After PM upgrade from 12.21 to 12.30 / 12.31 we upgraded CS 12.20, all host offline. When we look at Satus tab Installed software report we see all host offline at 19.01.2017, because the clients are already online.
On the client ist installed Client Cecurity P. 12.10 an 12.20, all clients dont have a current policyversion from pm.
The connection to the pm ist OK.
Where can i help me?
I escalated this case to our support. Could you provide an fsdiag of the PM and client there, in order for our support agent to investigate better this behavior?
Sorry I missed your original ticket. Our support will get back to you on this one.
the push install of 12.30 Client Security to a client doesn't help.
The recovery to al older h2db- backup did not work. Same error message.
The clients still have the old timeline with the message no new rules available.
Ne rules over the pm, don't distribute to clients. The PM not see the client is available.
Also, insert the backup file h2dp from a older backupday is the same status.
Is it a problem of the client or the PM, which does not establish a connection???
I have same problem on Client Security 12.20, over 200 clients offline. On some machines helps, that I manualy restart F-secure client service and it connects to the server. But after that forced connection, it stalls connection again. Updating clien works ok.
I also made same wireshark network scan and it seems, that client's update agent send only tcp SYN packet. Server does not answer nothing... This is BAD.
I also upgrades PM from 12.2 to 12.31 and all those clients stayed disconnected. This is BAD. Please, provide us some sollution.
Yes, I did. There is numerous of pc with and without HF1 for 12.20, and situation is the same. They are connected ones and disconnected ones. There is no rule. Hosts became disconnected randomly.
Yesterday I saw something suspicious on PM server: I tried to scan open ports from one client with NMAP scanner. Nmap found open few ports, but tcp 443 did not (this should be for communication for the policy download, right?)
If I run netstat -an on PM server, I can saw process listening on port 443...
> this should be for communication for the policy download, right?
Yes, by default.
Could it be some network issue?
If you want us to help with investigation, please, contact support. We will need fsdiags from PM and client (preferably with HF installed), and, probably, Wireshark logs.