Jump to content

ESET File Security not reporting in to ERA server


Recommended Posts

Hi,

 

We have ESET ERAS 5.05 serving circa 175 clients, and ESET File Security 4.5.12011 on all servers.

 

We have about 12 virtual servers running on Hyper-V 2008 which have suddenly stopped communicating with the ERAS as of last night. When I try and manually update them from the mirror I get "Error opening socket". If I manually uninstall and reinstall File Security it works ok, until I reboot at which point it stops again. This behaviour is consistent across all the RDS servers, while none of the rest of the estate appears to be affected. I thought about it being some sort of policy change but forcing a policy update before the second reboot in the above scenario doesn't break it.

 

I have also tried looking at netstat and there's nothing using the ports in question. I can see it communicating on 2222 before the second reboot but after the reboot; nothing.

 

The firewall on all machines is off.

 

Does any one have any ideas?

 

Cheers,

 

Dan

 

Link to comment
Share on other sites

Same problem here since yesterday :-/

 

All my Windows Server 2012R2 machines after last restart stopped communicating with ERA. Not only virtual ones (Hyper-V) but also physical hosts.

 

Exactly the same situation as you described. Tried to uninstall last 2 waves of Windows updates on one machine, but it didn't help.

 

Nothing changed in our network before/after the EFS stopped communicating.

 

Tried with EFS 4.5.12011, 12015 and 12017. All stop communicating and throw "Error opening socket." after reboot.

Edited by PiT
Link to comment
Share on other sites

  • ESET Staff

Hi Dan,

 

That kind of "mysterious" behavior the IT goes to collect logs, like Wireshark, Process Monitor, ESET SysInspector and ESET Log Collector.

With all those logs the investigation starts.

 

Also, seems someone has the same problem: https://forum.eset.com/topic/5932-error-opening-socket/

 

Any particular change of software installed, or else on network/system?

Link to comment
Share on other sites

Same issue, 50 clients out of 900 stopped reporting to ERA last night, the same client are also unable to download new definition files

It's file security 4.5 running on servers.

 

Tried:

reboot

clearing the update cache

 

issue persist, must be related to a update

 

same as:

hxxp://support.eset.com/alert5553/

 

i am waiting on feedback from ESET support.

 

Link to comment
Share on other sites

Same problem here since yesterday.

 

Server displays "Virus signature database could not be updated" & "An error occurred while downloading update files" and won't connect to the Remote Administrator.

 

Windoes Server 2008 R2 Standard. Eset File Security version 4.5.12011, stuck on database 12288. Server hasn't been touched for a while so I can't see what would have changed out of the blue yesterday.

 

Also when I check License Validity I get "License could not be verified. Please enable access to the expiration database server expire.eset.com" but I can still access the web through a browser OK.

 

I've tried clearing update cache, pre-release updates, etc, but still broken.

Link to comment
Share on other sites

Just off the phone with ESET support. Looks like this may not be an isolated issue.

 

TBH we haven't considered an update. We have a number of update projects running through change management at the moment and up to now it AV hasn't been an issue. My understanding, admittedly based on not much reading, is that if we move to v6 we'd have to do it across the board (servers, workstations, ERAServer)?

Link to comment
Share on other sites

  • ESET Moderators

Hello everybody,

We have received similar reports from our customers in the last couple of days and our developers are currently looking into the issue with high priority. We understand this is a pressing matter and we thank you for your patience.

Can you please verify whether ESET Service (ekrn.exe) is able to perform other network connections (such as to check the license on the license server, communicate with ESET Live Grid, etc...)?

Thank you.

Link to comment
Share on other sites

TomasP. Glad to hear it's being worked on.

 

Checking licence server gives this error: "License could not be verified. Please enable access to the expiration database server expire.eset.com"

Not sure how to check Live Grid.

Link to comment
Share on other sites

Same issue here- very sporadic as to what server types it is affecting - some 2008r2, some 2012r2, some VM some physical, some on same subnet as update server, some not-  no clear rhyme or reason as to failure.  

Link to comment
Share on other sites

Hi,

we have Eset File Security Version 4.5.12017.0.

We have a few client which didn't work anymore correctly.

When I reboot the server then I get the Error opening socket.

post-8909-0-52982000-1443016984_thumb.png

 

I can uninstall file security and also do a push install or a local install. After the install I can import the settings from an xml file and also do the virus signature updates.

When I restart the server I will get only the socket error.

I tested with telnet to open the server port. This works also.

I tried also to delete the local cache.

The server shows that he can not connect to the client anymore. I think because he gets the socket error.

Can someone help me please thx.

