To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Client Security 14.01 Client can't really connect to PM Server

stefan3
stefan3 Posts: 9 Security Scout
in Business Suite

Hello,

 

I've tried to update Policy manager and Client Security to version 14.01.

 

First I updated the PM server from 12.40 to 14.01. This is a dedicated Windows Server 2012 on VMware. Only Endpoint Security is installed additionally.

All clients were took over. It looks fine.

 

I imported the Client Security 14.01 file and updated one computer from the PM Server per remote install. It works.

 

The clients connected to PM Server and gets updates on port 80. After installing the first updates it switches to port 443. And then it says "Connection failed". It can't get updates from the PM-Server here, only from the f-secure internet servers.

 

I found in the logfile "Guts2Plugin.1.log":

2019-01-28 09:06:53.840 [05b8.06f4]  I: Guts2Client::CheckForUpdatesFromServer: Check from server 'pm-server:443/guts2'
2019-01-28 09:06:53.854 [05b8.06f4]  I: Guts2Client::RefreshAvailablePackages: Trying with direct connection (no proxy)
2019-01-28 09:06:53.859 [05b8.06f4] *E: [fslib] reading input line failed, error 204 (end of file)
2019-01-28 09:06:53.859 [05b8.06f4] *E: [fslib] reading HTTP status code failed, error 204 (end of file)
2019-01-28 09:06:53.859 [05b8.06f4] *E: [fslib] unable to perform the HTTP operation, error 204 (end of file)
2019-01-28 09:06:53.859 [05b8.06f4] *E: [fslib] unable to fetch update information from the server, error 204 (end of file)
2019-01-28 09:06:53.859 [05b8.06f4]  I: Guts2Client::RefreshAvailablePackagesProxyConfigured: Failed to refresh available packages, error=204
2019-01-28 09:06:53.859 [05b8.06f4] *E: Guts2Client::CheckForUpdatesFromServer: Failed to refresh available updates list
2019-01-28 09:06:53.869 [05b8.06f4]  I: CCFGuts2Plugin:Smiley FrustratedcheduleCheck: Scheduling next check in 58 seconds

 

The older clients works like before.

 

Regards

Stefan

 

 

 

Comments

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    Most likely something (e.g. Microsoft IIS or other webserver) is already using port 443, which is a standard port. Alternatively, something (e.g. Windows' built-in Microsoft firewall) is maybe blocking access to port 443?

     

    Best regards: Tamas Feher.

  • stefan3
    stefan3 Posts: 9 Security Scout

    Hello,

     

    Thanks for the answer.

    But it doesnt' look like.

     

    From The client I can reach the PM Homepage "https://pm-server:443", if  I accept the certificate.

     

    On the server I can see that the port is used by "java.exe", which is not there when I stop the policy manager server.

    At the PM console I can see that my client has the recent updates and it's in connected state.

     

    Best regards

    Stefan

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Stefan,

     

    Please, contact support. We will need diagnostic information from your machine for investigation.

    From your comments I can only imagine that you somehow pointed 443 port for both http and https, but that's not the case, i guess?

     

    Best regards,

    Vad

  • stefan3
    stefan3 Posts: 9 Security Scout

    Hello Vad,

     

    OK, I will do.

     

    I didn't change any ports intentionally. And if I call the URL with port 443 in the browser, I get only a https session. HTTP with  port 443 doesn't work.

     

    Thanks

    Stefan

  • alexmetcalfe
    alexmetcalfe Posts: 4 Security Scout

    Does it help if you replace the URL with the server's IP address?

     

    I had a similar issue when clients were updating via VPN and the config used the servers internal FQDN.  When I gave the IP address the clients could connect to the server.  The root cause for this could also be a DNS issue on our network.

This discussion has been closed.

Categories