GeorgeC 0 Posted June 24, 2016 Posted June 24, 2016 Hello to all. I just finished installing my ERA Server. I deployed a virtual appliance on a Xenserver. After the creation of the VA has finished I entered the web console and completed the ERA server appliance parameters. Didn't know where to start so I decided to first add a license in license management. So, when I add the license key after a few seconds I get the message that it failed to add the license because it failed to connect to the licensing server. I went to the VAs console and pinged with success the following: register.eset.com 91.228.165.81 register.eset.com 91.228.167.125 h1-weblb01-v.eset.com 91.228.165.79 h3-weblb01-v.eset.com 91.228.167.123 Should I have to check anything else? Thank you in advance.
ESET Staff MichalJ 434 Posted June 24, 2016 ESET Staff Posted June 24, 2016 It should have connection to https://edf.eset.com/edf
GeorgeC 0 Posted June 24, 2016 Author Posted June 24, 2016 It should have connection to https://edf.eset.com/edf OK, and how to check this?
ESET Staff MartinK 384 Posted June 27, 2016 ESET Staff Posted June 27, 2016 For start I would try to ping edf.eset.com to check whether network access is available. Also SERVER's trace log /var/log/eset/RemoteAdministrator/Server/trace.log may contain more detailed information why license synchronization fails (search for errors).
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 For start I would try to ping edf.eset.com to check whether network access is available. Also SERVER's trace log /var/log/eset/RemoteAdministrator/Server/trace.log may contain more detailed information why license synchronization fails (search for errors). I cannot get a reply from edf.eset.com, not even from my desktop. It resolves its IP but I'm getting a time out error. Regarding the log error, I found this. 2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: LicenseModuleHelper: AssociateOrReassociateSeatIfNecessary: Transparent seat association for action 'LinkSeatPoolByKey' failed. 2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: AddPoolByLicenseKey: Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure). 2016-06-27 08:59:37 Error: ConsoleApiModule [Thread 7fed57be5700]: 13476 Error while processing AddPoolByLicenseKey 29789: AddPoolByLicenseKey: Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure). It looks like communication error. Correct?
Administrators Marcos 5,461 Posted June 27, 2016 Administrators Posted June 27, 2016 You must be able to open https://edf.eset.com/edf in a browser (a short xml would appear). If not, something (proxy, firewall, ISP) must be blocking access to that ESET's server.
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 When I try to open the address in a web browser I get te following: 20101001Unsupported Content-type: unknown I cannot open it of course through the ERA server because it's a virtual appliance.
jimwillsher 65 Posted June 27, 2016 Posted June 27, 2016 When I open it in my web browser (firefox) it opens correctly. Just FYI. <ecp:message><ecp:response><code>20101001</code><message>Unsupported Content-type: unknown</message></ecp:response></ecp:message> Sounds like it does for you too.
ESET Staff MartinK 384 Posted June 27, 2016 ESET Staff Posted June 27, 2016 Regarding the log error, I found this. 2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: LicenseModuleHelper: AssociateOrReassociateSeatIfNecessary: Transparent seat association for action 'LinkSeatPoolByKey' failed. 2016-06-27 08:59:37 Error: LicenseModule [Thread 7fed5adea700]: AddPoolByLicenseKey: Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure). 2016-06-27 08:59:37 Error: ConsoleApiModule [Thread 7fed57be5700]: 13476 Error while processing AddPoolByLicenseKey 29789: AddPoolByLicenseKey: Failed to add pool by license key, because connection to the licensing server failed. Error: CEcpCommunicator: Failed to send XML request message, error=20003 (connection failure). It looks like communication error. Correct? Yes, it is communication/network error. SERVER is either not able to resolve hostname edf.eset.com to IP addresses or connection cannot be established. Any chance you have company firewall that could possibly block communication on standard HTTPS (443) port?
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 When I ping it resolves the IP. But I am not getting a reply: [root@era ~]# ping edf.eset.com PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data. No the firewall doesn't block https.
