Unable to remotely deploy AV from PM

Regular Member

Unable to remotely deploy AV from PM

Hi,

 

As per subject line I'm having problems deploying Workstation and Server Security from PM. 

 

I've set up a new PM server as it's on a different network.  I've tried to deploy to two different machines and get the same fault.  PM reports :

'The launcher service has reported an error.  PM server connection timed out'. 

 

I've made sure that I can ping the server, the administrative account has the correct permission to the machine & have also turned off the firewall too just in case.  I'm not aware of any networks problems either so not sure why I would get this error.

 

Are there any logs I can check or anything else I can try?

 

Any help would be appreciated.

 

Regards, Al

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
F-Secure

Re: Unable to remotely deploy AV from PM

Hi Alsimmo,

 

Even though the clients are reachable by ping, please kindly refer to below for the check list for push installation to be working:

 

1. The installation account have enough rights (has to be local or domain administrator).

2. Enable the Remote registry service on the clients( To enable remote registry service go to Control Panel -> Administrative Tools -> Services -> Remote registry )

3. Admin$ shares is enable on the client as well as the PMS, please try to access the admin$ share drive on the client from PMS and vice versa to confirm on this

4. Windows Firewall is disable in the service on both clients and PMS, to avoid blocking the network traffic from getting through.

5. Both Policy manager and workstation are in the same network.

6. Certain Inbound traffic need to be allowed for the workstation such as RPC(TCP 135 Port), NetBios (137-139)  and SMB (TCP 445 port) on your firewall (if there's any)

7, On the client, go to Control Panel->Administrative tools->Local security policy->Local policies-> Security Options - Network Access: sharing and security model for local accounts, check that setting. Make sure is Classic - local users authenticate as themselves"

 

 

Also, I would assume that these clients are not having any anti-virus/firewall installed (other than windows firewall service) but if there's any, try to remove the anti-virus/firewall and proceed with the push installation again.

 

Regards,

 

6 REPLIES 6
Highlighted
F-Secure

Re: Unable to remotely deploy AV from PM

Hi Alsimmo,

 

Even though the clients are reachable by ping, please kindly refer to below for the check list for push installation to be working:

 

1. The installation account have enough rights (has to be local or domain administrator).

2. Enable the Remote registry service on the clients( To enable remote registry service go to Control Panel -> Administrative Tools -> Services -> Remote registry )

3. Admin$ shares is enable on the client as well as the PMS, please try to access the admin$ share drive on the client from PMS and vice versa to confirm on this

4. Windows Firewall is disable in the service on both clients and PMS, to avoid blocking the network traffic from getting through.

5. Both Policy manager and workstation are in the same network.

6. Certain Inbound traffic need to be allowed for the workstation such as RPC(TCP 135 Port), NetBios (137-139)  and SMB (TCP 445 port) on your firewall (if there's any)

7, On the client, go to Control Panel->Administrative tools->Local security policy->Local policies-> Security Options - Network Access: sharing and security model for local accounts, check that setting. Make sure is Classic - local users authenticate as themselves"

 

 

Also, I would assume that these clients are not having any anti-virus/firewall installed (other than windows firewall service) but if there's any, try to remove the anti-virus/firewall and proceed with the push installation again.

 

Regards,

 

Regular Member

Re: Unable to remotely deploy AV from PM

Hi Frederico,

 

Thanks for you assistance.  The firewall was the issue here and the issue is now resolved.

 

Regards,

Al

Superuser

Re: Unable to remotely deploy AV from PM

Hello,

 

An alternative:

 

If Active Directory infrastructure is available at your company, import the F-Secure endpoint protection product's .JAR package into FSPM 11.22 console and re-export it as a pre-configured .MSI file. Add the MSI file to a Group Policy task or other systems management suite and the endpoint computers will install it.

 

This way you do not need to neuter Microsoft's built-in security in post-XP Windows operating systems, just to be able to use "push install". (Although I think F-Secure's .MSI package is still not completely silent, it will require one mouse click from the local screen user to run. That issue should be fixed!)

 

Best Regards: Tamas Feher, 2F 2000, Hungary.

Aspirant

Re: Unable to remotely deploy AV from PM

We have the same problem. Error Message is “the launcher service has reported an error PM server connection timeout” With the old policy server everything worked. I checked all of those points. At point 5 I have to mention, that we use different subnets. But in the past that was no problem.

The installation account have enough rights (has to be local or domain administrator).

Enable the Remote registry service on the clients( To enable remote registry service go to Control Panel -> Administrative Tools -> Services -> Remote registry )
    Admin$ shares is enable on the client as well as the PMS, please try to access the admin$ share drive on the client from PMS and vice versa to confirm on this
    Windows Firewall is disable in the service on both clients and PMS, to avoid blocking the network traffic from getting through.
    Both Policy manager and workstation are in the same network.
    Certain Inbound traffic need to be allowed for the workstation such as RPC(TCP 135 Port), NetBios (137-139)  and SMB (TCP 445 port) on your firewall (if there's any)

7, On the client, go to Control Panel->Administrative tools->Local security policy->Local policies-> Security Options - Network Access: sharing and security model for local accounts, check that setting. Make sure is Classic - local users authenticate as themselves"

 

I even uninstalled windows defender.
With wireshark I noticed a lot of traffic from the policy manager. But I can not figure out, why the installation does not work. Is there a solution without AD

Aspirant

Re: Unable to remotely deploy AV from PM

Ok, my problem is solved. The URl in the policy manager server was wrong. To bad that f-secure does not write an appropriate error message.

Scholar

Re: Unable to remotely deploy AV from PM

Can you tell me how import url?