Policy Manager Connection Windwos10

FormerMember
Not applicable

Policy Manager Connection Windwos10

Hello.
Unfortunately, a Windwos 10 Client not connect with the Policy Manager.
 
Error message:
1 2016-06-24 13: 15: 31 + 02: 00 EDV06 EDV06 \ installation F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent which not able to connect to the server and is now operating in offline mode. (ErrorNumber 12002: The time limit for the operation has been reached.)

The ports are open and through the browser you get the page from the Policy Server.
Policy Manager is Version 12.10 and Windows10 Pro x64 client - Client Security 12.10
 
Any help?
1 ACCEPTED SOLUTION

Accepted Solutions
Supporter

Re: Policy Manager Connection Windwos10

Hi,

 

To test: Try telnet connection to PMS using 443 port.

 

Just remember: The version 12.10 uses HTTPS. So be sure the Windows where you installed the PMS have the ports released to 443, 80, 8080, 8081 (if you used the default ports) in the Windows firewall.

 

Best Regards,

 

Roberto Chu

10 REPLIES 10
F-Secure Product Expert
F-Secure Product Expert

Re: Policy Manager Connection Windwos10

Hello List, 

 

Do you see this error repeating often in the logs?

How many machines are managed by this PM?

 



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
FormerMember
Not applicable

Re: Policy Manager Connection Windwos10

Yes, it´s repeat regularly on the W10 Client.

 

In the PM are 50 hosts and all works fine. (Win7+2012R2)

The W10 Client is a test and the only one who don´t communicate withe th PM.

Superuser

Re: Policy Manager Connection Windwos10

Hello,

 

Maybe the built-in Microsoft firewall hasn't been turned off in Windows 10 for some reason and it is interfering with the new kind-of real time communications protocol between FSPM 12.10 and FSCS 12.10?

 

Best Regards: Tamas Feher, Hungary.

FormerMember
Not applicable

Re: Policy Manager Connection Windwos10

If I turn off the Windwos Firewall there is a new Error Code in the log:

 

24    2016-07-04  14:24:06+02:00  EDV06  ****\email  F-Secure Management Agent  1.3.6.1.4.1.2213.11.1.15
 F-Secure Management Agent failed in an internal operation. Setting the policy variable 1.3.6.1.4.1.2213.25.1.70.20 (error=-506) was not successful. If the problem persists, please contact the system administrator.

 

What does it mean?

F-Secure
F-Secure

Re: Policy Manager Connection Windwos10

Hello list,

 

1.3.6.1.4.1.2213.25.1.70.20 is F-Secure Internet Shield (Firewall) policy "Firewall Engine Enabled".

Could it be so, that you disabled not Windows Firewall but F-Secure Firewall?

 

Best regards,

Vad

FormerMember
Not applicable

Re: Policy Manager Connection Windwos10

So I`ve made a clean install on the W10 Client with F-Secure Client Securtiy 12.10 that was pushed from the Policy Manger. I choose a new Domain with a clean and empty Policy.

 

Then I disable on the Client the F-Secure Firewall and the Windwos Firewall but there is still no Connection to the Policy Manger. Error is again:

 

1    2016-07-06  11:06:43+02:00  EDV06  ***\email  F-Secure Management Agent  1.3.6.1.4.1.2213.11.1.14
 F-Secure Management Agent was not able to connect to the server and is now operating in Offline Mode. (error number 12002: Das Zeitlimit für den Vorgang wurde erreicht.  )

 

But the strange is that it loads the virus definition from the same server without any errors. Is there any difference between Signature and Policy download from the Server?

 

 

Highlighted
Superuser

Re: Policy Manager Connection Windwos10

Hello,

 

> Then I disable on the Client the F-Secure Firewall and the Windwos Firewall but there is still no Connection to the Policy Manger.

 

The F-Secure firewall (Internet Shield) always includes a built-in exception for letting through the F-Secure Policy Manager traffic.

 

> Is there any difference between Signature and Policy download from the Server?

 

The AV-signature updates are internally digitally signed by F-Secure Corp.'s key, so they are accepted by clients, even if the Policy Manager Server key is broken. The policy settings are signed by the local Policy Manager Server and won't be accepted by clients if the admin./prv/.pub keypair cannot be matched.

 

Best Regards: Tamas Feher, Hungary.

Supporter

Re: Policy Manager Connection Windwos10

Hi,

 

To test: Try telnet connection to PMS using 443 port.

 

Just remember: The version 12.10 uses HTTPS. So be sure the Windows where you installed the PMS have the ports released to 443, 80, 8080, 8081 (if you used the default ports) in the Windows firewall.

 

Best Regards,

 

Roberto Chu

Superuser

Re: Policy Manager Connection Windwos10

Hello,

 

I find it absurd that F-Secure Policy Manager's installation wizard still doesn't offer to configure the ports in Microsoft's built-in firewall (Windows Server) or iptables (Linux Server) and the customer has to fiddle manually with the various ports. But F-Secure products' focus is supposed to be ease of use!

 

Best Regards: Tamas Feher, Hungary.