Author Topic: Problem updating endpoints  (Read 14684 times)

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Problem updating endpoints
« on: July 28, 2013, 04:23:06 AM »
Thank you very much for this software which is very useful for managing home networks as well as commercial ones!

Now for my problem. When I try to update the CIS client in either of the endpoints, I get the error below. Both computers have internet access, disabling firewall has no effect. I can ping 91.199.212.171, but get inconsistent results, pinging 91.199.212.171:80 fails (not sure you can ping a port?). Telnet is installed but connection to 91.etc on port 23 fails, on port 80 hangs giving appended error. I do not generally have internet access problems.

I have noticed that when it checks for updates it does not wait long before giving the error below, maybe 0.5 of a second. Is the timeout rather short? Is there a re-try?

If I try manually updating the 2731 CIS version using the offline ESM updater downlaoded onto that machine it reports that it is up to date. Seems unlikely but maybe it is - is it? I realize that the CIS on my admin machine is up to date, I was just checking if the problem was machine-specific.


Win 7 SP1
Admin account
ESM version attached
No other security software installed except various Comodo software
Managed CIS builds: Admin machine 2860, client 2731

[attachment deleted by admin]
« Last Edit: July 28, 2013, 04:36:36 AM by mouse1 »

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #1 on: July 29, 2013, 04:47:14 AM »
Hi mouse1,

We are happy that our software is of benefit to you and thank you for your compliments.

Please could you let us know what happens if you run these 2 commands in a command prompt?

telnet download.comodo.com 80
telnet downloads.comodo.com 80

Could you also please (directly from the managed endpoint) run the update and while it is running do this in a command prompt?

netstat -abno > c:\comodotest.txt

open up that txt file and see if there is an established connection during the update session, if not then we  need to work out why the connection isn't initialising or is failing

Regards,
Michel.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #2 on: July 29, 2013, 05:36:37 AM »
OK on the machine with ESM installed, the two telnet commands fail with the 400 error as above. There's nothing to indicate why in the CIS FW log.

I append the result from the other machine. I used update from the main CIS GUI - is that right?

I could only manage -bno switches the -a switch caused the command to hang on Windows XP.

[attachment deleted by admin]

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #3 on: July 29, 2013, 01:45:21 PM »
Are you endpoints configured to get their updates from download.comodo.com or from the ESM server?

Regards,
M.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #4 on: July 29, 2013, 05:18:15 PM »
Are you endpoints configured to get their updates from download.comodo.com or from the ESM server?

Regards,
M.

Download.comodo.com in both cases, in advanced settings ~ general setttings

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #5 on: July 30, 2013, 05:00:16 AM »
TCP    192.168.1.10:1084      91.199.212.171:80      CLOSE_WAIT      1856
> says that there must have been a connection attempt at least.

OK on the machine with ESM installed, the two telnet commands fail with the 400 error as above
> did you try a telnet from the endpoints too? result?

from your ESM console, could you please open the properties of each endpoint and let me know the version of CES you are using? could you also please tell me the version of ESM you are using?

were the endpoints upgraded from a previous version of CIS/CES or were the CES agent freshly installed?

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #6 on: July 30, 2013, 05:41:48 AM »
OK on the machine with ESM installed, the two telnet commands fail with the 400 error as above
> did you try a telnet from the endpoints too? result?
One endpoint is on the ESM server. On the other it fails too, with a 400 error. No event in firewall log.

Quote
from your ESM console, could you please open the properties of each endpoint and let me know the version of CES you are using? could you also please tell me the version of ESM you are using?
In first post, but to re-iterate and be more specific. On ESM server I have CIS 2860 endpoint, on remote endpoint I have CES 2731

Quote
were the endpoints upgraded from a previous version of CIS/CES or were the CES agent freshly installed?
2860 was freshly installed manually apart from a 2708 (I think) config being imported. Mode is tailored Proactive minus HIPS.
2731 was freshly installed by the ESM server. Main config change HIPS & Firewall turned on.

