Jump to content

Archived

This topic is now archived and is closed to further replies.

BDeep

Linux ESET reported in ERA: "Product is not connected. No connection attempt occurred."

Recommended Posts

I see this regardless whether I install ESET manually or deploy via ERA to Linux servers:

"Product is not connected. No connection attempt occurred."

 

What does this mean?

Share this post


Link to post
Share on other sites

Once AGENT detects older product, it starts listening for connections on port 2225 (may be changed by configuration policy). From security product's perspective, AGENT behaves like ERAv5 Server. Product should be automatically configured to regularly connect to AGENT and this seems to be failing.

 

Could you please verify whether AGENT is listening on mentioned port and also whether configuration of linux product points it to localhost:2225 (should be in ERA section). In case there is SELinux enabled on this machine, I would recommend to switch it to permissive mode and test whether it helped. There may be also problem on AGENT's side of connection - in that case I would search AGENT's trace.log for errors. Also check whether you see at least some data received from linux product (i.e virus database version, product name displayed in main client's view...).

Share this post


Link to post
Share on other sites

Once AGENT detects older product, it starts listening for connections on port 2225 (may be changed by configuration policy). From security product's perspective, AGENT behaves like ERAv5 Server. Product should be automatically configured to regularly connect to AGENT and this seems to be failing.

 

Could you please verify whether AGENT is listening on mentioned port and also whether configuration of linux product points it to localhost:2225 (should be in ERA section). In case there is SELinux enabled on this machine, I would recommend to switch it to permissive mode and test whether it helped. There may be also problem on AGENT's side of connection - in that case I would search AGENT's trace.log for errors. Also check whether you see at least some data received from linux product (i.e virus database version, product name displayed in main client's view...).

 

I see everything from the Agent on these Linux boxes: OS, installed products, ESET products, computer status, etc. for these Linux agents running on default "2222".

Here is the security product: ESET Server Security    ESET, spol. s r.o.    4.5.3.0    151    yes    4.5.3.0     Up-to-date version

Here is the Agent product: ESET Remote Administrator Agent    ESET, spol. s r.o.    6.4.293.0    114    yes    6.4.293.0     Up-to-date version

 

Are you saying change the port in the Agent policy settings for older products to "2222" from "2225"?

Share this post


Link to post
Share on other sites

Actually I meant it little differently - data you checked are fetched by AGENT itself and therefore their presence indicates only that AGENT is working as expected. To verify connection of security product, check whether you see data for columns "VIRUS DB", "SECURITY PRODUCT" and "SECURITY PRODUCT VERSION" in main computers view. These fields are provided by security product itself and in case they will be missing we will known that security product has never been able to communicate with AGENT.

 

There is no need to change port - just make sure AGENT is listening on port (in your case most probably default 2225) using netstat -taun or similar commands. Also make sure ESET Server Security product is actually running.

 

EDIT: it seems that security product won't be running until it is activated. Have you actually provided license during installation. Manual activation is described in section 4 of installation manual. You can also find steps how to check whether it is actually running in the same section.

Share this post


Link to post
Share on other sites

Actually I meant it little differently - data you checked are fetched by AGENT itself and therefore their presence indicates only that AGENT is working as expected. To verify connection of security product, check whether you see data for columns "VIRUS DB", "SECURITY PRODUCT" and "SECURITY PRODUCT VERSION" in main computers view. These fields are provided by security product itself and in case they will be missing we will known that security product has never been able to communicate with AGENT.

 

There is no need to change port - just make sure AGENT is listening on port (in your case most probably default 2225) using netstat -taun or similar commands. Also make sure ESET Server Security product is actually running.

 

EDIT: it seems that security product won't be running until it is activated. Have you actually provided license during installation. Manual activation is described in section 4 of installation manual. You can also find steps how to check whether it is actually running in the same section.

 

I think the activation is what is jamming me up. Those columns are populated. Works fine on individual server install but is there a way to provide license via ERA deployment or am I going to have to manually touch about 90 Linux servers???

Share this post


Link to post
Share on other sites

Unfortunately I am currently not able to verify whether activation task will work for this specific product .. have you tried? It won't break anything in case product was not activated before.

I expected that mentioned columns will be completely missing data - now it seems it actually works (or maybe still works) as expected - have you tried whether security product executes ERA task (for example virus signature update)? There is still a chance that problem is only wrong status reported in ERA which would be less critical.

Share this post


Link to post
Share on other sites

Unfortunately I am currently not able to verify whether activation task will work for this specific product .. have you tried? It won't break anything in case product was not activated before.

I expected that mentioned columns will be completely missing data - now it seems it actually works (or maybe still works) as expected - have you tried whether security product executes ERA task (for example virus signature update)? There is still a chance that problem is only wrong status reported in ERA which would be less critical.

 

Okay, it is licensed but ERA shows "product disconnected" and the client is reporting status to ERA so it is not an agent thing.

[root@Azure-US-3556-VPEPX02 eset]# service esets status
● esets.service - ESET Scanner Daemon
   Loaded: loaded (/usr/lib/systemd/system/esets.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2016-08-02 13:28:56 UTC; 6 days ago

Aug 02 13:28:41 Azure-US-3556-VPEPX02 systemd[1]: Starting ESET Scanner Daemon...
Aug 02 13:28:56 Azure-US-3556-VPEPX02 esets_daemon[870]: error[03660000]: Cannot initialize scanner: Modu...nit
Aug 02 13:28:56 Azure-US-3556-VPEPX02 systemd[1]: esets.service: control process exited, code=exited status=69
Aug 02 13:28:56 Azure-US-3556-VPEPX02 systemd[1]: Failed to start ESET Scanner Daemon.
Aug 02 13:28:56 Azure-US-3556-VPEPX02 systemd[1]: Unit esets.service entered failed state.
Aug 02 13:28:56 Azure-US-3556-VPEPX02 systemd[1]: esets.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@Azure-US-3556-VPEPX02 eset]#

Share this post


Link to post
Share on other sites

Unfortunately I am currently not able to verify whether activation task will work for this specific product .. have you tried? It won't break anything in case product was not activated before.

I expected that mentioned columns will be completely missing data - now it seems it actually works (or maybe still works) as expected - have you tried whether security product executes ERA task (for example virus signature update)? There is still a chance that problem is only wrong status reported in ERA which would be less critical.

Just as an FYI: ERA does push the business license to the endpoint using a license task! :)

 

But still don't know why the product is disconnected. I uninstalled/reinstalled and it worked on one machine but not the others. Note that the one machine that it did work on ESET was previously installed on but it stopped running after about a month.

 

Update: So it looks like a remote install with remote license does everything that it is supposed to do but it doesn't start the product. A system reboot doesn't start it either. Manually launching "service esets start" from the command line after a reinstall of the product on the machines that were not working starts the product.

 

A reboot after manually starting the service auto-launches the "esets" service after reboot. Seems that the product needs a kick-start to get it running after install if done automatically? I know in the manual installation documentation you have to start it manually using init.d but was hoping for something automatic seeing as ERA is pushing the software.Tried ERA "command line" tasks to no avail.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...