EEI | Product not activated (Topic last mentioned on March.)

[j-gray 35]

On 1/13/2023 at 4:39 AM, Peter Randziak said:

The Auto-updates should make it much easier to maintain.

Unfortunately, this isn't really an option. We still have to vet and test each update, and then allow the upgrades on a managed timeline. This allows us to recover from a botched upgrade, similar to what we saw with the latest EI Connector on all our Windows servers when the upgrade caused the EI connector to become corrupted.

[avielc 54]

Sorry for late reply, 
awefully swamped, but felt I need to keep up with you guys. 
So I escalated a request to our Account Exec in ESET Israel,

Support contacted back, collected EP,EIServer,ERA logs from everywhere and sent as ticket to Global ESET. 
I hope this would move things forward a little. 

On 1/13/2023 at 1:36 PM, Peter Randziak said:

I was very exhausted too, but luckily it got better quickly. I hope it will start to improve on your side too...

On 1/12/2023 at 3:18 PM, avielc said:

Thanks Peter Slowly going back to normal. 

Everything else was collected and sent to ESET so I hope for good news in a few days. 
(had another question I will post on thread, related to @j-gray's thread from 2016 about expiration date

[Peter Randziak 1,130]

37 minutes ago, avielc said:

awefully swamped, but felt I need to keep up with you guys. 

Your dedication is awesome 😉 
 

37 minutes ago, avielc said:

So I escalated a request to our Account Exec in ESET Israel,

Support contacted back, collected EP,EIServer,ERA logs from everywhere and sent as ticket to Global ESET. 
I hope this would move things forward a little. 

 

37 minutes ago, avielc said:

Everything else was collected and sent to ESET so I hope for good news in a few days. 

Glad to hear that the data and logs were collected and the case is on the  HQ support, I hope they will be able to tackle it with you to reveal what is going on there...
Please keep us posted.
 

38 minutes ago, avielc said:

Thanks Peter Slowly going back to normal. 

Glad to hear that.

Peter

[j-gray 35]

I posted in the other thread, as well, but I'm finding that at least some of the v7 OS X clients that appear activated then days later show not activated log the details below. It also seems to hang on the specific date it quit working. As in, today is the 23rd, but the Events Statistics are all from: 2023-01-17 22:00:36, To:, 2023-01-17 22:00:36

2023-01-23 08:57:00 0x70000aea1000 Info: Events sent successfully to xxx.xx.x.xx:8093. Server responded with 200 status code in 0s007ms.
2023-01-23 08:57:09 0x70000b130000 Error: License check failed. Try 1 out of 5. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)
2023-01-23 08:58:12 0x70000b130000 Error: License check failed. Try 2 out of 5. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)
2023-01-23 08:59:16 0x70000b130000 Error: License check failed. Try 3 out of 5. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)
2023-01-23 09:00:19 0x70000b130000 Error: License check failed. Try 4 out of 5. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)
2023-01-23 09:01:22 0x70000b130000 Error: License check failed. Try 5 out of 5. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)
2023-01-23 09:02:25 0x70000b130000 Error: License check failed. License no longer active. Failed to process a request to/from ESET Endpoint Security/Antivirus. RUN_LOOP_ERROR RUN_LOOP_TIMEOUT (2)
2023-01-23 09:02:25 0x70000b130000 Info: ESET Inspect integration with Endpoint has been successfully enabled

[Peter Randziak 1,130]

On 1/23/2023 at 5:21 PM, j-gray said:

I posted in the other thread, as well, but I'm finding that at least some of the v7 OS X clients that appear activated then days later show not activated log the details below. It also seems to hang on the specific date it quit working. As in, today is the 23rd, but the Events Statistics are all from: 2023-01-17 22:00:36, To:, 2023-01-17 22:00:36

Hello @j-gray,

sad to hear that such unpleasant issue still affects your environment 😞 
As I mentioned in the other topic, a hotfix which should address such issues is on QA.
Can you please test it wit it, once it becomes available?
If it won't help, we can investigate the issue directly with you.

