Mishka 0 Posted December 5, 2021 Share Posted December 5, 2021 Recently upgraded older Protect VA on Hyper-V to PROTECT VA 9.0.2144.0 and noticed that Wake-up calls (different clients ranging from different flavors of Win 10 Ent/Pro to Win Server 2019 Ent) always fail with error message: Failed to send Wake-up call to following clients Wireshark shows udp port 9 packet reaching the workstation. The target systems operate just fine with no issues. should I ignore the error message or open a ticket with ESET support? *** PROTECT VA - SERVER *** ESET Security Products ESET Management Agent 9.0.2141.0 ESET PROTECT Server 9.0.2144.0 ESET Rogue Detection Sensor 1.1.615.1 Detection Engine n/a Modules status Unknown OS Information OS Type Linux OS Version 7.9.2009 OS Name CentOS *** EAV - CLIENT *** ESET Security Products ESET Management Agent 9.0.1141.0 ESET Endpoint Antivirus 9.0.2032.2 Detection Engine 24402 (20211204) Modules status Updated OS Information OS Type Microsoft Windows OS Version 10.0.19044.1348 OS Name Microsoft Windows 10 Enterprise N *** ESS - CLIENT *** ESET Security Products ESET Server Security 8.0.12003.0 ESET Management Agent 9.0.1141.0 Detection Engine 24402 (20211204) Modules status Updated OS Information OS Type Microsoft Windows OS Version 10.0.17763.2300 OS Name Microsoft Windows Server 2019 Datacenter Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted December 7, 2021 ESET Staff Share Posted December 7, 2021 Could you please provide more details of when do you see this error? When manual wakeup call is requested for those specific clients? OR when you trigger some task and "automatic" wakeup call is performed in the background? In case you see this error in console, or in ESET PROTECT Server logs, it might indicate that there are no data required to wakeup those devices stored in database, which might happen in case those devices are not connecting to the console, or they do have issues contacting EPNS service itself. Also note that wakeup call performs two independent wakeup operations, one of so called WakeOnLan which is supposed to start devices in case it is in sleep mode, and also so called EPNS (ESET Push Notification) which will trigger immediate connection. This requires previously mentioned connectivity to EPNS service from both ESET PROTECT Server and also AGENTs installed on managed devices (it is actually persistent connection to epns.eset.com either on port 443 or 8883). Link to comment Share on other sites More sharing options...
Mishka 0 Posted December 7, 2021 Author Share Posted December 7, 2021 yes, only manual wakeup calls. the execution of tasks and policies on client systems works fine. Link to comment Share on other sites More sharing options...
Mishka 0 Posted December 8, 2021 Author Share Posted December 8, 2021 here is cap output from firewall showing packets coming on port 8883 from epns: *** outside interface ip was edited and replaced with 1.2.3.4 *** asa5525# cap cap1 interface outside2 match tcp any eq 8883 any asa5525# sh cap cap1 24 packets captured 1: 00:50:04.479085 1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820 2: 00:50:04.489537 52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200 3: 00:50:10.368343 1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820 4: 00:50:10.446677 13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200 5: 00:50:14.492879 1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820 6: 00:50:14.503575 52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200 7: 00:50:20.450141 1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820 8: 00:50:20.528704 13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200 9: 00:50:24.506580 1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820 10: 00:50:24.517612 52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200 11: 00:50:25.203297 1.2.3.4.49153 > 52.71.100.224.8883: . ack 3670881344 win 4736 12: 00:50:25.212574 52.71.100.224.8883 > 1.2.3.4.49153: . ack 1753937878 win 43249 13: 00:50:25.817310 1.2.3.4.46088 > 91.228.167.171.8883: P 1408767718:1408767749(31) ack 3615293740 win 305 14: 00:50:25.911894 91.228.167.171.8883 > 1.2.3.4.46088: P 3615293740:3615293771(31) ack 1408767749 win 568 15: 00:50:25.912153 1.2.3.4.46088 > 91.228.167.171.8883: . ack 3615293771 win 305 16: 00:50:30.079127 1.2.3.4.40548 > 54.209.147.78.8883: P 2276674271:2276674302(31) ack 3226889769 win 5055 <nop,nop,timestamp 488429064 3882873213> 17: 00:50:30.090006 54.209.147.78.8883 > 1.2.3.4.40548: P 3226889769:3226889800(31) ack 2276674302 win 425 <nop,nop,timestamp 3882938214 488429064> 18: 00:50:30.090357 1.2.3.4.40548 > 54.209.147.78.8883: . ack 3226889800 win 5055 <nop,nop,timestamp 488429065 3882938214> 19: 00:50:30.532015 1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820 20: 00:50:30.610777 13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200 21: 00:50:34.521548 1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820 22: 00:50:34.531649 52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200 23: 00:50:40.614073 1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820 24: 00:50:40.692697 13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200 24 packets shown asa5525# Link to comment Share on other sites More sharing options...
Mishka 0 Posted December 8, 2021 Author Share Posted December 8, 2021 OK, as always ESET support is top notch. The issue is fixed. When we migrated, I overlooked changing IP for some policies 😉 AND TCP port 8883 had to be open for Firewall on VA. Once config was done, restarting eraserver.service on VA got us the desired success! Thank you, ESET! Link to comment Share on other sites More sharing options...
Recommended Posts