EEllis 0 Posted August 20, 2015 Share Posted August 20, 2015 Greetings - I'm a new admin working with a new installation of the ESET platform. Our version information is as follows: ESET Remote Administrator (Server), Version 6.1.444.0 ESET Remote Administrator (Webconsole), Version 6.1.334.0 Running on Windows Server 2012 Update module 1060 (20150617) Translation support module 1382 (20150803) Configuration module 1049B (20150212) The server installation seems to be functioning properly - I've created a static group and tied it to our Active Directory domain. The OU's and computers are being properly imported and displayed within the web console, and the total number of devices imported from our AD seems to be accurate. What's not working well, however, is the reporting of the ESET Endpoint Security installation on the client computers. We weren't able to properly configure our AD to deploy the agent to the client computers via GPO (annoying, but a problem for another time), so instead I've had several summer interns running around and installing the agent manually on the client computers. This has generally worked, and once the agent installation has completed, we've generally been able to see that change of status within the web console. We've then been able to push the endpoint client software out to these computers, and they've generally installed without too many problems (we've had some issues when the destination computer hasn't been fully patched with Windows Updates, but we've dealth with this). The ESET software on the client machines has installed, updated its virus signatures, and then done an initial scan of the destination computer. This seems good. What doesn't seem to be consistently happening, however, is the reporting back to the web console that the software has been installed, the signature db status, etc. The client machine in the Web Console will continue to have the "O" symbol, rather than the green checkmark, or orange alert, or red exclamation point. No matter what I try or how long I wait, the machine's status doesn't seem to update. I'm not sure I understand the ESET system enough to determine where the responsibility for this status reporting and updating lies - is this a client setting, or a server setting? The fact that about 95 of my 200 machines ARE showing a status makes me think it's not an issue with my firewalls/vlans, but maybe I'm wrong. Is it time-based - that is, if I wait long enough, will machines communicate back to the server their status - or is it triggered by a server task that I've left undone? I'd very much appreciate any guidance the community could offer. Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted August 20, 2015 Administrators Share Posted August 20, 2015 I'd suggest opening status.html in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\ on a problematic client and making sure that no error is shown. Then check the agent trace log for information about possible issues. Link to comment Share on other sites More sharing options...
EEllis 0 Posted August 20, 2015 Author Share Posted August 20, 2015 Thank you, Marcos, for your response. Here's what I found in the status.html file on one of the machines that weren't showing up in the web console: Last replication 2015-Aug-20 18:35:24 Error: CReplicationManager: Replication (network) connection to 'host: "ESET01.lcad.local" port: 2222' failed with: Unable to resolve any endpoints.resolve: (0x2afc), The requested name is valid, but no data of the requested type was found There's a similar message shown in the trace log. From the machine, I can ping and nslookup the server without issue, though I can't test port 2222 with ping, obviously. I found an item on the forum https://forum.eset.com/topic/4554-creplicationmodule-error/ which suggests I change from the FQDN to an IP address, but I'm not sure where I'd make the address change. What might you suggest next? Link to comment Share on other sites More sharing options...
patent 0 Posted September 4, 2015 Share Posted September 4, 2015 (edited) I'm also interested in this, where do we need to change the fqdn to the ip address? /le For anyone interested, here's where you need to change the fqdn with the ip address of the server When deploying an agent remotely, on the settings page, enter the actual IP of the ERA server, not the PC name When the agent is already deployed, but is not reporting back, create a policy for the Remote Administrator Agent and in the Connection page, click Edit server list and add your server's IP I found all of this on my own and it worked for me on some machines, although on other i still have trouble getting the right info from the agent. Edited October 1, 2015 by patent Link to comment Share on other sites More sharing options...
Recommended Posts