Jump to content

EEI Agent failed on remote network (bad message error 104)

avielc
 Share

Recommended Posts

avielc

avielc 54

Posted
Posted

Hi

Any ideas why specificly 2 computers specifically keeps failing to connect to the ESET EEI server. (or at least report that) 
Here is a piece of their log file.  

2022-12-08 06:22:08 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:22:21 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:22:26 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:22:44 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:23:14 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:23:30 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:24:11 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:24:45 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:25:09 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:25:52 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:27:31 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:28:23 01604 Info: Events Statistics, From:, 2022-12-08 06:22:00, To:, 2022-12-08 06:28:23, Duration (s):, 383, Events Per Second:, 12.645, Events:, 4843, File:, 23, Registry:, 39, TcpIp:, 9, Http:, 5, Dns:, 4, Process:, 317, Injections:, 6, Dll:, 30, Traffic:, 0, Info:, 1, Metadata:, 230, Livegrid:, 1012, OriginUrl:, 0, Alarms:, 0, UserActivity:, 27, Wmi:, 3138, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 2, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 6, LoadUnloadDriver:, 0, Batch Size (bytes):, 170887
2022-12-08 06:29:07 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:30:17 01604 Info: Events Statistics, From:, 2022-12-08 06:28:23, To:, 2022-12-08 06:30:17, Duration (s):, 114, Events Per Second:, 43.868, Events:, 5001, File:, 456, Registry:, 2211, TcpIp:, 49, Http:, 15, Dns:, 16, Process:, 114, Injections:, 0, Dll:, 14, Traffic:, 8, Info:, 1, Metadata:, 265, Livegrid:, 301, OriginUrl:, 0, Alarms:, 0, UserActivity:, 7, Wmi:, 1327, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 89322, TrafficInterval:, 8, Executions:, 0, Subprocesses:, 0, Connections:, 31, LoadUnloadDriver:, 217, Batch Size (bytes):, 259316
2022-12-08 06:31:21 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:31:50 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:35:17 01604 Info: Events Statistics, From:, 2022-12-08 06:30:17, To:, 2022-12-08 06:35:14, Duration (s):, 297, Events Per Second:, 6.222, Events:, 1848, File:, 844, Registry:, 573, TcpIp:, 7, Http:, 2, Dns:, 6, Process:, 30, Injections:, 0, Dll:, 6, Traffic:, 7, Info:, 1, Metadata:, 4, Livegrid:, 4, OriginUrl:, 0, Alarms:, 0, UserActivity:, 6, Wmi:, 358, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 255372, TrafficInterval:, 1400, Executions:, 0, Subprocesses:, 0, Connections:, 5, LoadUnloadDriver:, 0, Batch Size (bytes):, 89389
2022-12-08 06:36:09 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:39:48 01604 Info: Events Statistics, From:, 2022-12-08 06:35:17, To:, 2022-12-08 06:39:48, Duration (s):, 271, Events Per Second:, 18.454, Events:, 5001, File:, 236, Registry:, 4137, TcpIp:, 33, Http:, 33, Dns:, 20, Process:, 33, Injections:, 0, Dll:, 8, Traffic:, 6, Info:, 1, Metadata:, 1, Livegrid:, 1, OriginUrl:, 0, Alarms:, 0, UserActivity:, 5, Wmi:, 487, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 160802, TrafficInterval:, 1433, Executions:, 0, Subprocesses:, 0, Connections:, 20, LoadUnloadDriver:, 0, Batch Size (bytes):, 178741
2022-12-08 06:40:20 01d10 Error: Error while sending control request to server at "XX.dc.com:2226". connect: bad message [generic:104]
2022-12-08 06:42:22 01604 Info: Events Statistics, From:, 2022-12-08 06:39:48, To:, 2022-12-08 06:42:22, Duration (s):, 154, Events Per Second:, 32.474, Events:, 5001, File:, 492, Registry:, 3243, TcpIp:, 16, Http:, 39, Dns:, 10, Process:, 3, Injections:, 0, Dll:, 0, Traffic:, 4, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 1193, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 16493, TrafficInterval:, 2139, Executions:, 0, Subprocesses:, 0, Connections:, 9, LoadUnloadDriver:, 0, Batch Size (bytes):, 175929
2022-12-08 06:43:54 019b8 Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:45:49 01604 Info: Events Statistics, From:, 2022-12-08 06:42:22, To:, 2022-12-08 06:45:49, Duration (s):, 207, Events Per Second:, 24.159, Events:, 5001, File:, 271, Registry:, 3691, TcpIp:, 6, Http:, 34, Dns:, 6, Process:, 4, Injections:, 0, Dll:, 3, Traffic:, 6, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 979, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 0, TrafficSize:, 42197717, TrafficInterval:, 1880, Executions:, 0, Subprocesses:, 0, Connections:, 3, LoadUnloadDriver:, 0, Batch Size (bytes):, 189184

I checked Telnet, it's succeeding to connect to the EEI Server
Can't think of what else is missing here. 
Version 1.8.2218
Both computers are on a network connected via site to site VPN to the EEIserver network. there is another computer on that network, that did not report the "can not connect to ESET Inspect Server" error while those 2 did. 
It's log looks like this: 
  