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 When I open it in my web browser (firefox) it opens correctly. Just FYI. <ecp:message><ecp:response><code>20101001</code><message>Unsupported Content-type: unknown</message></ecp:response></ecp:message> Sounds like it does for you too. Thank you.
bbahes 29 Posted June 27, 2016 Posted June 27, 2016 When I ping it resolves the IP. But I am not getting a reply: [root@era ~]# ping edf.eset.com PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data. No the firewall doesn't block https. From the coloring of ssh client and root user my guess is that you are using virtual appliance? Did you install and configure apache proxy for clients? Check "How do I enable Apache HTTP proxy on my ERA Virtual Appliance after initial configuration?" on: hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?va_faq.htm
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 When I ping it resolves the IP. But I am not getting a reply: [root@era ~]# ping edf.eset.com PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data. No the firewall doesn't block https. From the coloring of ssh client and root user my guess is that you are using virtual appliance? Did you install and configure apache proxy for clients? Check "How do I enable Apache HTTP proxy on my ERA Virtual Appliance after initial configuration?" on: hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?va_faq.htm Correct. As I said earlier I am using a virtual appliance installed on a XenServer environment. No I hadn't enabled Apache HTTP proxy on ERA VA but I did after your post!
bbahes 29 Posted June 27, 2016 Posted June 27, 2016 When I ping it resolves the IP. But I am not getting a reply: [root@era ~]# ping edf.eset.com PING edf-pcs.cloudapp.net (137.135.12.16) 56(84) bytes of data. No the firewall doesn't block https. From the coloring of ssh client and root user my guess is that you are using virtual appliance? Did you install and configure apache proxy for clients? Check "How do I enable Apache HTTP proxy on my ERA Virtual Appliance after initial configuration?" on: hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?va_faq.htm Correct. As I said earlier I am using a virtual appliance installed on a XenServer environment. No I hadn't enabled Apache HTTP proxy on ERA VA but I did after your post! check configuration: hxxp://help.eset.com/era_install/63/en-US/http_proxy_installation_linux.htm
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 So the problem of not connecting to the licensing server has to do with Apache config?
bbahes 29 Posted June 27, 2016 Posted June 27, 2016 So the problem of not connecting to the licensing server has to do with Apache config? Should not be the case. Client's and ERA should connect directly to ESET servers, my guess is that you have proxy setting configured in policy.
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 So the problem of not connecting to the licensing server has to do with Apache config? Should not be the case. Client's and ERA should connect directly to ESET servers, my guess is that you have proxy setting configured in policy. In ERA server you mean? It is a fresh new installation...
bbahes 29 Posted June 27, 2016 Posted June 27, 2016 So the problem of not connecting to the licensing server has to do with Apache config? Should not be the case. Client's and ERA should connect directly to ESET servers, my guess is that you have proxy setting configured in policy. In ERA server you mean? It is a fresh new installation... True, not in new installation. Check this post https://forum.eset.com/topic/6230-activating-era-62-error/?hl=licensemodule
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 True, not in new installation. Check this post https://forum.eset.com/topic/6230-activating-era-62-error/?hl=licensemodule I don't think it applies on my case. It talks about firewall rules and Windows installation. I will try to update tomorrow XenServer to the latest version (6.5) and install XenTools to check that it hasn't anything to do with the installation or not.
ESET Staff MartinK 384 Posted June 27, 2016 ESET Staff Posted June 27, 2016 When I ping it resolves the IP. But I am not getting a reply: This ESET machine is not replying to ping request, therefore this output - but IP seems t obe resolved correctly. In order to verify connection, you may also try this command: openssl s_client -connect edf.eset.com:443 It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA.
