Megachip 5 Posted May 28, 2015 Share Posted May 28, 2015 Aprox 1/2 of my test clients have no recent connection to the server Looks like there agents died. Second problem, agents seems to log in UTC (the clientime is not utc) while server is local time. In 6.1.33 is there finally a protection for disabling or uninstalling the agent by the user? Thx for the infomations, meg Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted May 28, 2015 Share Posted May 28, 2015 Agent does log in UTC. Most log files, on most systems, log in UTC. Otherwise it's a nightmare to diagnose problems. For the agents that have dies, what's showing in the log? We don;t get any agents failing (well over 100 installs, closer to 200 probably). The users shouldn't be local admins anyway...... Jim Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted May 28, 2015 Administrators Share Posted May 28, 2015 Does restarting the agent service make a difference? All ERA components log in UTC, there's no exception to this. The only explanation for that is the time on the server wasn't set correctly. Agent itself cannot have self-protection. Most likely we will protect it by self-defense in ESET's products in the future. Link to comment Share on other sites More sharing options...
Megachip 5 Posted May 29, 2015 Author Share Posted May 29, 2015 (edited) Agent does log in UTC. Most log files, on most systems, log in UTC. Otherwise it's a nightmare to diagnose problems.Thats the problem. Agent log told me 10:57 but ERAS say 12:57 ... Afaik ERAS logs did not contain agent problems (e.g. no connection). For the agents that have dies, what's showing in the log? We don;t get any agents failing (well over 100 installs, closer to 200 probably). Nothing. The deamon simply not running and not connecting to server. No crash or something loggt. It logged a shutdown. Why daemon shuts down? 2015-05-27 13:13:52 Information: Kernel [Thread 0xa06b61d4]: Started module CRDSensorConnectorModule (used 0 KB) 2015-05-27 13:13:52 Information: SchedulerModule [Thread 0xb0525000]: Received message: GetRemainingTimeByUserDataRequest 2015-05-27 13:13:52 Information: SchedulerModule [Thread 0xb0525000]: Received message: GetRemainingTimeByUserDataRequest 2015-05-27 13:13:52 Information: Kernel [Thread 0xa06b61d4]: Used memory after modules start-up is 40148 KB 2015-05-27 15:14:46 Information: Kernel [Thread 0xa06b61d4]: Used memory before modules shutdown is 41420 KB 2015-05-27 15:14:46 Information: Kernel [Thread 0xa06b61d4]: Preparing to stop Interesting... exact the same thing happens 5 min before on another OS X maschine. but without the messageThe users shouldn't be local admins anyway...... Not possible in our infrastructure. Hope it will implemented soon as self protection. Does restarting the agent service make a difference? All ERA components log in UTC, there's no exception to this. The only explanation for that is the time on the server wasn't set correctly. Agent itself cannot have self-protection. Most likely we will protect it by self-defense in ESET's products in the future. Rebooting system helps How to restart Agent on OS X? Tried to starting the app but did not solve the problem. Edited May 29, 2015 by Megachip Link to comment Share on other sites More sharing options...
bbraunstein 27 Posted May 29, 2015 Share Posted May 29, 2015 Hey Megachip, in regards to your last question about restarting the Agent on OS X: sudo stop com.eset.remoteadministrator.agent sudo launchctl start com.eset.remoteadministrator.agent I've had success in the past pushing those commands as a 'Run Command' task to OS X clients. Link to comment Share on other sites More sharing options...
Megachip 5 Posted June 3, 2015 Author Share Posted June 3, 2015 (edited) I've had success in the past pushing those commands as a 'Run Command' task to OS X clients. Do you have running 2 commands? If the Agent is dead/not running, how it could restart himself? @Marcos: There should be a watchdog or something, which restarts agent. Seen that the agent on Server crashed (or shut down) on 5.05... no connection since this time 2015-05-05 11:02:49 Information: Kernel [Thread 7f1029511700]: Used memory after modules start-up is 49712 KB 2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported 2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Net Exception 2015-05-05 11:09:15 Information: Kernel [Thread 7f1029511700]: Used memory before modules shutdown is 64728 KB EDIT: Looks like this interferences with the following bug. The bad thing: eraagent can't be stopped via init/systemctl and can't be run if mdm is running :/ Edited June 4, 2015 by Megachip Link to comment Share on other sites More sharing options...
Recommended Posts