 

 

 

 

Link to comment
Share on other sites

Having this issue as well. Only seems to be effecting "ESET File Security Microsoft Windows Server 4.5.12017" & not "ESET Endpoint Antivirus 5.0.2237". It would appear that the error starts happening after a reboot of the endpoint. Does not seem to matter whether physical or virtual. Appears to happen on all OS 2003-2012R2.

 

I was chatting with support for about 5 hours yesterday. Once we were able to uninstall ESET FS on an endpoint then reinstall it would check in every 10 minutes as configured & download updates. If I use ProcEx & watch the TCP/IP tab of the ekrn process I see it reach out to the RAC server. But if I restart the endpoint I would get the "Error opening socket" message. Now looking at the TCP/IP tab in ProcEx I don't see it even trying to connect to the RAC server.

 

I have an open case (2 really) with ESET & am waiting to hear back from them. If anyone from ESET is monitoring this thread feel free to reach out to me (trust me when I get to work I'm going to be lighting up their phones). I can reproduce this very easily.

Link to comment
Share on other sites

  • ESET Moderators

Hello everyone,

Upon closer analysis of the situation, the issue seems to be caused by populating the list of running processes (either directly in Tools > Running processes, or by generating an in-product ESI log). The component requests the files' LiveGrid reputation online and if done multiple times, this communication cripples the subsequent network connections of the ekrn.exe process.
Our developers are already working on the fix, we will let you know of any progress.
In the meantime, you can restart ekrn.exe as a workaround (i.e. reboot the PC, or just restart the service in case ESET SelfDefense is disabled) - the communication will work again until the issue is invoked by populating the running processes multiple times again.

Regards,
T.

Link to comment
Share on other sites

Hello everyone,

Upon closer analysis of the situation, the issue seems to be caused by populating the list of running processes (either directly in Tools > Running processes, or by generating an in-product ESI log). The component requests the files' LiveGrid reputation online and if done multiple times, this communication cripples the subsequent network connections of the ekrn.exe process.

Our developers are already working on the fix, we will let you know of any progress.

In the meantime, you can restart ekrn.exe as a workaround (i.e. reboot the PC, or just restart the service in case ESET SelfDefense is disabled) - the communication will work again until the issue is invoked by populating the running processes multiple times again.

Regards,

T.

 

Hi all our FS clients are servers, and reboot is not a option for all of them.

i would think this is the case for most of the customers in this thread. 

Self Defens is enabled by default so.

Link to comment
Share on other sites

Hello everyone,

Upon closer analysis of the situation, the issue seems to be caused by populating the list of running processes (either directly in Tools > Running processes, or by generating an in-product ESI log). The component requests the files' LiveGrid reputation online and if done multiple times, this communication cripples the subsequent network connections of the ekrn.exe process.

Our developers are already working on the fix, we will let you know of any progress.

In the meantime, you can restart ekrn.exe as a workaround (i.e. reboot the PC, or just restart the service in case ESET SelfDefense is disabled) - the communication will work again until the issue is invoked by populating the running processes multiple times again.

Regards,

T.

 

From what I can tell a restart of the server does not get it working again. I was only able to get a server to keep downloading updates by uninstalling, reinstalling & NOT rebooting again.

Link to comment
Share on other sites

 

Hello everyone,

Upon closer analysis of the situation, the issue seems to be caused by populating the list of running processes (either directly in Tools > Running processes, or by generating an in-product ESI log). The component requests the files' LiveGrid reputation online and if done multiple times, this communication cripples the subsequent network connections of the ekrn.exe process.

Our developers are already working on the fix, we will let you know of any progress.

In the meantime, you can restart ekrn.exe as a workaround (i.e. reboot the PC, or just restart the service in case ESET SelfDefense is disabled) - the communication will work again until the issue is invoked by populating the running processes multiple times again.

Regards,

T.

 

From what I can tell a restart of the server does not get it working again. I was only able to get a server to keep downloading updates by uninstalling, reinstalling & NOT rebooting again.

 

 

Exactly the same here. Uninstall+install or update (e.g. from 2011 to 2015 or 2017) and NOT rebooting again. Repair install doesn't work either.

Link to comment
Share on other sites

By creating a sysinspector snapshot you can trigger a update and a connection to ERA. (update during the sysinspector run or right after its completed.)

 

it's not a fix, but it's a workaround to get the updates without rebooting. 

Edited by erlend_oyen
Link to comment
Share on other sites

By creating a sysinspector snapshot you can trigger a update and a connection to ERA. (update during the sysinspector run or right after its completed.)

 

it's not a fix, but it's a workaround to get the updates without rebooting. 

Very interesting. I started a snapshot & immediately while it was running started an update & it worked. As work arounds go that a pretty good one.

Link to comment
Share on other sites

My EFSW server has continued to receive updates and has never received the socket error, but is not connecting to ERA since reboot. Sysinspector workaround also fixes it for me. I hope the fix being tested also resolves this.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...