davidenco 1 Posted October 5, 2016 Share Posted October 5, 2016 (edited) I manage a network consisting of a server running ESET Remote Admin 6.4.295 with the Apache HTTP Proxy 2.4.20. The licenses are loaded in to ERA too and as it stands there are currently seats available. The clients have ESET Endpoint 6.4.2014 installed and all computers are configured via policies to use the ERA server as the proxy (port 3128). However the clients do not have Internet access; only the ERA server has Internet access. From any client using IE11, navigating to hxxp://era-server:3128/index.html returns "It works!". All computers have the ERA Agent installed. From the ERA server, I have pushed out Endpoint to all clients successfully. The configuration policy has been applied (confirmed by going into Advanced Settings and seeing the padlock icon next to all the proxy options, which also contain the correct proxy details). However from the main screen within Update, it says Activation Required. I have tried to push an activation task to the clients, which results in the following event log in Endpoint: Time;Module;Event;User03/10/2016 12:24:38;ESET Kernel;Activation was not successful: Could not reach activation server.; Any reason why this is happening? Edited October 5, 2016 by davidenco Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted October 5, 2016 ESET Staff Share Posted October 5, 2016 I recommend to check KB2434. It is not clear, but I think you encountered most common activation error ECP.4099 most probably caused by improper HTTP proxy configuration (there are at least two sections with HTTP proxy configuration "Update" and "Tools" .. have you configured both of them?). KB article describes further steps in case of this error in case proxy is configured properly. Link to comment Share on other sites More sharing options...
davidenco 1 Posted October 5, 2016 Author Share Posted October 5, 2016 The "Update" section is set to defaults, as in the update server is set to automatic and AUTOSELECT. Under "Update" > "HTTP Proxy", everything is blank and the dropdown is set to "use global settings". Should both proxy sections be the same, as in pointing to ERA? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted October 5, 2016 ESET Staff Share Posted October 5, 2016 Seems HTTP proxy is configured properly -> try to check second possible issue described as reason of ECP4099 error which is problem with missing root CA certificate required for our server's certificate. Simple check is to open https://ela.eset.comand check whether it's SSL certificate is trusted by this client machine. Link to comment Share on other sites More sharing options...
davidenco 1 Posted October 6, 2016 Author Share Posted October 6, 2016 The client machine does not have Internet access. From the ERA server, I navigated to that URL (which was trusted) and exported the certificate. I imported the certificate on to the client machine and tried to activate again. IT WORKED! But why didn't it work through the proxy without the need to export the certificate? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted October 6, 2016 ESET Staff Share Posted October 6, 2016 In case of HTTPS connections, HTTP proxy "forwards" client's connection to ESET servers without any interference. For client it behaves as client is directly communicating with ESET servers, and that is why client must be able to validate certificates itself. Link to comment Share on other sites More sharing options...
Recommended Posts