j-gray 35 Posted November 7, 2022 Share Posted November 7, 2022 Just tried upgrading to the latest release, 1.8.2214.0. During the upgrade process when prompted for 'Data connection to ESET Protect, which is pre-populated correctly, I get error message, "User was blocked. Please try again later". With the credentials specified (same as used in current and previous versions), I can successfully log into both the EP Console and the EI console. Any thoughts as to why this is happening? I have not encountered this in any previous upgrades. Link to comment Share on other sites More sharing options...
ESET Staff JamesR 52 Posted November 7, 2022 ESET Staff Share Posted November 7, 2022 Can you do me a favor and try the following? Restart the ESET Protect service Try your upgrade again If it continues to be a pain: Restart the ESET Inspect service Try your upgrade again. If that works, let me know. I may want to gather some logs from you. I think it may be a rare issue where the user account is treated as disabled in ESET Protect, even though it is not disabled. I'm not sure why this happens, and its so rare that its been really hard to narrow down the exact solution/workaround. Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 7, 2022 Author Share Posted November 7, 2022 (edited) @JamesR Thanks for the reply. Unfortunately, no luck Rebooted EP server, re-ran install - same error Rebooted EI server, re-ran install - same error I verified again that I can log into both EP and EI console with those credentials. I checked the account in the EP console and it shows enabled (and 2FA is disabled). Edited November 7, 2022 by j-gray spelling correction Link to comment Share on other sites More sharing options...
user12345 0 Posted November 8, 2022 Share Posted November 8, 2022 I am receiving this error quite regularly, even without performing any major changes such as updates. I had been told by support that this had been fixed in the latest versions but it still occurs frustratingly often. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 8, 2022 Administrators Share Posted November 8, 2022 Just to make sure, did you create a dedicated user only for installation and communication of ESET Inspect with ESET PROTECT with 2FA disabled and used it for EEI installation? Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 8, 2022 Author Share Posted November 8, 2022 @Marcos I do the upgrade logged into the server with Admin rights, as I always have in the past (5+ successful upgrades). There is an EI user (admin) dedicated to communication. The same account that we have been using since we set up Eset Inspect. As noted above, 2FA is not enabled and I can log into the EP console successfully with that account. Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 8, 2022 Author Share Posted November 8, 2022 8 hours ago, user12345 said: I am receiving this error quite regularly, even without performing any major changes such as updates. I had been told by support that this had been fixed in the latest versions but it still occurs frustratingly often. I've never encountered this error before, and now only when I'm attempting the upgrade to 1.8.2214.0. Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 9, 2022 Author Share Posted November 9, 2022 @JamesR I've tried replying to your PM several times, but it doesn't appear to go through. The EI Admin account belongs to the 'ESET Inspect server permission set' and there is only one server permission set (see attachment). I noticed in the audit logs that the EIAdmin account attempts to log into EP 11 times every 30 minutes and gets "Access Denied". The audit logs don't indicate the source of this attempt, so I'm not sure what's actually doing it. Just to reiterated, I can log into both EI and EP consoles successfully with the EI Admin account, so I know it's working and the credentials are correct. Link to comment Share on other sites More sharing options...
ESET Staff JamesR 52 Posted November 9, 2022 ESET Staff Share Posted November 9, 2022 @j-gray Your permissions sets look fine to me. And the logs showing "access denied" are due to how the EI Server communicates with the EP Server...but shouldn't be "access denied". I'm betting if you look inside of "%ProgramData%\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs\trace.txt", you will find some lines showing failed logins for the user. You would need to search for string "AuthenticateUser" without quotes. After conferring with some people in our support team that have encountered and corrected this, I have possible solutions. Can you try these and let me know which help or don't help? Solution 1 - Verify the EI account does not have "Password Change Required = Yes" In ESET Protect, got to "More > Users" Ensure you can see the user account you are using during the upgrade Click the Gear in the top right and select "Edit Columns" Find the "Password Change Required" and drag it to the right and put it so it is the second from the top. Click OK If "Password Change Required" shows Yes, change your user's password Also verify the user is "Enabled" Attempt to upgrade the EI server again Even though you can still log into the EP server, it would be good to rule out there being a flag to change the password being present. Solution 2 - Restart Two services on the ESET Protect server On the ESET Protect Server, stop the following 2 services: Apache Tomcat ESET Protect Server Once both services are fully stopped, start them back up in this order: Apache Tomcat ESET Protect Server Attempt to upgrade the EI server again The support team was adamant that both of the services need to be stopped, then started. Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 9, 2022 Author Share Posted November 9, 2022 @JamesR Thanks again for your help. I verified again that the EI Admin account is enabled, does not require a password change, and does not have 2FA enabled. I followed your steps for re-ordering columns, etc. but that did not change any of the values. In recent upgrade attempts, I rebooted both the EP server (effectively stopping and restarting all services), as well as the EI server. This did not resolve the issue. I followed the steps provided for the two servers, stopping/starting in the order specified and still not change. I did look at the logs and as you indicated, those authentication errors are being logged as 'blocked'. The account password was reset in late-October due to expiration. I'm wondering if the old password somehow got retained/cached somewhere I don't know why else would be getting blocked: 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Socket accepted. Remote ip address: EIserverIP remote port: 59687 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Resolving ip address: EIserverIP 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Receiving ip address: EIserverIP from cache 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Successfully received ip address: EIserverIP from cache 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Socket connection (isClientConnection:0) established for id 15758 2022-11-09 18:15:27 Information: CReplicationModule [Thread 2810]: CReplicationManager: Received notification of non-replication connection from 'host: "EIserverFQDN" port: 59687' (product type: 4) 2022-11-09 18:15:27 Information: ConsoleApiModule [Thread 1d38]: 15758 Initializing new network connection. 2022-11-09 18:15:27 Information: SchedulerModule [Thread 2548]: Received message: RegisterSleepEvent 2022-11-09 18:15:27 Information: ConsoleApiModule [Thread 20fc]: 15758 Login request received [UserName=EIaccount] 22281, Reported address: :0, Connection (webserver) address: EIserverFQDN :59687 2022-11-09 18:15:27 Information: CServerSecurityModule [Thread 255c]: Authenticating user EIaccount 2022-11-09 18:15:27 Information: CServerSecurityModule [Thread 255c]: Checking native user password 2022-11-09 18:15:27 Error: CServerSecurityModule [Thread 255c]: CUserAccessLimiter::CheckAccess(): User EIaccount from EIserverFQDN was blocked. 2022-11-09 18:15:27 Error: ConsoleApiModule [Thread 20fc]: 15758 Error while sending AuthenticateUser request [UserName=EIaccount] CUserAccessLimiter::CheckAccess(): User EIaccount from EIserverFQDN was blocked. 2022-11-09 18:15:27 Information: ConsoleApiModule [Thread 20fc]: 15758 Login request received [UserName=EIaccount] 22282, Reported address: :0, Connection (webserver) address: EIserverFQDN :59687 2022-11-09 18:15:27 Information: CServerSecurityModule [Thread 255c]: Authenticating user EIaccount 2022-11-09 18:15:27 Information: CServerSecurityModule [Thread 255c]: Checking native user password 2022-11-09 18:15:27 Error: CServerSecurityModule [Thread 255c]: CUserAccessLimiter::CheckAccess(): User EIaccount from EIserverFQDN was blocked. 2022-11-09 18:15:27 Error: ConsoleApiModule [Thread 20fc]: 15758 Error while sending AuthenticateUser request [UserName=EIaccount] CUserAccessLimiter::CheckAccess(): User EIaccount from EIserverFQDN was blocked. 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Connection closed by remote peer for session id 15758 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Forcibly closing sessionId:15758, isClosing:0 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Removing session 15758 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: Closing connection , session id:15758 2022-11-09 18:15:27 Information: ConsoleApiModule [Thread 1d38]: 15758 Deinitializing network connection. 2022-11-09 18:15:27 Information: NetworkModule [Thread 272c]: There are still pending sends for sessionId:15758 Link to comment Share on other sites More sharing options...
ESET Staff JamesR 52 Posted November 9, 2022 ESET Staff Share Posted November 9, 2022 @j-gray I'm thinking something has the old password cached or not being updated properly after a password change. Can you try running the 2 following commands to blank out the current password used by the EI Server? First command backs up the registry key which contains this info. Second command will delete the specific value which contains an encrypted copy of the password. After running these commands and running the upgrade, when you get to the area asking for ESET Protect credentials, you will see the password is blanked out and you will be forced to type in the password manually. Reg Export "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\EnterpriseInspector\Server\CurrentVersion\Info" "%userprofile%\Desktop\EI_InfoKey_BKCP.reg" Reg Delete "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\EnterpriseInspector\Server\CurrentVersion\Info" /v "EraPassword" Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 9, 2022 Author Share Posted November 9, 2022 @JamesR I ran those commands to export, then delete the registry key. The password was blanked out during the upgrade process as you indicated, but after typing it in I still get the same 'blocked user' error. Link to comment Share on other sites More sharing options...
j-gray 35 Posted November 9, 2022 Author Share Posted November 9, 2022 Well.... I just found the issue. The upgrade process populates the EI admin logon and password. It just so happens that it was populating the admin account in a case-sensitive manner, as the account exists in the EP console (e.g. CAPAdmin). When I used the login id capitalized as it exists in EP console, the user is blocked. When I enter the login id in all lower case, the upgrade was able to complete. I confirmed the same logging into the EI console; account as configured in EP is CAPAdmin. Log into EI console with CAPAdmin = user is blocked. Log into EP console as capadmin = successful login. JamesR and rmdir32 2 Link to comment Share on other sites More sharing options...
Recommended Posts