Peter

[avielc 54]

6 minutes ago, Peter Randziak said:

Hello @j-gray,

sad to hear that such unpleasant issue still affects your environment 😞 
As I mentioned in the other topic, a hotfix which should address such issues is on QA.
Can you please test it wit it, once it becomes available?
If it won't help, we can investigate the issue directly with you.

Peter

Hi Peter, 
I'm waiting for that hot fix to arrive too, 
I'd be happy to test it as well. 
I had a session with our local ESET support. 
apparently EEA7 doesn't have esets_daemon so they couldn't run --ecp to get some logs for ESET HQ. 

Hope they will be able to find an answer as it seems EEA7 is completely different than EEA6.
(once EI activation will be fixed the next topic at hand is device control -- I hope this module will be added as well, it's the next important bullet on our agenda.

 

Thanks again for all the help and support Peter, I appreciate it all dearly. 

[Peter Randziak 1,130]

Hello,

later it turned out that the real cause is that the EI connector with EEAM 6 is not being activated so it does not have the license file created so on upgrade to EEAM 7 there is nothing to be transferred. So a new activation of EI connector after the upgrade of EEAM to v7 is required...  

If I recall correctly the hotfix should be released quite soon.
 

On 1/25/2023 at 2:09 PM, avielc said:

Thanks again for all the help and support Peter, I appreciate it all dearly. 

Thank you, I'm trying to assist. The thanks should go the the EI support specialist on ESET HQ support, he is doing the real job and I also seen that the replied on the ticket, you have with your local ESET support...
 

Peter

[j-gray 35]

Looks like 1.9.2423.0 has been released. Again, not much in the changelog and nothing listed relevant to OS X issues.

I'll give it a go.

[Peter Randziak 1,130]

Hello @j-gray,

well yes the changelog is not that detailed and does not cover all the fixes, it would be very long than 🙂 
When it comes to the connection events, those are related to issues with high RAM usage - that is fixed in the HF.

Please keep us posted, Peter

[avielc 54]

4 minutes ago, Peter Randziak said:

Hello @j-gray,

well yes the changelog is not that detailed and does not cover all the fixes, it would be very long than 🙂 
When it comes to the connection events, those are related to issues with high RAM usage - that is fixed in the HF.

Please keep us posted, Peter

Hi Peter, 
I'll try to read between the lines for j-gray here.  (this is also true to me) 
usual change log available for any EEA\EES\EP related updates are massively longer.( That's a good thing!)
can you please escalate to EI team to invest some love into the change log too? 
As you can see people like me and j, we dig deep. we want to understand the product better and get the broader picture to know if this update is critical or not and whether should be push it to production sooner than later. 
This is true and important just as much for EEA\EP as it should be for EI. 

 

Thanks again for all the support mate, really appreciate all that you do for the community here.

[Peter Randziak 1,130]

Hello,

On 2/16/2023 at 9:52 AM, avielc said:

I'll try to read between the lines for j-gray here.  (this is also true to me) 
usual change log available for any EEA\EES\EP related updates are massively longer.( That's a good thing!)
can you please escalate to EI team to invest some love into the change log too? 
As you can see people like me and j, we dig deep. we want to understand the product better and get the broader picture to know if this update is critical or not and whether should be push it to production sooner than later. 
This is true and important just as much for EEA\EP as it should be for EI. 

sure, I will pass the feedback to the product manager responsible.

I must admit that I prefer and like detailed changelogs too 🙂 

On 2/16/2023 at 9:52 AM, avielc said:

Thanks again for all the support mate, really appreciate all that you do for the community here.

Thank you very much for your kind words and appreciation.
Thank you for being active on the ESET Forums and your patience with tackling issues.

Peter

[j-gray 35]

So far, the activation issues have been cleared up for the most part.

