Thank you very much for this software which is very useful for managing home networks as well as commercial ones!
Now for my problem. When I try to update the CIS client in either of the endpoints, I get the error below. Both computers have internet access, disabling firewall has no effect. I can ping 91.199.212.171, but get inconsistent results, pinging 91.199.212.171:80 fails (not sure you can ping a port?). Telnet is installed but connection to 91.etc on port 23 fails, on port 80 hangs giving appended error. I do not generally have internet access problems.
I have noticed that when it checks for updates it does not wait long before giving the error below, maybe 0.5 of a second. Is the timeout rather short? Is there a re-try?
If I try manually updating the 2731 CIS version using the offline ESM updater downlaoded onto that machine it reports that it is up to date. Seems unlikely but maybe it is - is it? I realize that the CIS on my admin machine is up to date, I was just checking if the problem was machine-specific.
Win 7 SP1
Admin account
ESM version attached
No other security software installed except various Comodo software
Managed CIS builds: Admin machine 2860, client 2731
Could you also please (directly from the managed endpoint) run the update and while it is running do this in a command prompt?
netstat -abno > c:\comodotest.txt
open up that txt file and see if there is an established connection during the update session, if not then we need to work out why the connection isn’t initialising or is failing
says that there must have been a connection attempt at least.
OK on the machine with ESM installed, the two telnet commands fail with the 400 error as above
did you try a telnet from the endpoints too? result?
from your ESM console, could you please open the properties of each endpoint and let me know the version of CES you are using? could you also please tell me the version of ESM you are using?
were the endpoints upgraded from a previous version of CIS/CES or were the CES agent freshly installed?
One endpoint is on the ESM server. On the other it fails too, with a 400 error. No event in firewall log.
from your ESM console, could you please open the properties of each endpoint and let me know the version of CES you are using? could you also please tell me the version of ESM you are using?
In first post, but to re-iterate and be more specific. On ESM server I have CIS 2860 endpoint, on remote endpoint I have CES 2731
were the endpoints upgraded from a previous version of CIS/CES or were the CES agent freshly installed?
2860 was freshly installed manually apart from a 2708 (I think) config being imported. Mode is tailored Proactive minus HIPS.
2731 was freshly installed by the ESM server. Main config change HIPS & Firewall turned on.
I should say that ESM does not appear to ‘see’ CIS 2860
I think it was able to see past CIS versions as well as CES versions, but maybe I have that wrong.
What is the current highest CES version? I was trying to update because 2731 is a bit heavy on my remote XP machine. CIS 2860 seems more efficient than CIS 2708 on my server machine, so I thought am updated version of CES might run lighter on the XP machine.
Thanks for your prompt responses, much appreciated.
Yes it is logged by my hardware firewall as a passed outbound. And remember a response is being received ‘400: Bad request’. Perhaps someone could look at the server logs?
I tried port 23 and got connect failure, as you would expect, just to confirm it was connecting in the first case - the behavior is quite different. Basically on port 80 telnet appears to connect but hang. Presumably its not sure how to handle an http: error message. I get the error message when I ^C out of telnet. This is the basic windows telnet client which is pretty rubbish.
Using port 23 to identify the packet, I get a DNS translation of: 91.199.212.171. Is there an aberrant server?
Does updating ESM need a reboot - if so I will have to wait until next scheduled maintenance, I’m afraid. But I will do it then.
Hmm not really sure what they mean. Are they talking about the CIS/CES FW - remember there is nothing in the CIS/CES logs. Both the ESM server and the remote endpoint are in safe mode.
Update: I just made the ESM server CRMSrvService.exe an allowed app in CIS FW just in case of CIS bugs. Still same error.
Could they give us the IPs? URLS are a fragile way of making FW rules. Will PM you my static IP so they cn check logs.
OK updated ESM to the latest version and added SMTP email to config as requested.
Unfortunately this is what I get now when try to update the remote endpoint that is running CES 2731 - a greyed out screen on which I cannot select anything.
Please return to the Computers UI, click on ‘Add’, select IP Address,add one machine, follow the process through to where you get to ‘Packages’ and download the latest versions. Keep going until you need to click the ‘Finish’ button.
Ta Michel will do. Ha you are a hard worker - much appreciated!
Though they we registered as managed computers in the last version, and still get listed on the computers display now. The one marked “Dell” (only) is the one I just tried to update.
Frustratingly it just remembers that it is already managing Dell. See screenshot below. Next screen (after I give credentials) is the same greyed out screen as before.