Host not showing in Policy Manager

hd_admin
hd_admin Posts: 10 Security Scout

Hello everybody

 

I have a issue on my PM. Some host, correctly installed, and with exclusions and update working fine, does not show in my console.
When I watch the web console, everything is fine, even the adress of the server's PM for remonte administration. The problem is that I can't know witch server is in witch OU.

 

PM Version: 12.31.79

Comments

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello hd_admin,

     

    Please, make sure that HTTPS connection between problematic host and PM server over the port, which you specified during PM installation (443 by default), is possible.

    c:\Program Files (x86)\F-Secure\Common\Logfile.log and c:\ProgramData\F-Secure\Logs\fspmsupport\nrb.log from the client machine may provide some hints.

    You can also contact support for help with investigation.

     

    Best regards,

    Vad

  • hd_admin
    hd_admin Posts: 10 Security Scout

    Hi. I've watched the log you just gave me:

    It's full of things like this, again and again:

     

    2017-05-21 21:06:53.129     UTC+02:00 0DA8:0D9C #8  * Severity: 2, AutoFlush: true, OpenMode: append, MaxSize: 10485760, Rotation: none, BOM: no, MaxFiles: 10, Component: 'fspmsupport\nrb', Activated from: '(Project defaults)'
    2017-05-22 04:01:12.741     UTC+02:00 0DA8:0D9C #8  *** Logging stopped.
    2017-05-22 04:03:22.285     UTC+02:00 0864:0574 #8  *** Logging started. Process Id: 0x0864 (Parent Process: 0x03A8)

    and

     

    4    2017-05-23  05:10:11+02:00  SWPXENFRCH113  SYSTEM  F-Secure Anti-Virus  1.3.6.1.4.1.2213.12
     Virus definition database(s) fsedb.dat hydrawin-update.ini hydrawin-update.mf  updated successfully.
    5    2017-05-23  08:10:21+02:00  SWPXENFRCH113  DOMAIN\user  F-Secure Anti-Virus  1.3.6.1.4.1.2213.12
     The integrity of virus definition database update 2017-05-23_02 has been successfully verified.
    6    2017-05-23  08:10:25+02:00  SWPXENFRCH113  DOMAIN\user F-Secure Anti-Virus  1.3.6.1.4.1.2213.12
     Virus definition database(s) fsedb.dat hydrawin-update.ini hydrawin-update.mf  updated successfully.

     

     

    The problem is that a lot of my servers are visible, a little are not, and all of them have the same configuration. And most of all, it's not always the same servers that are hidden.

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    This parts of logs doesn't provide any clues. They are common for normal and broken communication.

    Are there any strings with #2 or #3 in nrb.log?

  • hd_admin
    hd_admin Posts: 10 Security Scout

    No sir. Only #8.
    The big question is: why sometimes I can see, for example, my server110, and sometimes I can't. And then he's back again.

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Use a standard Browser, deactivate all proxy settings (no Proxy)

    then try to connect to
    https://<your PMS IP>:<host communication port>
    accept the ssl certificate and get a readable response from PMS.

     

    If that fails you have trouble in your network, that needs to be resolved first.

     

    if everything looks fine you seem to have a broken installation or configuration.

    Try to cleanup with UI-Tool from http://ftp.f-secure.com/support, reboot and reinstall.

     

  • hd_admin
    hd_admin Posts: 10 Security Scout

    I did what you said and everything works when I connect to the IP via a web-browser. But still the same problem on my PM conole.

    I will give a try to the UI-tool soon.

  • A_Grinkevitch
    A_Grinkevitch Posts: 169 Threat Terminator

    Hello hd_admin,

     

    It's hardly difficult to understand what's happening on your environment without logs. Could you please collect fsdiag from problematic server (where you checked nrb.log) + fsdiag from Policy Manager Server and provide them to F-Secure support for futher investiagtion.

     

    Thanks in advance,

    Alexander

  • hd_admin
    hd_admin Posts: 10 Security Scout

    Here is the fsdiag from the policy manager server:

     

     

     

    EDIT: link removed 

  • A_Grinkevitch
    A_Grinkevitch Posts: 169 Threat Terminator

    Thanks, got it. Feel free to revome it from the public web Smiley Wink

     

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    @hd_admin

     

    Please do not post Fsdiag files on public forum as it contains a great deal of PII.

    When this file is needed please  open a support ticket  to provide it.

     

    As the email notification that was sent to all subscribers of this thread or community board included the download link, please proceed to remove the file also from the online service on which it currently is still available.

     

  • hd_admin
    hd_admin Posts: 10 Security Scout

    Ok, thank you, I did it!

  • A_Grinkevitch
    A_Grinkevitch Posts: 169 Threat Terminator

    Unfortunately, your fsdiag does not contain useful logs. Could you please gather new one with the fsdiag installed to your server together with PM (it gathers file named as fsdiag.tar.gz), but not taken from the web. And, I think, good to open support ticket to get all info in one place.

  • hd_admin
    hd_admin Posts: 10 Security Scout

    Ok, thank you very much for your time, I'll do this right now.

  • hd_admin
    hd_admin Posts: 10 Security Scout

    So, I opened a ticket, but the fsdiag.tar.gz is 106mo weight so I can't join it. But I gave my phone number and mail so we'll see. Thanks to everyone.

  • hd_admin
    hd_admin Posts: 10 Security Scout

    Hello,

     

    Sorry, i'm on charge with the problem, my collegue has resigned.

    I'll upload the zip on the FTP as soon as possible.

     

    Thanks for help.

    Julien

This discussion has been closed.

Categories