Client Security is not receiving updates from Policy Manager via proxy (PMP or http) or direct connection

Issue:

Via proxy or direct connection, Client Security is not receiving updates from Policy Manager. The following errors are visible in C:\ProgramData\F-Secure\Log\AUA\AUA.log:

Connecting to http://<Policy Manager IP address>/guts2/ via http proxy <Proxy IP address>
Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2/ via http proxy Proxy IP address (Server error)
Connecting to http://Policy Manager IP address/guts2/ (no http proxy)
Update check failed. There was an error connecting http://<Policy Manager IP address>/guts2. (Unspecified error)
Connecting to http://Policy Manager IP address/ via http proxy Proxy IP address
Update check failed. There was an error connecting http://Policy Manager IP address/guts2/ via http proxy Proxy IP address (Server error)

Resolution:

Connectivity

Test the connectivity from the host to Policy Manager Server by using the HTTP and HTTPS protocol:

Open any web browser on the host that has Client Security installed.
Enter the IP address of the Policy Manager and press Enter.
Repeat the test, only this time by using the HTTPS protocol (for example https://192.168.0.10:443/).

If the HTTP (automatic updates) and HTTPS (management agent) connections are working, a webpage from the Policy Manager Server should be displayed.

If the connection fails, troubleshoot the network connectivity between the host and Policy Manager at your end. Verify whether the host and the server can reach each other (for example through corporate firewall, switches or a proxy).

Policy Manager Proxy

If the intermediate proxy is a Policy Manager Proxy instance and the clients are unable to download updates through it, ensure that Policy Manager Proxy can connect to the internet directly as the default configuration for the Policy Manager Proxy is forward mode.
In forward mode, the Policy Manager Proxy fetches the required definition updates from the internet and not from Policy Manager Server. This configuration is controlled by changing the proxy mode to either reverse or forward via the registry.

Reverse vs. forward modes define whether the virus definitions and software updates are retrieved directly from the internet or from the configured upstream Policy Manager Server or other proxy. Forward proxy is used to minimize traffic between networks, for example between a branch office and HQ. Reverse proxy is used for example in environments where the proxy has no direct connection to the internet, or to minimize the load on the master server (or other forward proxy). By default the proxy is installed in forward mode. Set "-DreverseProxy=true" additional Java argument to switch it to the 'reverse' mode.

You can verify whether Policy Manager Proxy can download updates by analyzing this log file:


C:\Program Files (x86)\Management Server 5\logs\fspms-download-updates.log

The following message is an example of downloading updates failing:


26.03.2019 14:47:44,034 ERROR [c.f.f.s.g.d.DownloadUpdatesService] - Error while checking latest updates
org.apache.http.conn.ConnectTimeoutException: Connect to guts2.sp.f-secure.com:80 [guts2.sp.f-secure.com/2.21.76.146, guts2.sp.f-secure.com/2.21.76.152] failed: connect timed out.

Note: It is not supported to use the same host for the value of the Policy Manager Server and have it in the list of available Policy Manager Proxy servers. This might have the clients end up in a state were they will not use the local Policy Manager Server or Proxy at all, especially if the setting to allow fallback to the Policy Manager Server is disabled.

HTTP Proxy

If the host where the F-Secure client is installed requires an HTTP proxy to communicate into the network of the designated Policy Manager or internet, follow these steps to enable this setting:

Log on to your Policy Manager Console.
Select the Policy domain or Host / where you want to edit the policy on.
Go to Settings > Windows > Centralized management > Internet connection
Choose how to obtain the HTTP proxy settings, if applicable
If you choose User-defined, type in the address in the text field below
Distribute the policy

Note: If you type in a user defined HTTP proxy address, always use the required protocol.

Examples:


http[s]://[user[:password]@]host:port, for example:
http://myproxy.com
http://myproxy.com:8080
http://johndoe@myproxy.com
https://johndoe:secretpassword@myproxy.com

Article no: 000006708