PM10 missing status updates on Installed products summary
We got a PM10 running, and i am able to push-install new clients, but I don't seem to get any status back to the PM server, so basically, after upgrading several clients to FSCS to version 9.11, I still don't see any of the upgrades in 'Installed Products Summary' All Clients are still on version 8.01 to 9.10 when looking at the summary.
Besides - If i choose Autodiscover, most clients in the list are unknown, on both platform am FSMA.
The clients i have been looking at seems to update fine, but policies and def's are updated,and when looking through client logfiles (logfile.log in particular) no obvious things shows up there. When i look at client settings, and try the link from there, i get the message that services are fine, so from the client's point of view everything seems fine. So i assume clients are running ok.
Looking in the policy manager, things are simply not updated - The client i am using now was updated an hour ago or so, but in PM, it say definitions are 3 months old. Last connection was 5 minutes ago, and policy is not updated.
Where would be a god place to look, in this situation? I am starting to miss and updated status now
After Readnig http://community.f-secure.com/t5/Management-Products-and-Portals/Host-not-appering-on-Console-after-install/td-p/709 i just wanted to add:
Rules for importing new hosts are made, and seemed to work, but i don't see any of the newst hosts. It seems the problem has been ongoing for a few months now.
So basically the newly installed hosts are not waiting to be imported or shown anywhere in FSPM.
Hopefully someone would have an idea about this issue.
when upgrading from PM8 to PM10 did you correctly import the ADMIN.PUB and ADMIN-PRV?
On a Host (with the problem) what does logfile.log list after you restared the Host?
Can you connect to the PMS using a normal Browser?
Do you have different UIDs on the hosts?
The upgrade was done by a consultant, but keys were imported correctly as far as i can see, and the installation was running fine for a month or two.
I am able to connect to the server on port 80 & 8081, but i get nothing on port 8080. Server Status Monitor is fine on all three ports, though.
When i look at one of the affected hosts, the follwing looks interesting to me :
On the PM server,when checking the host, last connection is current, while the virus definitions for that specific host are allmost 3 months old (april 4), but looking at the host itself, the defs are current.
The logfile.log seems to indicate that the the host itself is happy :
1 2011-07-11 08:35:11+02:00 host host\admin F-Secure Anti-Virus 22.214.171.124.4.1.2213.12
Virus definition database(s) [email protected] fsedb.dat updated successfully.
2 2011-07-11 08:35:57+02:00 host host\admin F-Secure Anti-Virus 126.96.36.199.4.1.2213.12
The integrity of virus definition database update 2011-07-11_03 has been successfully verified.
3 2011-07-11 08:36:34+02:00 host host\admin F-Secure Anti-Virus 188.8.131.52.4.1.2213.12
Virus definition database(s) [email protected] [email protected] .................... zip.xmd zoo.xmd updated successfully.
4 2011-07-11 08:36:45+02:00 host host\admin F-Secure Anti-Virus 184.108.40.206.4.1.2213.12
Virus definition database(s) [email protected] [email protected] [email protected] fshipsu.xml updated successfully.
So basically i have an idea that the hosts are updating the server without problems, but somewhere in the process, the PM server itself halts processing the status information.
With regards to the UID - They seem different when checking, but i have not compared every single one - total of app. 1600 hosts. we have had a few issues when running the older PM, but now, with autoimport, everything seemed fine from the beginning.
Thank you very much for theese troubleshooting steps- Hopefully we will get it sorted out.
So PMS is connectable (8080 needs https!) from a host that you can not see?!
UIDs are different!
In the fsaua.log do you see WHERE the updates have been loaded from look for "Connecting to..."
In logfile.log please post (usually the first lines after a reboot), where it tells you something about its connection to the PMS
e.g. Autoregistartion sent, operating on offline, switching...1 1Like
Sorry, forgot to mention that i tried https as well as http on port 8080, no reply on either.
With regards to the logfile.log - i have checked two different hosts now, they don't show anything about connecting,only the information shown in the the previous post.
This leads to fsaua.log, where it actuallt shows the cause of the problem - for some reason we seem to have issues with a proxy server, causing it to request authentication, which the host of course don't do.
So i have to look into the proxy configuration. As the clients are all on internal network, there is no need for using the proxy, so i will try to find a way around it.
Thank you very much for the help so far
the question should be how does AUA know about the proxy and is the proxy also involved in the HOSTS not sending the autoregistration?
please open a command line and submit "FSMAUTIL.EXE POLL" (should be in the common-folder)
Do you have an entry now in logfile.log?
BTW: is the policy-timestamp up to date?
8080 is only available from a HOST if you have allowed remote access to admin port during setup.
plese also try http://<PMS>/B to get a response from FSAUS.
Certainly these tests should be done with a browser that has NO proxy defined!
Great, looks like we are getting a little closer
The proxy error is gone now - We had a general policy, telling FSCS to use browser settings for proxy configuration. I did set it to 'No' instead, which seemed to removed that issue.
I have tried to run fsmautil, but i don't seem to get anything in the logfile.log by doing that.
The Policy counter is the same on server as well as the host, allthough the server thinks the host has an old policy. The timestamp says 9:40am at the server, and 1:23pm on the client (both from today)
Opening http://<PMS>/B seems fine, i get "if you see this message......."
With regards to the 8080 - I don't have remote administration enabled, so that makes sence.
Actualy it seems fsaua.log was updated right after i checked:
[ 308]Mon Jul 11 13:55:03 2011(2): Connecting to http://fsecureserver:80 (no BW proxy, no HTTP proxy)...
[ 308]Mon Jul 11 13:55:03 2011(2): Update check completed successfully. No updates are available.
Looking at the same klient, i have an issue with upgrading the client to 9.11, but i don't assume this has any relevance at the moment:
1 2011-07-11 13:23:23+02:00 host host\admin F-Secure Management Agent 220.127.116.11.4.1.218.104.22.168
The F-Secure installation process has failed to unpack an installation package. Please check the integrity of the installation package. If you see this message frequently, contact the system administrator.
Glad that we solved the FSAUA-issue, but for the PMS...
I am stuck here, without deeper investigation including a number of fsdiags from Clients and PMS it seems to be impossible to identify the cause.
The H2DB could be broken but a configuration problem is as likely.
Please get in contact with regular support and mention this thread as well as post the related SR-ID here.
BTW: Where are you located?
So far it is starting to look better - I have contact to official support, but no case# atm.
Actually what i did to make the first few clients look good, was to manually change the link to the PM server to something invalid (port 8090), try to sync the policy, and the back, sync, and finally running without the port number which seemed to do the trick for a few hosts.
After that i tried pushing out around 20 clients, with the link to the PM server, no port, and currently i am waiting for those to show up. So if that looks allright , i just have to do an upgrade/push install to the rest of the hosts (1400 or so)
yes, a nasty design flaw, but existing since pm5.0. Every 10th customer running into that, but only once ;-)
There is a tool to fix that problem on many hosts without the need to push a full installation to each of them. Please contact support and ask for the Admin -Key-Replacer.jar and provode new server address, port and admin.pub.
Although the admin.pub stays the same the tool will corrcet the setiing for the server-Address.