admindt 1 Posted March 14, 2022 Share Posted March 14, 2022 (edited) Hi, I have a broad question with little details as I am not sure what to provide with the first post. I am testing ESET Protect Cloud, and have 15 machines in test, today all of a sudden 3 machines stopped reporting since 13:36, at the time of writing this post it is 16:41. I did not change the firewall settings, I tried with the wake-up command, reseting the machine (it is mine and I am working on it all day). The only thing I did was to disable the wi-fi in Windows 10, because of our dns which likes to take our Wi-Fi adapter address rather than the ethernet connection. In the DNS the change is done and the IP matches the one in the console, 192.168.0.79. The machine is in the domain, everything fine and dandy except it isnt. What could be the reason and where can I start troubleshooting. Cheers Edited March 14, 2022 by admindt additional info Link to comment Share on other sites More sharing options...
Administrators Marcos 5,298 Posted March 14, 2022 Administrators Share Posted March 14, 2022 What issue is reported in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html? You can also upload the file here, it will be available only to ESET staff. Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 Hi Marcos, thank you for your quick response, much appreciate it. The client did report in the morning today but still an error message is in the html file. I am attaching it here like you instructed me to do. I had to change it to .txt so just revert to .html. Cheers status.txt Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 additional trace.log file trace.log Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 At 8:44 the log was all green, and the client connected at 8:34 last time. I refresh the window and it is 1min later and again the same error like I have sent you in the status.txt/html. What is going on here. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted March 15, 2022 ESET Staff Share Posted March 15, 2022 Most common error seems to be: Failed to resolve: g3mu6zkwvyzejjp6brvqaeceei.a.ecaserver.eset.com:443 which indicates that DNS resolving of this hostname does not work. Could you please double check that device can resolve this DNS name (using nslookup) in all possible network configurations, i.e. when device is on wifi/lan? Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 1 hour ago, MartinK said: Most common error seems to be: Failed to resolve: g3mu6zkwvyzejjp6brvqaeceei.a.ecaserver.eset.com:443 which indicates that DNS resolving of this hostname does not work. Could you please double check that device can resolve this DNS name (using nslookup) in all possible network configurations, i.e. when device is on wifi/lan? Hi Martin, thank you. This does not seem to work, the machines connect but sporadically. Do we have to create an entry in DNS Manager? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted March 15, 2022 ESET Staff Share Posted March 15, 2022 35 minutes ago, admindt said: thank you. This does not seem to work, the machines connect but sporadically. Do we have to create an entry in DNS Manager? It depends on your environment. I will double check but there seems to be no reports with our DNS infrastructure - so maybe there is just some DNS misconfiguration in your environment? Maybe firewall blocking access to DNS servers or some issue with DNS caching? Maybe just specific network configuration is missing DNS servers configuration, for example are there any differences between devices? Or maybe adding some generic DNS server to configuration (i.e. something like 8.8.8.8) might resolve this issue, but ideally it should work out of the box, i.e. either your internal DNS server or DNS server of your internet provider should be used in case everything is properly configured. Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 1 minute ago, MartinK said: It depends on your environment. I will double check but there seems to be no reports with our DNS infrastructure - so maybe there is just some DNS misconfiguration in your environment? Maybe firewall blocking access to DNS servers or some issue with DNS caching? Maybe just specific network configuration is missing DNS servers configuration, for example are there any differences between devices? Or maybe adding some generic DNS server to configuration (i.e. something like 8.8.8.8) might resolve this issue, but ideally it should work out of the box, i.e. either your internal DNS server or DNS server of your internet provider should be used in case everything is properly configured. To be honest, we are having some problems with our DNS, this is waiting to be solved. But the issues are not so serious that we cannot work as a company. You will probably ask that are the problems, well it had to do with us wanting to have Veeam as a backup solution for clients - this did not work very well because the mobile devices (laptops) are changing the IP too quickly for Veeam to catch-up with the correct IP (company-homeoffice-company or company-external client-company). We then did some adjustments in DNS like shrinking the non-refresh and refresh intervals to 4 hours. Now it is back to 1 day. We also use some protection external DNS - i will ask the company right away if the external dns which is used to sniff suspicious traffic is causing this. Will report back. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted March 15, 2022 ESET Staff Share Posted March 15, 2022 Any chance you are using technologies like Umbrel or OpenDNS? Asking as there is a known issue reported by such customers, that they do have similar issues, and those are probably not resolved yet. Symtopms are probably similar, except that I am not sure whether it behaves randomly or it never works in such environments... Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 Hi, for some unknown reason I do not see the e-mail notification when you answer in this topic. Setting in profile are set to e-mail. We do have something like that yes, I wrote the e-mail to them and am waiting for an answer. I also notified our network guy. Link to comment Share on other sites More sharing options...
admindt 1 Posted March 15, 2022 Author Share Posted March 15, 2022 This is solved, the issue was in this external DNS that we are using. They said that the problem was not on their side, but after I reported the problem they must have done something. Now I am seeing that my test clients have a green dot near every machine, before this was only on couple of them. Thanks for the support! Link to comment Share on other sites More sharing options...
Recommended Posts