Problem updating endpoints

Thank you very much for this software which is very useful for managing home networks as well as commercial ones!

Now for my problem. When I try to update the CIS client in either of the endpoints, I get the error below. Both computers have internet access, disabling firewall has no effect. I can ping 91.199.212.171, but get inconsistent results, pinging 91.199.212.171:80 fails (not sure you can ping a port?). Telnet is installed but connection to 91.etc on port 23 fails, on port 80 hangs giving appended error. I do not generally have internet access problems.

I have noticed that when it checks for updates it does not wait long before giving the error below, maybe 0.5 of a second. Is the timeout rather short? Is there a re-try?

If I try manually updating the 2731 CIS version using the offline ESM updater downlaoded onto that machine it reports that it is up to date. Seems unlikely but maybe it is - is it? I realize that the CIS on my admin machine is up to date, I was just checking if the problem was machine-specific.

Win 7 SP1
Admin account
ESM version attached
No other security software installed except various Comodo software
Managed CIS builds: Admin machine 2860, client 2731

[attachment deleted by admin]

Hi mouse1,

We are happy that our software is of benefit to you and thank you for your compliments.

Please could you let us know what happens if you run these 2 commands in a command prompt?

telnet download.comodo.com 80
telnet downloads.comodo.com 80

Could you also please (directly from the managed endpoint) run the update and while it is running do this in a command prompt?

netstat -abno > c:\comodotest.txt

open up that txt file and see if there is an established connection during the update session, if not then we need to work out why the connection isn’t initialising or is failing

Regards,
Michel.

OK on the machine with ESM installed, the two telnet commands fail with the 400 error as above. There’s nothing to indicate why in the CIS FW log.

I append the result from the other machine. I used update from the main CIS GUI - is that right?

I could only manage -bno switches the -a switch caused the command to hang on Windows XP.

[attachment deleted by admin]

Are you endpoints configured to get their updates from download.comodo.com or from the ESM server?

Regards,
M.

Download.comodo.com in both cases, in advanced settings ~ general setttings

TCP 192.168.1.10:1084 91.199.212.171:80 CLOSE_WAIT 1856

says that there must have been a connection attempt at least.

OK on the machine with ESM installed, the two telnet commands fail with the 400 error as above

did you try a telnet from the endpoints too? result?

from your ESM console, could you please open the properties of each endpoint and let me know the version of CES you are using? could you also please tell me the version of ESM you are using?

were the endpoints upgraded from a previous version of CIS/CES or were the CES agent freshly installed?

One endpoint is on the ESM server. On the other it fails too, with a 400 error. No event in firewall log.

from your ESM console, could you please open the properties of each endpoint and let me know the version of CES you are using? could you also please tell me the version of ESM you are using?
In first post, but to re-iterate and be more specific. On ESM server I have CIS 2860 endpoint, on remote endpoint I have CES 2731
were the endpoints upgraded from a previous version of CIS/CES or were the CES agent freshly installed?
2860 was freshly installed manually apart from a 2708 (I think) config being imported. Mode is tailored Proactive minus HIPS. 2731 was freshly installed by the ESM server. Main config change HIPS & Firewall turned on.

Best wishes

Mike

I should say that ESM does not appear to ‘see’ CIS 2860

I think it was able to see past CIS versions as well as CES versions, but maybe I have that wrong.

What is the current highest CES version? I was trying to update because 2731 is a bit heavy on my remote XP machine. CIS 2860 seems more efficient than CIS 2708 on my server machine, so I thought am updated version of CES might run lighter on the XP machine.

ESM will see CES versions 6.0.268128.2731, 6.1.276867.2813 & 6.2.282872.2847. ESM will not see any versions of CIS.

I am puzzled that telnet (never mind CES at the moment) can’t connect to download.comodo.com. Can you see any connection attempts in your router logs?

Upgrade ESM (https://downloads.comodo.com/cesm/download/setups/CESM_Setup_3.0.60716.1_Full.exe) and please let us know what happens.

Thanks for your prompt responses, much appreciated.

Yes it is logged by my hardware firewall as a passed outbound. And remember a response is being received ‘400: Bad request’. Perhaps someone could look at the server logs?

I tried port 23 and got connect failure, as you would expect, just to confirm it was connecting in the first case - the behavior is quite different. Basically on port 80 telnet appears to connect but hang. Presumably its not sure how to handle an http: error message. I get the error message when I ^C out of telnet. This is the basic windows telnet client which is pretty rubbish.

Using port 23 to identify the packet, I get a DNS translation of: 91.199.212.171. Is there an aberrant server?

Does updating ESM need a reboot - if so I will have to wait until next scheduled maintenance, I’m afraid. But I will do it then.

Hi,

No, updating the ESM server does not require a reboot, it is merely a service stop/ service start exercise.

Going to ask some questions of out infra dept. about the updates tho’. Please bear with me.

Regards,
M.

Reply is…

“need to open download.comodo.com and downloads.comodo.com and it’s not single ip”

Worth a shot?

Regards,
M.

Thanks - good design - will try that tomorrow. Away today.

Best wishes

Mike

Hmm not really sure what they mean. Are they talking about the CIS/CES FW - remember there is nothing in the CIS/CES logs. Both the ESM server and the remote endpoint are in safe mode.

Update: I just made the ESM server CRMSrvService.exe an allowed app in CIS FW just in case of CIS bugs. Still same error.

Could they give us the IPs? URLS are a fragile way of making FW rules. Will PM you my static IP so they cn check logs.

Would it be a good idea to post a download link in a sticky announcement post? That is if you would like home as well as business users.

Just a thought

Mike

OK updated ESM to the latest version and added SMTP email to config as requested.

Unfortunately this is what I get now when try to update the remote endpoint that is running CES 2731 - a greyed out screen on which I cannot select anything.

[attachment deleted by admin]

Hi,

Please return to the Computers UI, click on ‘Add’, select IP Address,add one machine, follow the process through to where you get to ‘Packages’ and download the latest versions. Keep going until you need to click the ‘Finish’ button.

This will pull the deploy-able packages down.

Regards,
Michel.

Ta Michel will do. Ha you are a hard worker - much appreciated!

Though they we registered as managed computers in the last version, and still get listed on the computers display now. The one marked “Dell” (only) is the one I just tried to update.

[attachment deleted by admin]

Frustratingly it just remembers that it is already managing Dell. See screenshot below. Next screen (after I give credentials) is the same greyed out screen as before.

[attachment deleted by admin]

Aha sorry if I just ignore that and carry on it says ready to deploy on next screen. Silly me. I should carry on at that point?