GeorgeC 0 Posted June 27, 2016 Author Posted June 27, 2016 openssl s_client -connect edf.eset.com:443 It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA. I've tried it. [root@era /]# openssl s_client -connect edf.eset.com:443 socket: Connection timed out connect:errno=110
bbahes 29 Posted June 27, 2016 Posted June 27, 2016 openssl s_client -connect edf.eset.com:443 It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA. I've tried it. [root@era /]# openssl s_client -connect edf.eset.com:443 socket: Connection timed out connect:errno=110 This is my output: CONNECTED(00000003) depth=1 C = US, O = "thawte, Inc.", OU = Domain Validated SSL, CN = thawte DV SSL SHA256 CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/CN=edf.eset.com i:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL SHA256 CA 1 s:/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL SHA256 CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=© 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- MIIEejCCA2KgAwIBAgIQIGl32e02Z73kexiNsGydyDANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEgMB4GA1UEAxMXdGhhd3RlIERWIFNTTCBTSEEy NTYgQ0EwHhcNMTUwMTEyMDAwMDAwWhcNMTcwMTExMjM1OTU5WjAXMRUwEwYDVQQD DAxlZGYuZXNldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG HEYSr1+zpVMbOW0OHPic+AdHQSHc0BuLJHbVqTUC8gG8rE1B2VBz8uKADYWPKI+J LIvL1gqnlp4iU9R+Ihkem8mHNGdxR/OpsQhy3mVPYhNeiE8DuQerABQVro61kg9K 4ix0R37x2It1TDZCYQHXMDrDwRG0AHFNbxhkRBisICk9Dnq6HiSwp8KktNnf6IKV XUMMD36CsotcPd5A5TOpKxcX0JUAbdquKKlZxXwm2KKGNtaaiymsGbDF/sCqZfgC Dj8cHwHFXXlyT3Chlj7EFGcWMQIU+ZOaeAVNDsF31YiqzxuZWiZvnFvGZky1p6BT yCtcObY5GWWVjUvLa4f3AgMBAAGjggFyMIIBbjAXBgNVHREEEDAOggxlZGYuZXNl dC5jb20wCQYDVR0TBAIwADArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdG0uc3lt Y2IuY29tL3RtLmNybDByBgNVHSAEazBpMGcGCmCGSAGG+EUBBzYwWTAmBggrBgEF BQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwh aHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MB8GA1UdIwQYMBaAFH0p MS/BHm6uMQVqs+sczandroCaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo dHRwOi8vdG0uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdG0uc3ltY2Iu Y29tL3RtLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAM3oYfThOui6KydglWVW1MTgA hGZzd5kkLuJi7tEfbqbhr4Ysa0kGg4cMklMEnbWhhCY5xds8VBcacLmxEG3HZF3j DvmfKlm0hIg0cTS9YCKM83v3n3HK6zIphKNYiNxI4v+a/quFr7Vsj/3vBfToF55o Zcwbn5lB7Q+7rQnu3mnbFx4vWcRs2Fbiqs9JljxOpWgWHoWQmGykUGLdP/vuakLe 4FerbQqVmSnEk7QyabkLbY9556isfa1Z2eMcQcFAdkoSUCyG37i47pGK0yQGxSje Ej/nAtc2J4kXpUgdvXA/AKE+VswfainR05roRijYUew5ogvWzK4AQ49k0tQrgA== -----END CERTIFICATE----- subject=/CN=edf.eset.com issuer=/C=US/O=thawte, Inc./OU=Domain Validated SSL/CN=thawte DV SSL SHA256 CA --- No client certificate CA names sent --- SSL handshake has read 3076 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 623958F8E73B0F5AD3F35364281AF16E56E3585051E9FF178993A72D2F9F4A87 Session-ID-ctx: Master-Key: 5879CCBA56B80E53E0A66907C5EF30C0DE812EB25FD037AFACF67983E1DC5D8344FAB7E04A3D47D42565541C1F949630 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 5b 06 e1 22 e4 b9 99 33-d7 ed 72 cc ee 71 30 ee [.."...3..r..q0. 0010 - cd 26 27 e6 aa 39 01 24-26 06 a0 9b f8 6c 91 f3 .&'..9.$&....l.. 0020 - 1c 57 3b de c7 40 c4 fb-cb 73 74 29 6f 88 0d 46 .W;..@...st)o..F 0030 - 24 24 5b ff c3 38 96 bc-03 99 ae 49 b5 8b 22 ee $$[..8.....I..". 0040 - b5 3a 41 10 94 eb 1a 17-94 b9 79 5d df 96 be 17 .:A.......y].... 0050 - 87 a9 6e 18 99 4f a0 e0-22 43 20 56 40 d0 e5 4e ..n..O.."C V@..N 0060 - 3e e6 7f e4 18 29 a6 e7-51 eb ff a9 6c 31 1f 47 >....)..Q...l1.G 0070 - 11 4a 03 4e 3c ce d5 47-d4 1b ef 21 e5 6c 34 b9 .J.N<..G...!.l4. 0080 - 4a 52 ac c9 f6 5d d9 83-30 1e aa 57 da 64 9b 0c JR...]..0..W.d.. 0090 - c2 5a 3f a0 89 59 4e 76-3f eb 6e cb 91 5e 39 ac .Z?..YNv?.n..^9. 00a0 - 82 19 a2 eb 5e ae a5 8b-f0 c4 fc 6a e4 cd d1 a2 ....^......j.... Start Time: 1467035492 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)
ESET Staff MartinK 384 Posted June 27, 2016 ESET Staff Posted June 27, 2016 openssl s_client -connect edf.eset.com:443 It will download remote peer SSL certificate and validate it. Validation should be OK as ve are using system certificate in ERA. I've tried it. [root@era /]# openssl s_client -connect edf.eset.com:443 socket: Connection timed out connect:errno=110 That is definitely not correct -> it should have output as provided by bbahes. Please re-run command with some different HTTPS-enabled site, for example www.google.com:443 to check whether SSL works correctly.
Recommended Posts