Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

Policy Manager Connection Windwos10

Hello.
Unfortunately, a Windwos 10 Client not connect with the Policy Manager.
 
Error message:
1 2016-06-24 13: 15: 31 + 02: 00 EDV06 EDV06 \ installation F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent which not able to connect to the server and is now operating in offline mode. (ErrorNumber 12002: The time limit for the operation has been reached.)

The ports are open and through the browser you get the page from the Policy Server.
Policy Manager is Version 12.10 and Windows10 Pro x64 client - Client Security 12.10
 
Any help?

Best Answer

  • RobertoSilvaChuRobertoSilvaChu Posts: 33
    Accepted Answer

    Hi,

     

    To test: Try telnet connection to PMS using 443 port.

     

    Just remember: The version 12.10 uses HTTPS. So be sure the Windows where you installed the PMS have the ports released to 443, 80, 8080, 8081 (if you used the default ports) in the Windows firewall.

     

    Best Regards,

     

    Roberto Chu

Comments

  • BenBen Posts: 2,640

    Hello List, 

     

    Do you see this error repeating often in the logs?

    How many machines are managed by this PM?

     

  • Yes, it´s repeat regularly on the W10 Client.

     

    In the PM are 50 hosts and all works fine. (Win7+2012R2)

    The W10 Client is a test and the only one who don´t communicate withe th PM.

  • etomcatetomcat Posts: 1,316

    Hello,

     

    Maybe the built-in Microsoft firewall hasn't been turned off in Windows 10 for some reason and it is interfering with the new kind-of real time communications protocol between FSPM 12.10 and FSCS 12.10?

     

    Best Regards: Tamas Feher, Hungary.

  • If I turn off the Windwos Firewall there is a new Error Code in the log:

     

    24    2016-07-04  14:24:06+02:00  EDV06  ****\email  F-Secure Management Agent  1.3.6.1.4.1.2213.11.1.15
     F-Secure Management Agent failed in an internal operation. Setting the policy variable 1.3.6.1.4.1.2213.25.1.70.20 (error=-506) was not successful. If the problem persists, please contact the system administrator.

     

    What does it mean?

  • VadVad Posts: 1,048

    Hello list,

     

    1.3.6.1.4.1.2213.25.1.70.20 is F-Secure Internet Shield (Firewall) policy "Firewall Engine Enabled".

    Could it be so, that you disabled not Windows Firewall but F-Secure Firewall?

     

    Best regards,

    Vad

  • So I`ve made a clean install on the W10 Client with F-Secure Client Securtiy 12.10 that was pushed from the Policy Manger. I choose a new Domain with a clean and empty Policy.

     

    Then I disable on the Client the F-Secure Firewall and the Windwos Firewall but there is still no Connection to the Policy Manger. Error is again:

     

    1    2016-07-06  11:06:43+02:00  EDV06  ***\email  F-Secure Management Agent  1.3.6.1.4.1.2213.11.1.14
     F-Secure Management Agent was not able to connect to the server and is now operating in Offline Mode. (error number 12002: Das Zeitlimit für den Vorgang wurde erreicht.  )

     

    But the strange is that it loads the virus definition from the same server without any errors. Is there any difference between Signature and Policy download from the Server?

     

     

  • etomcatetomcat Posts: 1,316

    Hello,

     

    > Then I disable on the Client the F-Secure Firewall and the Windwos Firewall but there is still no Connection to the Policy Manger.

     

    The F-Secure firewall (Internet Shield) always includes a built-in exception for letting through the F-Secure Policy Manager traffic.

     

    > Is there any difference between Signature and Policy download from the Server?

     

    The AV-signature updates are internally digitally signed by F-Secure Corp.'s key, so they are accepted by clients, even if the Policy Manager Server key is broken. The policy settings are signed by the local Policy Manager Server and won't be accepted by clients if the admin./prv/.pub keypair cannot be matched.

     

    Best Regards: Tamas Feher, Hungary.

  • etomcatetomcat Posts: 1,316

    Hello,

     

    I find it absurd that F-Secure Policy Manager's installation wizard still doesn't offer to configure the ports in Microsoft's built-in firewall (Windows Server) or iptables (Linux Server) and the customer has to fiddle manually with the various ports. But F-Secure products' focus is supposed to be ease of use!

     

    Best Regards: Tamas Feher, Hungary.

  • Thank You! I seriously forgot Port 443 in the Firewall...

This discussion has been closed.