Best wishes

Mike

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #7 on: July 30, 2013, 05:49:40 AM »
I should say that ESM does not appear to 'see' CIS 2860

I think it was able to see past CIS versions as well as CES versions, but maybe I have that wrong.

What is the current highest CES version? I was trying to update because 2731 is a bit heavy on my remote XP machine. CIS 2860 seems more efficient than CIS 2708 on my server machine, so I thought am updated version of CES might run lighter on the XP machine.

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #8 on: July 31, 2013, 05:44:49 AM »
ESM will see CES versions 6.0.268128.2731, 6.1.276867.2813 & 6.2.282872.2847. ESM will not see any versions of CIS.

I am puzzled that telnet (never mind CES at the moment) can't connect to download.comodo.com. Can you see any connection attempts in your router logs?

Upgrade ESM (https://downloads.comodo.com/cesm/download/setups/CESM_Setup_3.0.60716.1_Full.exe) and please let us know what happens.
« Last Edit: July 31, 2013, 05:46:45 AM by MichelB »

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #9 on: July 31, 2013, 06:51:26 AM »
ESM will see CES versions 6.0.268128.2731, 6.1.276867.2813 & 6.2.282872.2847. ESM will not see any versions of CIS.

I am puzzled that telnet (never mind CES at the moment) can't connect to download.comodo.com. Can you see any connection attempts in your router logs?

Upgrade ESM (https://downloads.comodo.com/cesm/download/setups/CESM_Setup_3.0.60716.1_Full.exe) and please let us know what happens.


Thanks for your prompt responses, much appreciated.

Yes it is logged by my hardware firewall as a passed outbound. And remember a response is being received '400: Bad request'. Perhaps someone could look at the server logs?

I tried port 23 and got connect failure, as you would expect, just to confirm it was connecting in the first case - the behavior is quite different. Basically on port 80 telnet appears to connect but hang. Presumably its not sure how to handle an http: error message. I get the error message when I ^C out of telnet. This is the basic windows telnet client which is pretty rubbish.

Using port 23 to identify the packet, I get a DNS translation of: 91.199.212.171. Is there an aberrant server?

Does updating ESM need a reboot - if so I will have to wait until next scheduled maintenance, I'm afraid. But I will do it then.
« Last Edit: July 31, 2013, 06:58:13 AM by mouse1 »

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #10 on: July 31, 2013, 09:44:13 AM »
Hi,

No, updating the ESM server does not require a reboot, it is merely a service stop/ service start exercise.

Going to ask some questions of out infra dept. about the updates tho'. Please bear with me.

Regards,
M.

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #11 on: July 31, 2013, 04:47:09 PM »
Reply is...

"need to open download.comodo.com and downloads.comodo.com and it's not single ip"

Worth a shot?

Regards,
M.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #12 on: August 01, 2013, 02:57:14 AM »
Hi,

No, updating the ESM server does not require a reboot, it is merely a service stop/ service start exercise.

Going to ask some questions of out infra dept. about the updates tho'. Please bear with me.

Regards,
M.
Thanks - good design - will try that tomorrow. Away today.

Best wishes

Mike

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #13 on: August 01, 2013, 03:11:04 AM »
Reply is...

"need to open download.comodo.com and downloads.comodo.com and it's not single ip"

Worth a shot?

Regards,
M.

Hmm not really sure what they mean. Are they talking about the CIS/CES FW - remember there is nothing in the CIS/CES logs. Both the ESM server and the remote endpoint are in safe mode.

Update: I just made the ESM server CRMSrvService.exe an allowed app in CIS FW just in case of CIS bugs. Still same error.

Could they give us the IPs? URLS are a fragile way of making FW rules. Will PM you my static IP so they cn check logs.
« Last Edit: August 02, 2013, 01:24:04 PM by mouse1 »

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11853
Re: Problem updating endpoints
« Reply #14 on: August 02, 2013, 10:04:55 AM »
Would it be a good idea to post a download link in a sticky announcement post? That is if you would like home as well as business users.

Just a thought

Mike

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek