Jump to content

Cannot activate ESET products using HTTP Proxy


davidenco

Recommended Posts

I manage a network consisting of a server running ESET Remote Admin 6.4.295 with the Apache HTTP Proxy 2.4.20. The licenses are loaded in to ERA too and as it stands there are currently seats available.

 

The clients have ESET Endpoint 6.4.2014 installed and all computers are configured via policies to use the ERA server as the proxy (port 3128). However the clients do not have Internet access; only the ERA server has Internet access.

 

From any client using IE11, navigating to hxxp://era-server:3128/index.html returns "It works!".

 

All computers have the ERA Agent installed.

 

From the ERA server, I have pushed out Endpoint to all clients successfully. The configuration policy has been applied (confirmed by going into Advanced Settings and seeing the padlock icon next to all the proxy options, which also contain the correct proxy details). However from the main screen within Update, it says Activation Required. I have tried to push an activation task to the clients, which results in the following event log in Endpoint:

 

Time;Module;Event;User
03/10/2016 12:24:38;ESET Kernel;Activation was not successful: Could not reach activation server.;
 

Any reason why this is happening?

Edited by davidenco
Link to comment
Share on other sites

  • ESET Staff

I recommend to check KB2434. It is not clear, but I think you encountered most common activation error ECP.4099 most probably caused by improper HTTP proxy configuration (there are at least two sections with HTTP proxy configuration "Update" and "Tools" .. have you configured both of them?). KB article describes further steps in case of this error in case proxy is configured properly.

Link to comment
Share on other sites

The "Update" section is set to defaults, as in the update server is set to automatic and AUTOSELECT. Under "Update" > "HTTP Proxy", everything is blank and the dropdown is set to "use global settings". Should both proxy sections be the same, as in pointing to ERA?

Link to comment
Share on other sites

  • ESET Staff

Seems HTTP proxy is configured properly -> try to check second possible issue described as reason of ECP4099 error which is problem with missing root CA certificate required for our server's certificate. Simple check is to open https://ela.eset.comand check whether it's SSL certificate is trusted by this client machine.

Link to comment
Share on other sites

The client machine does not have Internet access.

 

From the ERA server, I navigated to that URL (which was trusted) and exported the certificate. I imported the certificate on to the client machine and tried to activate again. IT WORKED!

 

But why didn't it work through the proxy without the need to export the certificate?

Link to comment
Share on other sites

  • ESET Staff

In case of HTTPS connections, HTTP proxy "forwards" client's connection to ESET servers without any interference. For client it behaves as client is directly communicating with ESET servers, and that is why client must be able to validate certificates itself.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...