Jump to content

Activation server not reachable

Ming Chou

By Ming Chou
in ESET NOD32 Antivirus

 Share
Go to solution Solved by Ming Chou,

Recommended Posts

Ming Chou

Ming Chou 0

Posted
Posted

Hi,

When i tried to activate ESET through the activation server it says that it is not reachable. We noticed that our firewall blocked the connection, we have created a policy to allow the broadcast. however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). 

How can we make sure the clients are connecting through DNS name and not IP Address?

 

Link to comment
Share on other sites
itman

itman 1,665

Posted
Posted
5 hours ago, Ming Chou said:

however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). 

Per Robtex, edf.eset.com resolves to the following IP addresses;

Eset_Activate.png.a7810205a63c434ff99d1c084f5dfb63.png

Link to comment
Share on other sites
Ming Chou

Ming Chou 0

Posted
  • Author
Posted (edited)

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall

According to this it says it should also be 52.160.70.199  our firewall is also showing the block on 52.160.70.199 .

 

image.png.e0cbdeb1aa9c39ff4be732ccbba0c4f3.png

 

Edited by Ming Chou
Link to comment
Share on other sites
itman

itman 1,665

Posted
Posted

I ran tracert edf.eset.com and the final connection was to 52.160.70.199.

Next, I ran DNSChecker for edf.eset.com and all DNS resolutions world-wide were to IP address 52.160.70.199;

Eset_DNS.thumb.png.c85ceba041085d7dda2ade4bd84d2a4c.png

As such, whatever DNS resolution issues you are having are on your end and nothing to do with Eset.

Link to comment
Share on other sites
itman

itman 1,665

Posted
Posted
11 hours ago, Ming Chou said:

however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). 

How can we make sure the clients are connecting through DNS name and not IP Address?

Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered;

52.160.70.199 edf.eset.com

Host file entries override and bypass DNS processing.

Why he would do this is beyond me.

Link to comment
Share on other sites
Ming Chou

Ming Chou 0

Posted
  • Author
Posted
10 hours ago, itman said:

Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered;

52.160.70.199 edf.eset.com

Host file entries override and bypass DNS processing.

Why he would do this is beyond me.

We have not modified any files regarding ESET, the user also does not have the rights to do so.

I have checked the Windows host file for "52.160.70.199"  or "edf.eset.com" but those entries are not present.

We have just whitelisted the IP and will have to live with it.

 

@Marcos What are the chances that the IP Address will change in the future?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,085

Posted
  • Administrators
Posted

You might want to provide a pcap log from activation for a check. You can create one either using Wireshark or by enabling advanced network protection logging in the advanced setup -> tools -> diagnostics.

We cannot guarantee that the IP address won't change in the future. In the future we also plan to add RSS for KB so you could subscribe to it and be informed if there's a change in the KB with a list of the IP addresses used by ESET products.

Link to comment
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...