Jump to content

Recommended Posts

Posted

Hello to all.

I just finished installing my ERA Server. I deployed a virtual appliance on a Xenserver.

After the creation of the VA has finished I entered the web console and completed the ERA server appliance parameters.

Didn't know where to start so I decided to first add a license in license management.

So, when I add the license key after a few seconds I get the message that it failed to add the license because it failed to connect to the licensing server.

I went to the VAs console and pinged with success the following: 

register.eset.com 91.228.165.81

register.eset.com 91.228.167.125

h1-weblb01-v.eset.com 91.228.165.79

h3-weblb01-v.eset.com 91.228.167.123

 

Should I have to check anything else?

 

Thank you in advance.

 

  • ESET Staff
Posted

For start I would try to ping edf.eset.com to check whether network access is available. Also SERVER's trace log /var/log/eset/RemoteAdministrator/Server/trace.log may contain more detailed information why license synchronization fails (search for errors).

Posted

For start I would try to ping edf.eset.com to check whether network access is available. Also SERVER's trace log /var/log/eset/RemoteAdministrator/Server/trace.log may contain more detailed information why license synchronization fails (search for errors).

 

I cannot get a reply from edf.eset.com, not even from my desktop. It resolves its IP but I'm getting a time out error.

 

Regarding the log error, I found this.

 

2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: LicenseModuleHelper: AssociateOrReassociateSeatIfNecessary:

Transparent seat association for action 'LinkSeatPoolByKey' failed.

2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: AddPoolByLicenseKey: Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure).

2016-06-27 08:59:37 Error: ConsoleApiModule [Thread 7fed57be5700]: 13476 Error while processing AddPoolByLicenseKey 29789: AddPoolByLicenseKey:

Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure).

 

It looks like communication error. Correct?

  • Administrators
Posted

You must be able to open https://edf.eset.com/edf in a browser (a short xml would appear). If not, something (proxy, firewall, ISP) must be blocking access to that ESET's server.

Posted

When I try to open the address in a web browser I get te following:

 

20101001Unsupported Content-type: unknown

 

 

I cannot open it of course through the ERA server because it's a virtual appliance.  

Posted

When I open it in my web browser (firefox) it opens correctly. Just FYI.

 

 

<ecp:message><ecp:response><code>20101001</code><message>Unsupported Content-type: unknown</message></ecp:response></ecp:message>

 

Sounds like it does for you too.

  • ESET Staff
Posted

Regarding the log error, I found this.

 

 

2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: LicenseModuleHelper: AssociateOrReassociateSeatIfNecessary:

Transparent seat association for action 'LinkSeatPoolByKey' failed.

2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: AddPoolByLicenseKey: Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure).

2016-06-27 08:59:37 Error: ConsoleApiModule [Thread 7fed57be5700]: 13476 Error while processing AddPoolByLicenseKey 29789: AddPoolByLicenseKey:

Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure).

 

It looks like communication error. Correct?

 

 

Yes, it is communication/network error. SERVER is either not able to resolve hostname edf.eset.com to IP addresses or connection cannot be established. Any chance you have company firewall that could possibly block communication on standard HTTPS (443) port?

Posted

When I ping it resolves the IP. But I am not getting a reply:

 

[root@era ~]# ping edf.eset.com

PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data.

 

No the firewall doesn't block https.

Posted

When I open it in my web browser (firefox) it opens correctly. Just FYI.

 

 

<ecp:message><ecp:response><code>20101001</code><message>Unsupported Content-type: unknown</message></ecp:response></ecp:message>

 

Sounds like it does for you too.

 

Thank you.

Posted

When I ping it resolves the IP. But I am not getting a reply:

 

[root@era ~]# ping edf.eset.com

PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data.

 

No the firewall doesn't block https.

 

From the coloring of ssh client and root user my guess is that you are using virtual appliance?

Did you install and configure apache proxy for clients?

 

Check "How do I enable Apache HTTP proxy on my ERA Virtual Appliance after initial configuration?" on:

 

hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?va_faq.htm

Posted

 

When I ping it resolves the IP. But I am not getting a reply:

 

[root@era ~]# ping edf.eset.com

PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data.

 

No the firewall doesn't block https.

 

From the coloring of ssh client and root user my guess is that you are using virtual appliance?

Did you install and configure apache proxy for clients?

