Author Topic: Problem updating endpoints  (Read 14904 times)

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11743
  • Linux is free only if your time is worthless.;-)
Re: Problem updating endpoints
« Reply #30 on: August 05, 2013, 07:57:52 AM »
I would never tell it 5.x.x.x so it must have created a default for some reason. The mask makes no sense. 255.0.0.0?

Do you have Comodo Unite or Hamachi (or some other VPN software)? An IP range of 5.X.X.X and a netmask of 255.0.0.0 smells a lot like a VPN adapter.

Just a thought.
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #31 on: August 05, 2013, 08:08:25 AM »
Do you have Comodo Unite or Hamachi (or some other VPN software)? An IP range of 5.X.X.X and a netmask of 255.0.0.0 smells a lot like a VPN adapter.

Just a thought.
Ewen :-)


Makes sense Unite is installed but it is not running. ESM may have automatically picked up the wrong adapter? (5. something is an internal IP range I think? So the mistake would be understandable.)
« Last Edit: August 05, 2013, 08:10:03 AM by mouse1 »

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #32 on: August 06, 2013, 04:57:26 AM »
Thanks to Alan for all his help last night. Report back:

  • By downloading first through Preferences/Packages, then using Computers/Add, it was then possible to select installation/updating of ESM during wizard, and all updated fine. Alan is investigating why the process did not work just by using the Add wizard
  • It appears that if the Unite adapter is installed, ESM installs it's IP as the endpoint IP. To correct this a) disable the Unite adapter b) re-deploy the agent to the server using Computers/Add wizard and add the endpoint using it's IP, but without ticking the option to install ESM c) Stop and restart the server using the ESM config tool.  Alan tried the wizard without success but after his session I found that the initial step of disabling the adapter was required. You can re-enable the Unite adapter afterwards. Alan is trying to replicate so bug can be fixed.
  • One further problem. I discovered that it is still not possible to access the Desktop of the remote endpoint after the above changes. I note that in Killswitch the VNC server on the Endpoint comes up as listening on port 9902. Also that the VNC server appears to have no name in Killswitch, unlike all other listening processes. Telnetting from the ESM server machine on 9901 or 2 does not give a connection or a FW alert. Telnet does function on 23 however and gives a FW alert (allowed and remembered) and establishes a telnet session. Telnetting on 80 gives a connection only (of course, since the Telnet server does not listen on this port, but I guess something else does). Telnetting the ESM agent on its listening port 1818 gives no connection either but does give a firewall alert (allowed and remembered). Disabling CIS/CES firewalls on the endpoint and server does not solve the problem. (The Windows firewall is disabled on both machines). Note the endpoint now has the latest CES version
« Last Edit: August 06, 2013, 05:00:35 AM by mouse1 »

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #33 on: August 07, 2013, 03:36:30 AM »
Error messages when accessing desktop of remote end point

If accessed from Computers display, by clicking on remote endpoint then Desktop icon at bottom of page:
-noVNC ready: native WebSockets, canvas rendering
-Trying to reconnect...
-Connection timeout
 
According to Killswitch, the vnc server is listening, but has no name, on the endpoint on port 9902. Behavior is the same if firewalls both ends (CIS/CES and Windows) are disabled.

Netstats attached. The Endpoint (XP) netstat is run with -bno switches. It will not run with -abno.


[attachment deleted by admin]
« Last Edit: August 07, 2013, 03:46:42 AM by mouse1 »

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #34 on: August 07, 2013, 11:11:15 AM »
Hi,

This...

-noVNC ready: native WebSockets, canvas rendering
-Trying to reconnect...
-Connection timeout

..can be indicative that the ESM server cannot access port 4505 on the Endpoint. Please check router/firewalls etc. to ensure port 4505 is listening (but only for the ESM server's traffic please :))

Regards,
M.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #35 on: August 07, 2013, 11:51:19 AM »
Hi,

This...

-noVNC ready: native WebSockets, canvas rendering
-Trying to reconnect...
-Connection timeout

..can be indicative that the ESM server cannot access port 4505 on the Endpoint. Please check router/firewalls etc. to ensure port 4505 is listening (but only for the ESM server's traffic please :))

Regards,
M.

