Jump to content

Activation server not reachable


Go to solution Solved by Ming Chou,

Recommended Posts

Posted

Hi,

When i tried to activate ESET through the activation server it says that it is not reachable. We noticed that our firewall blocked the connection, we have created a policy to allow the broadcast. however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). 

How can we make sure the clients are connecting through DNS name and not IP Address?

 

Posted
5 hours ago, Ming Chou said:

however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). 

Per Robtex, edf.eset.com resolves to the following IP addresses;

Eset_Activate.png.a7810205a63c434ff99d1c084f5dfb63.png

Posted

I ran tracert edf.eset.com and the final connection was to 52.160.70.199.

Next, I ran DNSChecker for edf.eset.com and all DNS resolutions world-wide were to IP address 52.160.70.199;

Eset_DNS.thumb.png.c85ceba041085d7dda2ade4bd84d2a4c.png

As such, whatever DNS resolution issues you are having are on your end and nothing to do with Eset.

  • Administrators
Posted

Endpoint attempts to connect to edf.eset.com:

image.png

Posted
11 hours ago, Ming Chou said:

however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). 

How can we make sure the clients are connecting through DNS name and not IP Address?

Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered;

52.160.70.199 edf.eset.com

Host file entries override and bypass DNS processing.

Why he would do this is beyond me.

Posted
10 hours ago, itman said:

Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered;

52.160.70.199 edf.eset.com

Host file entries override and bypass DNS processing.

Why he would do this is beyond me.

We have not modified any files regarding ESET, the user also does not have the rights to do so.

I have checked the Windows host file for "52.160.70.199"  or "edf.eset.com" but those entries are not present.

We have just whitelisted the IP and will have to live with it.

 

@Marcos What are the chances that the IP Address will change in the future?

  • Administrators
Posted

You might want to provide a pcap log from activation for a check. You can create one either using Wireshark or by enabling advanced network protection logging in the advanced setup -> tools -> diagnostics.

We cannot guarantee that the IP address won't change in the future. In the future we also plan to add RSS for KB so you could subscribe to it and be informed if there's a change in the KB with a list of the IP addresses used by ESET products.

  • 1 month later...
  • Solution
Posted

we have whitelisted the IP instead of dns, this solves our issue. can be closed.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...