Jump to content

Endpoint Security 6.3.2016.0 Not detecting known network via DNS suffix on VMware E1000/VMXNET3


cpetry
 Share

Recommended Posts

I've uninstalled/reinstalled and removed/re-added the NIC multiple times.  This is on a Windows 7 x64 VM.  It wouldn't detect the known network I have setup using the DNS suffix on either the E1000 or the VMXNET3.  I had to finally give up and install the regular Endpoint AV 6.3.X product.

 

No known network = firewall blocking ping and everything else we need to run on this Win7 VM.

 

Yes, I did verify policy was applying.  I haven't had this issue on my physical workstations.  The same policy has been working for all of our physical workstations running Windows 7/8/8.1 and 10.

 

 

Link to comment
Share on other sites

I've uninstalled/reinstalled and removed/re-added the NIC multiple times.  This is on a Windows 7 x64 VM.  It wouldn't detect the known network I have setup using the DNS suffix on either the E1000 or the VMXNET3.  I had to finally give up and install the regular Endpoint AV 6.3.X product.

 

No known network = firewall blocking ping and everything else we need to run on this Win7 VM.

 

Yes, I did verify policy was applying.  I haven't had this issue on my physical workstations.  The same policy has been working for all of our physical workstations running Windows 7/8/8.1 and 10.

 

I had this problem on my physical workstations with EES v5. When my workstation was on LAN everything worked, when I put it on WLAN it could not detect trusted zone.

As no one replied from ESET on my problem I had to find quick fix and install ESET Authentication Server (hxxp://www.eset.com/int/download/business/detail/family/1/) for my workstation be able to authenticate to trusted zone. I don't know will v6 clients authenticate to v5 Authentication Server since there is no v6 version.

I figured they fixed "bug" in v6..but obviously not...might be NIC driver problem also...

Edited by bbahes
Link to comment
Share on other sites

I opened a ticket about that app earlier.  I only confirmed it would install on Windows 2012 R2.  So I hope it works with ERA 6.X.

 

So when you set that up did you remove the DNS suffix from the known network identification and just have the network authentication tab filled out?

 

Edit:  They would rather tell their customers they are crazy and leave bugs in play.  If this product hasn't been debugged by the end of the year I'm going to find something that's less buggy and switch my 1,650+ endpoint network to an alternative.  I can always buy metadefender and use ESET as an engine only via their API.  I can still get ESETs detection without their BS.

Edited by cpetry
Link to comment
Share on other sites

I opened a ticket about that app earlier.  I only confirmed it would install on Windows 2012 R2.  So I hope it works with ERA 6.X.

 

So when you set that up did you remove the DNS suffix from the known network identification and just have the network authentication tab filled out?

 

Edit:  They would rather tell their customers they are crazy and leave bugs in play.  If this product hasn't been debugged by the end of the year I'm going to find something that's less buggy and switch my 1,650+ endpoint network to an alternative.  I can always buy metadefender and use ESET as an engine only via their API.  I can still get ESETs detection without their BS.

 

Yes. left only authentication on. I removed all other information.

Link to comment
Share on other sites

Thanks, I'll give that a shot.  I have a test VM building right now (Win7 VM).  

 

Do you know how long the authenticator can be down or unavailable before the clients don't associate the network with the known network?  It would be nice if this network authenticator had a clustering feature.  

 

I wonder if I can setup a Windows cluster, and install it on both clustered VMs to provide redundancy?  Then point the ERA policy network authentication "host" property to the name of the cluster.  I'd hate for the authenticator to go down for any reason and then have my clients lose their known network / trusted zone config.  

 

I think for now, I'll have three known network setups for the same thing, using different identification types for the same network.  One for my domain.local DNS suffix, one for my wireless SSID, and one that has the network authenticator setup with nothing specifying.  So for the few/select systems where the DNS suffix isn't working, the authenticator should pickup for.

 

No idea if that will work but right now I have a small test bed of 60 endpoints for ERA 6 with Endpoint Security 6.

 

So three known networks for my network all with catch-all subnets for the trusted addresses:

DNS Suffix - domain.local

Wireless SSID - domain.local

Network Authentication - domain.local

Edited by cpetry
Link to comment
Share on other sites

Thanks, I'll give that a shot.  I have a test VM building right now (Win7 VM).  

 

Do you know how long the authenticator can be down or unavailable before the clients don't associate the network with the known network?  It would be nice if this network authenticator had a clustering feature.  

 

I wonder if I can setup a Windows cluster, and install it on both clustered VMs to provide redundancy?  Then point the ERA policy network authentication "host" property to the name of the cluster.  I'd hate for the authenticator to go down for any reason and then have my clients lose their known network / trusted zone config.  

 

I think for now, I'll have three known network setups for the same thing, using different identification types for the same network.  One for my domain.local DNS suffix, one for my wireless SSID, and one that has the network authenticator setup with nothing specifying.  So for the few/select systems where the DNS suffix isn't working, the authenticator should pickup for.

 

No idea if that will work but right now I have a small test bed of 60 endpoints for ERA 6 with Endpoint Security 6.

 

I didn't test downtime, since we have small network of 70 clients.

As for cluster feature my guess is that it's forgotten product and no has no future. However I would love to see it's alternative for their linux virtual appliance, since if we where to switch to v6 we would want to save Windows Server license for other roles.

 

I have same setup, for clients that don't identify network via dns, gateway, wins, dhcp they will use authenticator, but I vote for fixing this bug...

Link to comment
Share on other sites

Yeah, I have three known network profiles named like this so I can look at the ESET Endpoint and know how it's identifying the known network --

 

All with catch-all subnets for the trusted addresses:

DNS Suffix - domain.local

Wireless SSID - domain.local

Network Authentication - domain.local

 

If the Network Authenticator had redundancy I'd just use that and ditch the others.  I have a network of 1,650 endpoints so there's no way I want a client to randomly forget the known network / trusted zones.