2022-12-08 05:57:07 00064 Info: Events Statistics, From:, 2022-12-08 05:52:16, To:, 2022-12-08 05:57:02, Duration (s):, 286, Events Per Second:, 1.500, Events:, 429, File:, 0, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 388, Injections:, 0, Dll:, 0, Traffic:, 7, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 31, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 2, TrafficSize:, 181107, TrafficInterval:, 1500, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 31609
2022-12-08 06:02:07 00064 Info: Events Statistics, From:, 2022-12-08 05:57:08, To:, 2022-12-08 06:02:06, Duration (s):, 298, Events Per Second:, 1.483, Events:, 442, File:, 0, Registry:, 2, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 403, Injections:, 0, Dll:, 0, Traffic:, 5, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 30, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 70481, TrafficInterval:, 647, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 32853
2022-12-08 06:03:12 023ec Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:07:07 00064 Info: Events Statistics, From:, 2022-12-08 06:02:16, To:, 2022-12-08 06:07:04, Duration (s):, 288, Events Per Second:, 2.521, Events:, 726, File:, 18, Registry:, 164, TcpIp:, 8, Http:, 7, Dns:, 1, Process:, 407, Injections:, 0, Dll:, 4, Traffic:, 11, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 4, Wmi:, 100, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 65854, TrafficInterval:, 17260, Executions:, 0, Subprocesses:, 0, Connections:, 4, LoadUnloadDriver:, 0, Batch Size (bytes):, 50226
2022-12-08 06:12:07 00064 Info: Events Statistics, From:, 2022-12-08 06:07:11, To:, 2022-12-08 06:12:06, Duration (s):, 295, Events Per Second:, 1.522, Events:, 449, File:, 0, Registry:, 9, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 401, Injections:, 0, Dll:, 0, Traffic:, 8, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 29, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 83066, TrafficInterval:, 1741, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 33288
2022-12-08 06:17:07 00064 Info: Events Statistics, From:, 2022-12-08 06:12:15, To:, 2022-12-08 06:17:02, Duration (s):, 287, Events Per Second:, 1.599, Events:, 459, File:, 5, Registry:, 16, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 395, Injections:, 0, Dll:, 2, Traffic:, 8, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 1, Wmi:, 30, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 40847, TrafficInterval:, 1791, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 34605
2022-12-08 06:22:07 00064 Info: Events Statistics, From:, 2022-12-08 06:17:11, To:, 2022-12-08 06:22:06, Duration (s):, 295, Events Per Second:, 1.468, Events:, 433, File:, 0, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 397, Injections:, 0, Dll:, 0, Traffic:, 7, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 27, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 34882, TrafficInterval:, 1749, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 31938
2022-12-08 06:27:07 00064 Info: Events Statistics, From:, 2022-12-08 06:22:13, To:, 2022-12-08 06:27:03, Duration (s):, 290, Events Per Second:, 3.441, Events:, 998, File:, 96, Registry:, 357, TcpIp:, 2, Http:, 1, Dns:, 1, Process:, 492, Injections:, 0, Dll:, 7, Traffic:, 7, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 3, Wmi:, 30, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 53243, TrafficInterval:, 1347, Executions:, 0, Subprocesses:, 0, Connections:, 1, LoadUnloadDriver:, 0, Batch Size (bytes):, 60960
2022-12-08 06:31:39 023ec Error: Error while sending request to server at "XX.dc.com:2226". bad message
2022-12-08 06:32:08 00064 Info: Events Statistics, From:, 2022-12-08 06:27:10, To:, 2022-12-08 06:32:06, Duration (s):, 296, Events Per Second:, 1.611, Events:, 477, File:, 16, Registry:, 18, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 404, Injections:, 0, Dll:, 0, Traffic:, 7, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 30, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 63572, TrafficInterval:, 1059, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 35508
2022-12-08 06:37:08 00064 Info: Events Statistics, From:, 2022-12-08 06:32:15, To:, 2022-12-08 06:37:01, Duration (s):, 286, Events Per Second:, 1.490, Events:, 426, File:, 0, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 388, Injections:, 0, Dll:, 0, Traffic:, 7, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 29, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 34184, TrafficInterval:, 3180, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 31643
2022-12-08 06:42:08 00064 Info: Events Statistics, From:, 2022-12-08 06:37:10, To:, 2022-12-08 06:42:06, Duration (s):, 296, Events Per Second:, 1.486, Events:, 440, File:, 1, Registry:, 0, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 400, Injections:, 0, Dll:, 0, Traffic:, 8, Info:, 1, Metadata:, 0, Livegrid:, 0, OriginUrl:, 0, Alarms:, 0, UserActivity:, 0, Wmi:, 29, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 1, TrafficSize:, 32073, TrafficInterval:, 4744, Executions:, 0, Subprocesses:, 0, Connections:, 0, LoadUnloadDriver:, 0, Batch Size (bytes):, 32569

Much cleaner of errors. 

 

I did reinstall EEI twice - first time the error continued showing on EPConsole, Second time I uninstalled + removed the old ESET Inspector folder (old gen name) - 
the Yellow warning vanished but I still see all these errors.

 

Any thoughts?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...