changes via EPNS is disabled, ie. when the interval check is set to "Limited". Solution: change it to Automatic. If you need to have it set to Limited for whatever reason, there will be a fix via an automatic module update within a couple of days. Please use "Automatic" at least temporarily until the new Direct cloud communication module is available.

[Gregecslo 8]

This 100% works, thanks guys!

Quote

To disable limits (i.e. "(2) setting the appropriate values"):
set "RequestReadTimeout header=0 body=0"
in the newly created(in /etc/httpd/conf.d/) configuration file "reqtimeout.conf" with settings mentioned above
and of course the file has to be included in used configuration "IncludeOptional conf.d/reqtimeout.conf" in the "/etc/httpd/conf/httpd.conf"

 

[EmilioVS 2]

Valid for me too, thanks

[AMOL 0]

Hello,

I tried all of your hints, nothing worked...

[Marcos 5,074]

Just now, AMOL said:

I tried all of your hints, nothing worked...

Then there is probably really a problem connecting to epns.eset.com. Do you connect via an Apache http proxy?
If you are able to reproduce the issue shortly after a reboot, please carry on as follows:

- enable advanced logging under Help and support -> Technical support
- reboot the system
- reproduce the issue
- stop logging
- provide logs collected with ESET Log Collector.

[AMOL 0]

Hello,

I tried all of your hints, nothing worked...

eea_logs.zip

[BradAtkins 4]

Thanks! 

[Marcos 5,074]

20 minutes ago, AMOL said:

I tried all of your hints, nothing worked..

Incorrect advanced logging was enabled. Please enable advanced Direct cloud logging as well as push messaging logging. It appears that you enabled advanced Document protection logging in error.

Also I'd strongly recommend:
- enabling HIPS - Advanced Memory Scanner (important and effective post-execution protection)
- enabling Self-defense (to prevent attackers and malware from deactivating ESET)
- enabling the default Automatic startup file check (after logon) task in Scheduler so that possible malware active on the system is detected upon logon without a delay.

[sim0r 2]

Works for me. THX

[badmotorfinger 0]

Is there going to be an official fix for this without having to modify the system config files?? idk, like releasing a sysupdate.. or something..  I dont want to create other problems... as it's said here:

"""We are not sure what is the preferred way and how it might affect other services, as it was not fully tested yet.""

 

Txz

[alur 1]

Is the problem solved? or will there be an update?

I tried all of your hints, nothing worked...

[Marcos 5,074]

2 hours ago, alur said:

Is the problem solved? or will there be an update?
I tried all of your hints, nothing worked...

Does your Endpoint connect to the Internet via the Apache http proxy on Linux? If so, you would have to edit the http proxy configuration manually as suggested in one of the previous posts.

[alur 1]

13 minutes ago, Marcos said:

Does your Endpoint connect to the Internet via the Apache http proxy on Linux? If so, you would have to edit the http proxy configuration manually as suggested in one of the previous posts.

Yes it is connected, will edit it well http proxy configuration

Edited December 14, 2021 by alur

[alur 1]

Fixed reqtimeout.conf, it works!