I'm still faced with the following OS X issues, however:

1. EI Connector installation still reports failed if/when license is specified in the install/upgrade task.
2. Activation issues appear to be somewhat better, though quite a few activations still fail
   • Typically this shows as Task Started > Task Finished Successfully > Task Timed Out. In these cases, product activation fails.
   • Frequently, EI Connector activation task shows running for 24+ hours
3. EI Connector does not show as installed under Installed Applications in client details even though it is installed.
   • I was hoping the upgrading the EI Connector would get it to register again, but no luck
   • We have approximately 160 clients where EI Connector is installed but EP Console does not reflect this.
4. We seem to have a huge increase in failed agent and connector installs and upgrades for OS X only due to repository inaccessibility with the following: Failed to synchronize package repository. See trace message for more details. GetFile: Cannot connect to host 'repository.eset.com' [error code: 20003]

Not sure why the recent connectivity issues. They seem quite random, yet persistent.

[Peter Randziak 1,130]

Hello @j-gray,

On 2/21/2023 at 7:54 PM, j-gray said:

So far, the activation issues have been cleared up for the most part.

really glad to hear that 

The issues 1 and 2 are on ESET PROTECT, we would need to check it from logs to see what is being sent to the server and what happened with the tasks.

On 2/21/2023 at 7:54 PM, j-gray said:

EI Connector does not show as installed under Installed Applications in client details even though it is installed.

• I was hoping the upgrading the EI Connector would get it to register again, but no luck
• We have approximately 160 clients where EI Connector is installed but EP Console does not reflect this.

The issue is being discussed at https://forum.eset.com/topic/35383-os-x-ei-connector-does-not-register-in-ep-console-v10/

 

On 2/21/2023 at 7:54 PM, j-gray said:

We seem to have a huge increase in failed agent and connector installs and upgrades for OS X only due to repository inaccessibility with the following: Failed to synchronize package repository. See trace message for more details. GetFile: Cannot connect to host 'repository.eset.com' [error code: 20003]

The error 20003 means E_HTTP_CANT_CONNECT_TO_HOST
So this should be checked on the network level. Some IDS/IPS may bump the traffic.
Workaround might be to use PROXY with caching - it might mitigate the situation, as there will already be pre-cached files

Peter

[j-gray 35]

Well... still seems to be a mixed bag. We still have ~150 OS X clients that refuse to activate. And some that have successfully activated in the past and have been activated for some time become inactivated.

Any activation task seems to run for at least a day before it times out. Other tasks run without issue. Uninstalling and reinstalling the connector does not resolve the issue.

I'd also hazard to guess that the EI licensing is still not working properly --we're currently still using only 655/1600 Connector licenses where we should be closer to the full 1600.

[avielc 54]

I didn't have time to work on it, 
but yea, I still have 13 users (out of 40 with mac) that show that issue. 
I should connect with Local support and pass them log to escalate it to the HQ support.

[Peter Randziak 1,130]

Hello guys,

yes for sure I recommend to pass it to the local support, which can pass it to HQ support, if needed.

Peter

[avielc 54]

@j-gray @Peter Randziak - quick update 
I understand there should be a new version coming out soon (maybe tomorrow? )
If so, I see no reason on to keep on checking until then. 
Especially when the only thing I would be asked to check would be to upgrade to the new version and test it anyways. 

@Peter Randziak - sending you a feedback privately, if you could please pass it on internally.

Thanks

[j-gray 35]

5 hours ago, avielc said:

@j-gray @Peter Randziak - quick update 
I understand there should be a new version coming out soon (maybe tomorrow? )

Interesting -and thanks for the info. Any indication as to what might be in the changelog?

[avielc 54]

@j-gray - sorry mate, I wouldn't have a clue until we both see it.

hopefully more than the usual eluding "General bugs and fixes"  :)

[Peter Randziak 1,130]

Hello guys,

I won't deny it that a new version should be available soon 🙂 (we should not announce new version availability until it is released, I burned my hand myself on this as I promised a release, which was later stopped as an issue was found... 😞  🙂 )

On 3/27/2023 at 12:03 PM, avielc said:

@Peter Randziak - sending you a feedback privately, if you could please pass it on internally.

I will check it for sure, but I rather do not promise that it will be today...