 

Check "How do I enable Apache HTTP proxy on my ERA Virtual Appliance after initial configuration?" on:

 

hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?va_faq.htm

 

 

Correct. As I said earlier I am using a virtual appliance installed on a XenServer environment. 

No I hadn't enabled Apache HTTP proxy on ERA VA but I did after your post!

Posted

 

 

When I ping it resolves the IP. But I am not getting a reply:

 

[root@era ~]# ping edf.eset.com

PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data.

 

No the firewall doesn't block https.

 

From the coloring of ssh client and root user my guess is that you are using virtual appliance?

Did you install and configure apache proxy for clients?

 

Check "How do I enable Apache HTTP proxy on my ERA Virtual Appliance after initial configuration?" on:

 

hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?va_faq.htm

 

 

Correct. As I said earlier I am using a virtual appliance installed on a XenServer environment. 

No I hadn't enabled Apache HTTP proxy on ERA VA but I did after your post!

 

 

check configuration:

 

hxxp://help.eset.com/era_install/63/en-US/http_proxy_installation_linux.htm

Posted

So the problem of not connecting to the licensing server has to do with Apache config?

Posted

So the problem of not connecting to the licensing server has to do with Apache config?

 

Should not be the case. Client's and ERA should connect directly to ESET servers, my guess is that you have proxy setting configured in policy.

Posted

 

So the problem of not connecting to the licensing server has to do with Apache config?

 

Should not be the case. Client's and ERA should connect directly to ESET servers, my guess is that you have proxy setting configured in policy.

 

 

In ERA server you mean? It is a fresh new installation...

Posted

 

 

So the problem of not connecting to the licensing server has to do with Apache config?

 

Should not be the case. Client's and ERA should connect directly to ESET servers, my guess is that you have proxy setting configured in policy.

 

 

In ERA server you mean? It is a fresh new installation...

 

 

True, not in new installation. Check this post https://forum.eset.com/topic/6230-activating-era-62-error/?hl=licensemodule

Posted

 

True, not in new installation. Check this post https://forum.eset.com/topic/6230-activating-era-62-error/?hl=licensemodule

 

 

 

I don't think it applies on my case. It talks about firewall rules and Windows installation. I will try to update tomorrow XenServer to the latest version (6.5) and install XenTools to check that it hasn't anything to do with the installation or not.

  • ESET Staff
Posted

When I ping it resolves the IP. But I am not getting a reply:

 

This ESET machine is not replying to ping request, therefore this output - but IP seems t obe resolved correctly. In order to verify connection, you may also try this command:

openssl s_client -connect edf.eset.com:443

It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA.

Posted
openssl s_client -connect edf.eset.com:443

It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA.

 

 

I've tried it.

[root@era /]# openssl s_client -connect edf.eset.com:443

socket: Connection timed out

connect:errno=110

Posted

 

openssl s_client -connect edf.eset.com:443

It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA.

 

 

I've tried it.

[root@era /]# openssl s_client -connect edf.eset.com:443

socket: Connection timed out

connect:errno=110

 

 

This is my output:

 

CONNECTED(00000003)

depth=1 C = US, O = "thawte, Inc.", OU = Domain Validated SSL, CN = thawte DV SSL SHA256 CA

verify error:num=20:unable to get local issuer certificate

verify return:0

---

Certificate chain

 0 s:/CN=edf.eset.com

   i:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL SHA256 CA

 1 s:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL SHA256 CA

   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=© 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIEejCCA2KgAwIBAgIQIGl32e02Z73kexiNsGydyDANBgkqhkiG9w0BAQsFADBl

MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE

b21haW4gVmFsaWRhdGVkIFNTTDEgMB4GA1UEAxMXdGhhd3RlIERWIFNTTCBTSEEy

NTYgQ0EwHhcNMTUwMTEyMDAwMDAwWhcNMTcwMTExMjM1OTU5WjAXMRUwEwYDVQQD

DAxlZGYuZXNldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG

HEYSr1+zpVMbOW0OHPic+AdHQSHc0BuLJHbVqTUC8gG8rE1B2VBz8uKADYWPKI+J

LIvL1gqnlp4iU9R+Ihkem8mHNGdxR/OpsQhy3mVPYhNeiE8DuQerABQVro61kg9K

4ix0R37x2It1TDZCYQHXMDrDwRG0AHFNbxhkRBisICk9Dnq6HiSwp8KktNnf6IKV

XUMMD36CsotcPd5A5TOpKxcX0JUAbdquKKlZxXwm2KKGNtaaiymsGbDF/sCqZfgC

Dj8cHwHFXXlyT3Chlj7EFGcWMQIU+ZOaeAVNDsF31YiqzxuZWiZvnFvGZky1p6BT

yCtcObY5GWWVjUvLa4f3AgMBAAGjggFyMIIBbjAXBgNVHREEEDAOggxlZGYuZXNl

dC5jb20wCQYDVR0TBAIwADArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdG0uc3lt

