Policy Manager Connection Windwos10

Hello.
Unfortunately, a Windwos 10 Client not connect with the Policy Manager.
 
Error message:
1 2016-06-24 13: 15: 31 + 02: 00 EDV06 EDV06 \ installation F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent which not able to connect to the server and is now operating in offline mode. (ErrorNumber 12002: The time limit for the operation has been reached.)

The ports are open and through the browser you get the page from the Policy Server.
Policy Manager is Version 12.10 and Windows10 Pro x64 client - Client Security 12.10
 
Any help?

Best Answer

Comments

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello List, 

     

    Do you see this error repeating often in the logs?

    How many machines are managed by this PM?

     

  • Yes, it´s repeat regularly on the W10 Client.

     

    In the PM are 50 hosts and all works fine. (Win7+2012R2)

    The W10 Client is a test and the only one who don´t communicate withe th PM.

  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    Maybe the built-in Microsoft firewall hasn't been turned off in Windows 10 for some reason and it is interfering with the new kind-of real time communications protocol between FSPM 12.10 and FSCS 12.10?

     

    Best Regards: Tamas Feher, Hungary.

  • If I turn off the Windwos Firewall there is a new Error Code in the log:

     

    24    2016-07-04  14:24:06+02:00  EDV06  ****\email  F-Secure Management Agent  1.3.6.1.4.1.2213.11.1.15
     F-Secure Management Agent failed in an internal operation. Setting the policy variable 1.3.6.1.4.1.2213.25.1.70.20 (error=-506) was not successful. If the problem persists, please contact the system administrator.

     

    What does it mean?

  • VadVad Posts: 1,055 F-Secure Employee

    Hello list,

     

    1.3.6.1.4.1.2213.25.1.70.20 is F-Secure Internet Shield (Firewall) policy "Firewall Engine Enabled".

    Could it be so, that you disabled not Windows Firewall but F-Secure Firewall?

     

    Best regards,

    Vad

  • So I`ve made a clean install on the W10 Client with F-Secure Client Securtiy 12.10 that was pushed from the Policy Manger. I choose a new Domain with a clean and empty Policy.

     

    Then I disable on the Client the F-Secure Firewall and the Windwos Firewall but there is still no Connection to the Policy Manger. Error is again:

     

    1    2016-07-06  11:06:43+02:00  EDV06  ***\email  F-Secure Management Agent  1.3.6.1.4.1.2213.11.1.14
     F-Secure Management Agent was not able to connect to the server and is now operating in Offline Mode. (error number 12002: Das Zeitlimit für den Vorgang wurde erreicht.  )

     

    But the strange is that it loads the virus definition from the same server without any errors. Is there any difference between Signature and Policy download from the Server?

     

     

  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    > Then I disable on the Client the F-Secure Firewall and the Windwos Firewall but there is still no Connection to the Policy Manger.

     

    The F-Secure firewall (Internet Shield) always includes a built-in exception for letting through the F-Secure Policy Manager traffic.

     

    > Is there any difference between Signature and Policy download from the Server?

     

    The AV-signature updates are internally digitally signed by F-Secure Corp.'s key, so they are accepted by clients, even if the Policy Manager Server key is broken. The policy settings are signed by the local Policy Manager Server and won't be accepted by clients if the admin./prv/.pub keypair cannot be matched.

     

    Best Regards: Tamas Feher, Hungary.

  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    I find it absurd that F-Secure Policy Manager's installation wizard still doesn't offer to configure the ports in Microsoft's built-in firewall (Windows Server) or iptables (Linux Server) and the customer has to fiddle manually with the various ports. But F-Secure products' focus is supposed to be ease of use!

     

    Best Regards: Tamas Feher, Hungary.

  • Thank You! I seriously forgot Port 443 in the Firewall...

This discussion has been closed.