Jump to content

ESET Protect VA - wake-up call fails


Recommended Posts

Recently upgraded older Protect VA on Hyper-V to PROTECT VA 9.0.2144.0 and noticed that Wake-up calls (different clients ranging from different flavors of Win 10 Ent/Pro to Win Server 2019 Ent) always fail with error message:

    Failed to send Wake-up call to following clients

 

Wireshark shows udp port 9 packet reaching the workstation. The target systems operate just fine with no issues.

should I ignore the error message or open a ticket with ESET support?

 

*** PROTECT VA - SERVER ***

 

ESET Security Products
ESET Management Agent 9.0.2141.0
ESET PROTECT Server 9.0.2144.0
ESET Rogue Detection Sensor 1.1.615.1
  Detection Engine
n/a
  Modules status
Unknown
 
OS Information
  OS Type
Linux
  OS Version
7.9.2009
  OS Name
CentOS

 

 

*** EAV - CLIENT ***

ESET Security Products
ESET Management Agent 9.0.1141.0
ESET Endpoint Antivirus 9.0.2032.2
  Detection Engine
24402 (20211204)
  Modules status
Updated

 

OS Information
  OS Type
Microsoft Windows
  OS Version
10.0.19044.1348
  OS Name
Microsoft Windows 10 Enterprise N

 

 

*** ESS - CLIENT ***

ESET Security Products
ESET Server Security 8.0.12003.0
ESET Management Agent 9.0.1141.0
  Detection Engine
24402 (20211204)
  Modules status
Updated

 

OS Information
  OS Type
Microsoft Windows
  OS Version
10.0.17763.2300
  OS Name
Microsoft Windows Server 2019 Datacenter

 

Link to comment
Share on other sites

  • ESET Staff

Could you please provide more details of when do you see this error? When manual wakeup call is requested for those specific clients? OR when you trigger some task and "automatic" wakeup call is performed in the background?
In case you see this error in console, or in ESET PROTECT Server logs, it might indicate that there are no data required to wakeup those devices stored in database, which might happen in case those devices are not connecting to the console, or they do have issues contacting EPNS service itself.

Also note that wakeup call performs two independent wakeup operations, one of so called WakeOnLan which is supposed to start devices in case it is in sleep mode, and also so called EPNS (ESET Push Notification) which will trigger immediate connection. This requires previously mentioned connectivity to EPNS service from both ESET PROTECT Server and also AGENTs installed on managed devices (it is actually persistent connection to epns.eset.com either on port 443 or 8883).

Link to comment
Share on other sites

here is cap output from firewall showing packets coming on port 8883 from epns:

*** outside interface ip was edited and replaced with 1.2.3.4 ***

 

asa5525# cap cap1 interface outside2 match tcp any eq 8883 any

 

asa5525# sh cap cap1

24 packets captured

   1: 00:50:04.479085       1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820
   2: 00:50:04.489537       52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200
   3: 00:50:10.368343       1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820
   4: 00:50:10.446677       13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200
   5: 00:50:14.492879       1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820
   6: 00:50:14.503575       52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200
   7: 00:50:20.450141       1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820
   8: 00:50:20.528704       13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200
   9: 00:50:24.506580       1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820
  10: 00:50:24.517612       52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200
  11: 00:50:25.203297       1.2.3.4.49153 > 52.71.100.224.8883: . ack 3670881344 win 4736
  12: 00:50:25.212574       52.71.100.224.8883 > 1.2.3.4.49153: . ack 1753937878 win 43249
  13: 00:50:25.817310       1.2.3.4.46088 > 91.228.167.171.8883: P 1408767718:1408767749(31) ack 3615293740 win 305
  14: 00:50:25.911894       91.228.167.171.8883 > 1.2.3.4.46088: P 3615293740:3615293771(31) ack 1408767749 win 568
  15: 00:50:25.912153       1.2.3.4.46088 > 91.228.167.171.8883: . ack 3615293771 win 305
  16: 00:50:30.079127       1.2.3.4.40548 > 54.209.147.78.8883: P 2276674271:2276674302(31) ack 3226889769 win 5055 <nop,nop,timestamp 488429064 3882873213>
  17: 00:50:30.090006       54.209.147.78.8883 > 1.2.3.4.40548: P 3226889769:3226889800(31) ack 2276674302 win 425 <nop,nop,timestamp 3882938214 488429064>
  18: 00:50:30.090357       1.2.3.4.40548 > 54.209.147.78.8883: . ack 3226889800 win 5055 <nop,nop,timestamp 488429065 3882938214>
  19: 00:50:30.532015       1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820
  20: 00:50:30.610777       13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200
  21: 00:50:34.521548       1.2.3.4.1207 > 52.224.36.116.8883: . 2024352534:2024352535(1) ack 2716777887 win 820
  22: 00:50:34.531649       52.224.36.116.8883 > 1.2.3.4.1207: . ack 2024352535 win 29200
  23: 00:50:40.614073       1.2.3.4.1842 > 13.93.194.226.8883: . 3165273913:3165273914(1) ack 3101974245 win 820
  24: 00:50:40.692697       13.93.194.226.8883 > 1.2.3.4.1842: . ack 3165273914 win 29200
24 packets shown
asa5525#

Link to comment
Share on other sites

OK, as always ESET support is top notch. The issue is fixed. When we migrated, I overlooked changing IP for some policies 😉 AND TCP port 8883 had to be open for Firewall on VA. Once config was done, restarting eraserver.service on VA got us the desired success! Thank you, ESET!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...