To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Unable to remotely deploy AV from PM

alsimmo
alsimmo Posts: 37 Security Scout

Hi,

 

As per subject line I'm having problems deploying Workstation and Server Security from PM. 

 

I've set up a new PM server as it's on a different network.  I've tried to deploy to two different machines and get the same fault.  PM reports :

'The launcher service has reported an error.  PM server connection timed out'. 

 

I've made sure that I can ping the server, the administrative account has the correct permission to the machine & have also turned off the firewall too just in case.  I'm not aware of any networks problems either so not sure why I would get this error.

 

Are there any logs I can check or anything else I can try?

 

Any help would be appreciated.

 

Regards, Al

Comments

  • alsimmo
    alsimmo Posts: 37 Security Scout

    Hi Frederico,

     

    Thanks for you assistance.  The firewall was the issue here and the issue is now resolved.

     

    Regards,

    Al

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    An alternative:

     

    If Active Directory infrastructure is available at your company, import the F-Secure endpoint protection product's .JAR package into FSPM 11.22 console and re-export it as a pre-configured .MSI file. Add the MSI file to a Group Policy task or other systems management suite and the endpoint computers will install it.

     

    This way you do not need to neuter Microsoft's built-in security in post-XP Windows operating systems, just to be able to use "push install". (Although I think F-Secure's .MSI package is still not completely silent, it will require one mouse click from the local screen user to run. That issue should be fixed!)

     

    Best Regards: Tamas Feher, 2F 2000, Hungary.

  • lux2010
    lux2010 Posts: 9 Security Scout

    We have the same problem. Error Message is “the launcher service has reported an error PM server connection timeout” With the old policy server everything worked. I checked all of those points. At point 5 I have to mention, that we use different subnets. But in the past that was no problem.

    The installation account have enough rights (has to be local or domain administrator).

    Enable the Remote registry service on the clients( To enable remote registry service go to Control Panel -> Administrative Tools -> Services -> Remote registry )
        Admin$ shares is enable on the client as well as the PMS, please try to access the admin$ share drive on the client from PMS and vice versa to confirm on this
        Windows Firewall is disable in the service on both clients and PMS, to avoid blocking the network traffic from getting through.
        Both Policy manager and workstation are in the same network.
        Certain Inbound traffic need to be allowed for the workstation such as RPC(TCP 135 Port), NetBios (137-139)  and SMB (TCP 445 port) on your firewall (if there's any)

    7, On the client, go to Control Panel->Administrative tools->Local security policy->Local policies-> Security Options - Network Access: sharing and security model for local accounts, check that setting. Make sure is Classic - local users authenticate as themselves"

     

    I even uninstalled windows defender.
    With wireshark I noticed a lot of traffic from the policy manager. But I can not figure out, why the installation does not work. Is there a solution without AD

  • lux2010
    lux2010 Posts: 9 Security Scout

    Ok, my problem is solved. The URl in the policy manager server was wrong. To bad that f-secure does not write an appropriate error message.

  • mhimhdi
    mhimhdi Posts: 1 Security Scout

    Can you tell me how import url? 

This discussion has been closed.

Categories