Jump to content

Clients stopped reporting to the console


admindt
 Share

Recommended Posts

Hi,

I have a broad question with little details as I am not sure what to provide with the first post. I am testing ESET Protect Cloud, and have 15 machines in test, today all of a sudden 3 machines stopped reporting since 13:36, at the time of writing this post it is 16:41. I did not change the firewall settings, I tried with the wake-up command, reseting the machine (it is mine and I am working on it all day). The only thing I did was to disable the wi-fi in Windows 10, because of our dns which likes to take our Wi-Fi adapter address rather than the ethernet connection. In the DNS the change is done and the IP matches the one in the console, 192.168.0.79. The machine is in the domain, everything fine and dandy except it isnt.

What could be the reason and where can I start troubleshooting.

Cheers

Edited by admindt
additional info
Link to comment
Share on other sites

  • Administrators

What issue is reported in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html? You can also upload the file here, it will be available only to ESET staff.

Link to comment
Share on other sites

Hi Marcos,

thank you for your quick response, much appreciate it. The client did report in the morning today but still an error message is in the html file. I am attaching it here like you instructed me to do. I had to change it to .txt  so just revert to .html.

Cheers

status.txt

Link to comment
Share on other sites

At 8:44 the log was all green, and the client connected at 8:34 last time. I refresh the window and it is 1min later and again the same error like I have sent you in the status.txt/html. What is going on here.

Link to comment
Share on other sites

  • ESET Staff

Most common error seems to be:

Failed to resolve: g3mu6zkwvyzejjp6brvqaeceei.a.ecaserver.eset.com:443

which indicates that DNS resolving of this hostname does not work. Could you please double check that device can resolve this DNS name (using nslookup) in all possible network configurations, i.e. when device is on wifi/lan?

Link to comment
Share on other sites

1 hour ago, MartinK said:

Most common error seems to be:

Failed to resolve: g3mu6zkwvyzejjp6brvqaeceei.a.ecaserver.eset.com:443

which indicates that DNS resolving of this hostname does not work. Could you please double check that device can resolve this DNS name (using nslookup) in all possible network configurations, i.e. when device is on wifi/lan?

Hi Martin,

 

thank you. This does not seem to work, the machines connect but sporadically. Do we have to create an entry in DNS Manager?

Nslookup.JPG

Link to comment
Share on other sites

  • ESET Staff
35 minutes ago, admindt said:

thank you. This does not seem to work, the machines connect but sporadically. Do we have to create an entry in DNS Manager?

It depends on your environment. I will double check but there seems to be no reports with our DNS infrastructure - so maybe there is just some DNS misconfiguration in your environment? Maybe firewall blocking access to DNS servers or some issue with DNS caching? Maybe just specific network configuration is missing DNS servers configuration, for example are there any differences between devices? Or maybe adding some generic DNS server to configuration (i.e. something like 8.8.8.8) might resolve this issue, but ideally it should work out of the box, i.e. either your internal DNS server or DNS server of your internet provider should be used in case everything is properly configured.

Link to comment
Share on other sites

1 minute ago, MartinK said:

It depends on your environment. I will double check but there seems to be no reports with our DNS infrastructure - so maybe there is just some DNS misconfiguration in your environment? Maybe firewall blocking access to DNS servers or some issue with DNS caching? Maybe just specific network configuration is missing DNS servers configuration, for example are there any differences between devices? Or maybe adding some generic DNS server to configuration (i.e. something like 8.8.8.8) might resolve this issue, but ideally it should work out of the box, i.e. either your internal DNS server or DNS server of your internet provider should be used in case everything is properly configured.

To be honest, we are having some problems with our DNS, this is waiting to be solved. But the issues are not so serious that we cannot work as a company. You will probably ask that are the problems, well it had to do with us wanting to have Veeam as a backup solution for clients - this did not work very well because the mobile devices (laptops) are changing the IP too quickly for Veeam to catch-up with the correct IP (company-homeoffice-company or company-external client-company).

We then did some adjustments in DNS like shrinking the non-refresh and refresh intervals to 4 hours. Now it is back to 1 day. We also use some protection external DNS - i will ask the company right away if the external dns which is used to sniff suspicious traffic is causing this.

Will report back.

Link to comment
Share on other sites

  • ESET Staff

Any chance you are using technologies like Umbrel or OpenDNS? Asking as there is a known issue reported by such customers, that they do have similar issues, and those are probably not resolved yet. Symtopms are probably similar, except that I am not sure whether it behaves randomly or it never works in such environments...

Link to comment
Share on other sites

Hi,

for some unknown reason I do not see the e-mail notification when you answer in this topic. Setting in profile are set to e-mail. We do have something like that yes, I wrote the e-mail to them and am waiting for an answer. I also notified our network guy.

Link to comment
Share on other sites

This is solved, the issue was in this external DNS that we are using. They said that the problem was not on their side, but after I reported the problem they must have done something. Now I am seeing that my test clients have a green dot near every machine, before this was only on couple of them.

Thanks for the support!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...