Y2IuY29tL3RtLmNybDByBgNVHSAEazBpMGcGCmCGSAGG+EUBBzYwWTAmBggrBgEF

BQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwh

aHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MB8GA1UdIwQYMBaAFH0p

MS/BHm6uMQVqs+sczandroCaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr

BgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo

dHRwOi8vdG0uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdG0uc3ltY2Iu

Y29tL3RtLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAM3oYfThOui6KydglWVW1MTgA

hGZzd5kkLuJi7tEfbqbhr4Ysa0kGg4cMklMEnbWhhCY5xds8VBcacLmxEG3HZF3j

DvmfKlm0hIg0cTS9YCKM83v3n3HK6zIphKNYiNxI4v+a/quFr7Vsj/3vBfToF55o

Zcwbn5lB7Q+7rQnu3mnbFx4vWcRs2Fbiqs9JljxOpWgWHoWQmGykUGLdP/vuakLe

4FerbQqVmSnEk7QyabkLbY9556isfa1Z2eMcQcFAdkoSUCyG37i47pGK0yQGxSje

Ej/nAtc2J4kXpUgdvXA/AKE+VswfainR05roRijYUew5ogvWzK4AQ49k0tQrgA==

-----END CERTIFICATE-----

subject=/CN=edf.eset.com

issuer=/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL SHA256 CA

---

No client certificate CA names sent

---

SSL handshake has read 3076 bytes and written 415 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

    Session-ID: 623958F8E73B0F5AD3F35364281AF16E56E3585051E9FF178993A72D2F9F4A87

    Session-ID-ctx:

    Master-Key: 5879CCBA56B80E53E0A66907C5EF30C0DE812EB25FD037AFACF67983E1DC5D8344FAB7E04A3D47D42565541C1F949630

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket lifetime hint: 300 (seconds)

    TLS session ticket:

    0000 - 5b 06 e1 22 e4 b9 99 33-d7 ed 72 cc ee 71 30 ee   [.."...3..r..q0.

    0010 - cd 26 27 e6 aa 39 01 24-26 06 a0 9b f8 6c 91 f3   .&'..9.$&....l..

    0020 - 1c 57 3b de c7 40 c4 fb-cb 73 74 29 6f 88 0d 46   .W;..@...st)o..F

    0030 - 24 24 5b ff c3 38 96 bc-03 99 ae 49 b5 8b 22 ee   $$[..8.....I..".

    0040 - b5 3a 41 10 94 eb 1a 17-94 b9 79 5d df 96 be 17   .:A.......y]....

    0050 - 87 a9 6e 18 99 4f a0 e0-22 43 20 56 40 d0 e5 4e   ..n..O.."C V@..N

    0060 - 3e e6 7f e4 18 29 a6 e7-51 eb ff a9 6c 31 1f 47   >....)..Q...l1.G

    0070 - 11 4a 03 4e 3c ce d5 47-d4 1b ef 21 e5 6c 34 b9   .J.N<..G...!.l4.

    0080 - 4a 52 ac c9 f6 5d d9 83-30 1e aa 57 da 64 9b 0c   JR...]..0..W.d..

    0090 - c2 5a 3f a0 89 59 4e 76-3f eb 6e cb 91 5e 39 ac   .Z?..YNv?.n..^9.

    00a0 - 82 19 a2 eb 5e ae a5 8b-f0 c4 fc 6a e4 cd d1 a2   ....^......j....

    Start Time: 1467035492

    Timeout   : 300 (sec)

    Verify return code: 20 (unable to get local issuer certificate)

 

  • ESET Staff
Posted

 

openssl s_client -connect edf.eset.com:443

It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA.

 

 

I've tried it.

[root@era /]# openssl s_client -connect edf.eset.com:443

socket: Connection timed out

connect:errno=110

 

 

That is definitely not correct -> it should have output as provided by bbahes. Please re-run command with some different HTTPS-enabled site, for example www.google.com:443 to check whether SSL works correctly.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...