Issues with installing FSPMS and FSPMC on Ubuntu. And FSPMC and FSCS on Windows.
Greetings everyone. A relative newbie here. I wonder if I could get some assistance?
Here is my situation. I have two PCs on an intranet (the plan is to add more later).
One is Ubuntu-server 14.01.1 LTS, with Lubuntu GUI installed.
The second is Windows 7 machine.
What I am trying to do, is run F-Secure Policy Manager Server on the Ubuntu machine, and then connect other machines (for now just the Windows one) to that. I am using Policy Manager Console to do that, which I have installed versions of to both the remote Windows and on the Ubuntu that actually runs the server.
PC 1 (Ubuntu):
F-secure Policy Manager Server 64-bit 10.43 (deb file)
F-secure Policy Manager Console 64-bit 10.43 (deb file)
F-secure Automatic Update Agent 64-bit 8.36 (deb file)
PC 2 (Windows 7):
F-secure Policy Manager Console 11.22 (exe file)
(attempted) F-secure Client Security 11.60 (jar file).
- - -
I can connect to the Server IP via the console from both PC1 and PC2. It asks for the login/password, and the login seems to work.
I then used the console to add the IP of the PC 2 under the ”Root” Policy domain in the console by right clicking and choosing ”New Host” and intering the proper IP. That created a new sub-item with the IP of PC2, that shows under both consoles.
I then logged in to the Windows Console, and imported the fscs-11.60.284.jar (F-Secure Client Security 11.60) installation package through the console. It seems to show ok.
And finally, I tried to use the console to install Client Security 11.60 Jar file on the Windows 7 PC2, by clicking Install on the ”Installation” tab, choosing the correct (only) package and properly going through the installation.
Unfortunately, nothing seems to happen. A new line with the operation: Installing F-Secure Client Security 11.60 on ”<correct ip>” host appears. The Status reads: ”In progress”. However it seems to have frozen there. The installation never proceeds further as far as I can see. Just keeps saying In progress”.
Furthermore, if I go to the Status tab, and then check the Centralized management section, I see the following:
Policy in use: Not latest
Policy file timestamp: N/A
Connection status: New, never connected
Last connection: N/A
This seems to imply that there is no communication between the PC1 with the Ubuntu server, and the windows PC2 that I am trying to to install F-Secure Client Security to.
- - -
Also, for the record, if I add the Ubuntu PC as another machine under Root, that too shows things such as ”New, never connected”.
I am somewhat unsure how to proceed here? Does anyone have any idea what I should do now or whats wrong? How do I connect the PC2 properly to the server, and how do I finish installing F-Secure Client Security so it is properly installed and runs on PC2 as it should?
The Windows 7 is not under any NT domain. I have (so far as I can see anyway) added necessary exceptions to the firewall (full access for the console program if I configured it right). I can also ping both machines from each other.
I can also connect to the http://<server-ip> and https://<server-ip>:8080 and https://<server-ip>:8081 from the browser installed in PC2, and managed to reach all of them.
I am stuck right now, and any help that would let me proceed would be very much appreciated.
Thank you very much!
etomcat Posts: 1,319 Superuser
Login to the Windows based PMC 11.22 console. Open the installation package tab. Selected the F-Secure endpoint protection 11.60 package. At the bottom, select export to pre-configured .MSI package and fill in the wizard with all required data.
Deliver the exported .MSI package to the endpoint computer using whatever means available (Active Directory Group policy, WSUS or a USB memory stick, etc.) and run it with admin rights. The computer will then report itself to the PMC as running both F-Secure Management Agent and malware protections.
That's because using traditional, .JAR based direct push install requires significant pre-neutering of built-in security for modern Windows OSes (like Vista, 7,8, 2008, 2012). Remote registry support and admindollar network share must exist, simple file sharing must bve turned OFF and Microsoft's built-in firewall needs a hole or to be turned off entirely to let the push install traffic in.
BTW, my recommendation is not to touch the Linux-based PMC, because it has limited features (no AD support, no push install support, no MSI and no Premium Edition / Software Updater Support). PMS can be on Linux, but console is best on Microsoft platform, like the security sysadmin's personal workstation.
Best Regards: Tamas Feher, 2F 2000, Hungary.6 1Like