Via proxy or direct connection, F-Secure Client Security is not receiving updates from Policy Manager. The following errors are visible in C:\ProgramData\F-Secure\Log\AUA\AUA.log: [ 8068]Thu Aug 30 11:15:32 2018(3): Connecting to http://<Policy Manager IP address>/guts2/ via http proxy <Proxy IP address> [ 3488]Thu Aug 30 11:15:32 2018(3): Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2/ via http proxy Proxy IP address (Server error) Thu Aug 30 11:15:32 2018(3): Connecting to http://Policy Manager IP address/guts2/ (no http proxy) [ 3488]Thu Aug 30 11:15:32 2018(2): Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2. (Unspecified error) Thu Aug 30 11:17:41 2018(3): Connecting to http://Policy Manager IP address/ via http proxy Proxy IP address [ 3488]Thu Aug 30 11:17:41 2018(3): Update check failed. There was an error connecting http://Policy Manager IP address/guts2/ via http proxy Proxy IP address (Server error)
Test the connectivity from the host to Policy Manager Server by using the HTTP and HTTPS protocol:
Open any web browser on the host that has F-Secure Client Security installed. Enter the IP address of the Policy Manager and press Enter. Repeat the test, only this time by using the HTTPS protocol (for example https://192.168.0.10:443/).
If the HTTP (automatic updates) and HTTPS (management agent) connections are working, the web page should display the following information:
If the connection fails, troubleshoot the network connectivity between the host and Policy Manager at your end. Verify whether the host and the server have permission to connect to each and other (for example corporate firewall, proxy). If the intermediate proxy is a PMP instance and the clients are unable to download updates via it, ensure that PMP can connect to the internet directly as the default configuration for the proxy is forward mode. In this mode, updates are downloaded via PMP but from the internet and not from Policy Manager Server. This configuration is controlled by changing the proxy mode to either reverse or forward. Reverse vs. forward modes define whether the virus definitions and software updates are retrieved directly from the internet or from the configured upstream Policy Manager Server or other proxy. Forward proxy is used to minimize traffic between networks, for example between a branch office and HQ. Reverse proxy is used for example in environments where the proxy has no direct connection to the internet, or to minimize the load on the master server (or other forward proxy). By default the proxy is installed in forward mode. Set "-DreverseProxy=true" additional Java argument to switch it to the 'reverse' mode. You can verify whether PMP can download updates by checking the c:\program files (x86)\Management Server 5\logs\fspms-download-updates.log file. The following message is an example of downloading updates failing: 26.03.2019 14:47:44,034 ERROR [c.f.f.s.g.d.DownloadUpdatesService] - Error while checking latest updates org.apache.http.conn.ConnectTimeoutException: Connect to guts2.sp.f-secure.com:80 [guts2.sp.f-secure.com/184.108.40.206, guts2.sp.f-secure.com/220.127.116.11] failed: connect timed out.
Article no: 000006708
Clients are not able to get updates from the Policy Manager server Virus definitions shows later than the Policy Manager is Serving Update server is shown as wait.pmp-selector.local Policy Manager shows that Client Security is still in the old version even though on the client it is the newer version
The update server is shown as wait.pmp-selector.local until the client has successfully connected to the Policy Manager Server for the first time after the upgrade or installation. This is an indication that there is a connectivity issue between the clients and the Policy Manager server. First, check that you have set the correct Policy Manager Server address when exporting the installation file. You can check if the address is correct and if the HTTP connection works by opening a web browser on a client and then entering the Policy Manager Server address and the HTTP port in the address field. Example: 10.132.2.19:80 Client Security 13 and earlier versions supported fallback to using HTTP connection if HTTPS did not work. Please check that both the HTTP and HTTPS ports are open in the firewall on the Policy Manager Server. By default Policy Manager listens to HTTP port 80 and HTTPS port 443, but these can be changed during installation. Check that you have entered the correct Policy Manager Server address, HTTP port and HTTPS port when creating the installation file. If you have used the wrong address or ports when creating the installation file, you will need to reinstall the product with a new installation file with the correct settings.
If you are using Policy Manager Proxy in your environment, try these steps:
Make sure that Policy Manager proxy servers are updated to 14 versions For Client Security 14 clients HTTPS connection support is required and for versions 13 and earlier it was not "Allow fallback" is not mandatory if everything is configured properly
If you are not sure if it is configured properly, allow the option Fall back to Policy Manager Proxy which can be found under Automatic Update Agent in Policy Manager Console. If you cannot find an issue with your configuration, open a support request and submit an FSDiag diagnostic file from the Policy Manager Server and one of the affected client for further analysis and troubleshooting.
Article no: 000009396