 

Since you did something similar I'm sure this works.  If this VMs start picking up the known network I'll be happy.  I just didn't want to list a known network for each DNS server.  I have over 16 sites.  I'd hate to maintain more than the three "known networks".  

 

Yeah, they need to fix this bug.  Ridiculous... 

Link to comment
Share on other sites

Yeah, this isn't working.  I have a call with Jared at ESET Monday morning to go over the issue.  The level one support at ESET had no documentation on this issue.  

 

If I use the network authenticator with 6.3.X, it actually doesn't detect any network at all.  

Link to comment
Share on other sites

Yeah, this isn't working.  I have a call with Jared at ESET Monday morning to go over the issue.  The level one support at ESET had no documentation on this issue.  

 

If I use the network authenticator with 6.3.X, it actually doesn't detect any network at all.  

 

Great. One more reason not to switch to v6.

Link to comment
Share on other sites

Yeah, we are upgrading from the AV to the Endpoint Security. That's why we stood up an ERA 6.3.X in parallel to our ERA 5.3x server. The newer version has a few obvious bugs. No idea how they haven't refined this product by now. It's nearly two years old already. Really makes you wonder.

Link to comment
Share on other sites

  • Administrators

Hello,

we've asked the developers about this issue and this is what they suggest:

1, Create a dump of ekrn.exe when a new network is active that was supposed to be recognized but it wasn't. Use Procdump (https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx) and create a dump by running "procdump -ma ekrn". When done, compress it, upload it to a safe location and pm me the download link.

2, You can specify multiple ESET authentication servers delimited by comma.

 

Our goal is to provide you with security software that meets your expectations and does its job perfectly. On the other hand, it's a matter of fact that no software is 100% perfect and issues may occur at times, especially in uncommon scenarios. However, we are committed to work on pinpointing issues you run into with your assistance in as short time as possible. Besides asking for help on this forum, we also strongly recommend contacting Customer care so that the issue is properly tracked. Customer care can communicate with ESET HQ support and developers, if needed to find a resolution.

 

Please report me or other ESET moderators should you have not receive a response from Customer Care and provide details about your country and the ticket ID.

Link to comment
Share on other sites

  • Administrators

Yeah, we are upgrading from the AV to the Endpoint Security. That's why we stood up an ERA 6.3.X in parallel to our ERA 5.3x server. The newer version has a few obvious bugs. 

 

Please elaborate more on this. If it concerns something else than what this topic is about, create a new topic for each of the issues. We'll do our best to respond and address it as soon as possible.

Link to comment
Share on other sites

Hello,

we've asked the developers about this issue and this is what they suggest:

1, Create a dump of ekrn.exe when a new network is active that was supposed to be recognized but it wasn't. Use Procdump (https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx) and create a dump by running "procdump -ma ekrn". When done, compress it, upload it to a safe location and pm me the download link.

2, You can specify multiple ESET authentication servers delimited by comma.

 

Our goal is to provide you with security software that meets your expectations and does its job perfectly. On the other hand, it's a matter of fact that no software is 100% perfect and issues may occur at times, especially in uncommon scenarios. However, we are committed to work on pinpointing issues you run into with your assistance in as short time as possible. Besides asking for help on this forum, we also strongly recommend contacting Customer care so that the issue is properly tracked. Customer care can communicate with ESET HQ support and developers, if needed to find a resolution.

 

Please report me or other ESET moderators should you have not receive a response from Customer Care and provide details about your country and the ticket ID.

 

I don't have time to do this now, but I will try. Better question for developers would be, do they plan to make Authentication server for virtual appliance or linux?

Link to comment
Share on other sites

  • Administrators

I don't have time to do this now, but I will try. Better question for developers would be, do they plan to make Authentication server for virtual appliance or linux?

There are no such plans but we are considering a better solution that would not require an ESET Authentication server for this.
Link to comment
Share on other sites

 

I don't have time to do this now, but I will try. Better question for developers would be, do they plan to make Authentication server for virtual appliance or linux?

There are no such plans but we are considering a better solution that would not require an ESET Authentication server for this.

 

 

Any ETA on release? Feature list?

Edited by bbahes
Link to comment
Share on other sites

Apparently the current ESET Network Authentication app was tombstoned.  It's not even compatible with ERA 6.X.  So they are looking through my procdump and logs to find out why the DNS suffix detection isn't working for the Windows 7 VMs.

Link to comment
Share on other sites

  • Administrators

Apparently the current ESET Network Authentication app was tombstoned.  It's not even compatible with ERA 6.X.

 

Not sure what you mean. The application is not supposed to be compatible with ERA but with Endpoint. And Endpoint v6 supports it. Please tell me your ticket number so that I can check if ESET, LLC has already passed it to the developers at ESET HQ.

Link to comment
Share on other sites

Yeah, and the endpoint gets it's configuration from ERA...  There's a section in ERA for these settings.

Link to comment
Share on other sites

  • 3 months later...

 

I don't have time to do this now, but I will try. Better question for developers would be, do they plan to make Authentication server for virtual appliance or linux?

There are no such plans but we are considering a better solution that would not require an ESET Authentication server for this.

 

 

Any new information regarding ESET Authentication Server for v6?

Link to comment
Share on other sites

  • 1 year later...
On 5/7/2016 at 3:57 PM, Marcos said:
On 5/6/2016 at 1:44 PM, bbahes said:

I don't have time to do this now, but I will try. Better question for developers would be, do they plan to make Authentication server for virtual appliance or linux?

There are no such plans but we are considering a better solution that would not require an ESET Authentication server for this.

Any news @Marcos

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...