18 hours ago, j-gray said:

Interesting -and thanks for the info. Any indication as to what might be in the changelog?

As I shouldn't disclose the release date, I assume I shouldn't be sharing much from the changelog too  

Naturally the detection capabilities were improved, multitenancy support was completed, further improvements and fixes  are included.

13 hours ago, avielc said:

@j-gray - sorry mate, I wouldn't have a clue until we both see it.

hopefully more than the usual eluding "General bugs and fixes" 

The changelog should be more rich this time 🙂  

Peter

 

[avielc 54]

23 minutes ago, Peter Randziak said:

 (we should not announce new version availability until it is released, I burned my hand myself on this as I promised a release, which was later stopped as an issue was found... 😞  🙂 )

Of course Peter, I can 100% relate to learning from mistakes of the past. so not holding you up for that.
I would like to add that sometimes when a release date approaches it can be helpful to know ahead of time that there is something to look out for instead of still discussing and working with support as it would be proved worthless to spend more time over something that might get fixed in a day (or few days) 

25 minutes ago, Peter Randziak said:

I will check it for sure, but I rather do not promise that it will be today...

Completely fine wiht me mate, there is no deadline on this, thanks for caring about it.

 

In general, thanks again for the bit of info about the changelog, truly appreciate that, and it's great to see the positive steps ESET is taking towards customers' requests. (and of course the ESET Forum Staff along with your help in escalatinging these points to help the entire community) 

[avielc 54]

FYI - EEI Server 1.10 is out. 

Version 1.10.2664.0

• Added: Multitenancy support completed (management of access rights per group, synchronization of static group types, and improved blocking of modules)
• New: New signals to indicate ransomware attacks
• New: Simple incident creation based on the Dutch partner's (specific endpoint rules) SIEM rules
• New: Detection of files delivered through RDP connection's copy & paste
• New: Displayed OS API calls from LiveGuard
• New: MDR Report Template
• New: Dark Mode
• New: ESET LiveGuard information columns in the executables table view
• Fixed: Stability and performance fixes

Nothing mentions Mac issues in specific. 

Going to test it. 

 

Edited March 28, 2023 by avielc
(added info about 1.10EEI

[avielc 54]

Another quick update. 
Just installed server + 2 clients. 
1 client fails to activate. 
The other seems to be reporting well. (shows some issues with exclusion rules:

Error: Failed adding exclusion to rule. Couldn't find rule with familyId 2939

I am looking into the other client to understand why it failed to activate still. 

In general looks good:

Info: Events sent successfully to XXXXXXXXXXXXXXXX:2226. Server responded with 200 status code in 3s231ms.

that looks nice!

Edited March 28, 2023 by avielc

[Peter Randziak 1,130]

On 3/28/2023 at 1:19 PM, avielc said:

Of course Peter, I can 100% relate to learning from mistakes of the past. so not holding you up for that.
I would like to add that sometimes when a release date approaches it can be helpful to know ahead of time that there is something to look out for instead of still discussing and working with support as it would be proved worthless to spend more time over something that might get fixed in a day (or few days) 

I understand your point, but I assume that once we would say that, most of the users would understand it as our commitment to do the release. More general topic is a Roadmap, those is being shared with the ESET partner network so they can share data based on it with their customers...

On 3/28/2023 at 1:19 PM, avielc said:

In general, thanks again for the bit of info about the changelog, truly appreciate that, and it's great to see the positive steps ESET is taking towards customers' requests. (and of course the ESET Forum Staff along with your help in escalatinging these points to help the entire community) 

Thank you for your words of appreciation.
We thank you for being active member of the community on the ESET Forum.

[Peter Randziak 1,130]

22 hours ago, avielc said:

1 client fails to activate. 

If possible, please try to get the logs from it to check it with the support team.

 

22 hours ago, avielc said:

Error: Failed adding exclusion to rule. Couldn't find rule with familyId 2939

I have found one report with such behavior, but it was fixed in the 1.8 release, so this is probably other issue which will have to be investigated from the logs properly...