Thanks Michel for your continued help.

According to Killswitch, nothing is listening on port 4505 on the Endpoint. Tvnserver is listening on 9902 (local).

All firewalls Windows, CIS (ESMserver) , CES (endpoint) are disabled.

It's a NAT router, and there are no services or therefore rules defined for 4505. (Like most NAT routers the local zone is default trusted).

I also get code 1006 on trying to use remote desktop sometimes.

Best wishes

Mike
« Last Edit: August 07, 2013, 04:33:54 PM by mouse1 »

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #36 on: August 08, 2013, 04:20:18 AM »
Can you please check if Comodo ESM VNC Server is running in the EP's services list? You can access this through your ESM UI > Endpoint tile > Properties > Services (or you can do it the old-school style of running services.msc on the EP itself :))

Regards,
M.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: Problem updating endpoints
« Reply #37 on: August 08, 2013, 10:51:42 AM »
Just a little bit of help, perhaps this can solve your remote session issue:

Ports to be opened in your ESM Server: 9901 and 57195 (57193 and 57194 if you want to access the console remotely).

Port to be opened in your Endpoints: 4505

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #38 on: August 09, 2013, 04:00:32 AM »
Can you please check if Comodo ESM VNC Server is running in the EP's services list? You can access this through your ESM UI > Endpoint tile > Properties > Services (or you can do it the old-school style of running services.msc on the EP itself :))

Regards,
M.

Yes it is running. As I said above it is listening on port 9902 according to Killswitch I have checked in the services list.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #39 on: August 09, 2013, 04:04:47 AM »
Just a little bit of help, perhaps this can solve your remote session issue:

Ports to be opened in your ESM Server: 9901 and 57195 (57193 and 57194 if you want to access the console remotely).

Port to be opened in your Endpoints: 4505

Thanks w-e-v that's useful information generally.

Unfortunately in this case the problem happens even with both ESM Server, Endpoint software firewalls disabled.

I cannot see any router rule that could be preventing comms either. It's a domestic NAT router so it should not normally impede local to local comms really should it?

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #40 on: August 09, 2013, 04:07:48 AM »
Yes it is running. As I said above it is listening on port 9902 according to Killswitch I have checked in the services list.

Worth underlining that it appears to be listening on the wrong port.

Also that it is an XP machine. Are there any non-explicit dependencies that need resolving on an XP machine?

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #41 on: August 13, 2013, 04:06:39 AM »
Hi mouse1,

Please see my PM

Regards,
M.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #42 on: August 18, 2013, 04:36:24 PM »
Any further thoughts Michel? Personally I'm wondering if some required Windows service is not present on the XP Endpoint. But the VNC service has no listed dependencies.

(Reply to your PM sent)

Best wishes

Mike

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Problem updating endpoints
« Reply #43 on: August 28, 2013, 10:34:47 AM »
Hi mouse1,

Apologies for the silence, we have just finished building the new ESM release and I and the support guys are familiarizing ourselves with the cool new features.

I expect to be making the release public somewhere around 10th Sept. so I have 2 suggestions for you.

1) Please allow port 9902 on the EP and see if you can VNC on, or
2) Hang on a little bit, upgrade, then see if opening 9902 solves the problem.

Kind regards,
Michel.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11856
Re: Problem updating endpoints
« Reply #44 on: August 30, 2013, 04:09:17 AM »
1) Please allow port 9902 on the EP and see if you can VNC on, or
Does not work even with firewall disabled, so I suppose this will not help?

Quote
2) Hang on a little bit, upgrade, then see if opening 9902 solves the problem.
OK will try it. Deepest puzzle here is why the VNC server on the endpoint is listening on the wrong port (9902) according to Killswitch. I wonder how this is possible? Or maybe the VNC server normally listens on two ports, and is failing to listen on the important one. I think if we could work this out we might be able to resolve the problem. Remember the endpoint is an XP machine. Could there be a missing or disabled service? No formal service dependencies are listed for the VNC service, but one would imagine there must be some......

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek