ESET Online Help

Search English
Select the category
Select the topic

Troubleshooting - Agent deployment

You may encounter problems with ESET Management Agent deployment. If deployment fails, there are a number of things that might be the cause. This section will help you:

oFind out what caused ESET Management Agent deployment to fail

oCheck for possible causes according to the table below

oResolve the issue and perform a successful deployment

Windows

1. To find out why Agent deployment failed, navigate to Reports > Automation > click Agent Deployment task information in last 30 days.
A table will displayed deployment information. The Progress column displays error messages about why Agent deployment failed.

If you need even more details, you can change the verbosity of the ESET PROTECT Server trace log. Navigate to More > Settings > Advanced Settings > Logging and select Error from the drop-down menu. Run the Agent deployment again and when it fails check the ESET PROTECT Server trace log file for the latest log entries at the bottom of the file. The report will include suggestions about how to resolve the issue.

The latest file can be found here:

ESET PROTECT Server log

C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs\trace.log

ESET Management Agent log

C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs


note

To enable full ESET Management Agent logging in the trace.log file, create a dummy file named traceAll without an extension in the same folder as a trace.log and then restart the computer (to restart the ESET Management Agent service).

In case of ESET Management Agent connection problems, see Troubleshooting - Agent connection for more information.

2. The table below contains several reasons Agent deployment can fail:

Error message

Possible cause(s)

Could not connect

Client is not reachable on the network, firewall blocks communication

Inbound ports 135, 137, 138, 139 and 445 are not open in firewall on the client or Windows Firewall: Allow inbound file and printer sharing exception is not used

Client's hostname could not be resolved, use valid FQDN computer names

Access denied

When deploying from a server joined to a domain, to a client joined to the domain, use the credentials of a user that is member of Domain Admins group in format: Domain\DomainAdmin

When deploying from a server joined to a domain, to a client joined to the domain, you can temporarily elevate ESET PROTECT Server service from network service to run under domain administrator account.

When deploying from a server to a client that are not in a same domain, disable remote UAC filtering on target computer.

When deploying from a server to a client in a different domain, use the credentials of a local user that is member of the Administrators group in format: Admin. Target computer name will be automatically prepended to the login.

No password set for administrator account

Insufficient access rights

ADMIN$ administrative share is not available

IPC$ administrative share is not available

Simple file sharing is enabled

Package not found in repository

Link to the repository is incorrect

Repository is unavailable

Repository does not contain required package

Error 1603

Check ra-agent-install.log file. It can be found here: C:\Users\%user%\AppData\Local\Temp\ra-agent-install.log on the target computer.

If the error persists, follow our Knowledgebase article.

3. Follow the appropriate troubleshooting steps according to the possible cause:

Client is not reachable on the network - ping the client from the ESET PROTECT Server, if you get a response, try to log on to the client machine remotely (for example, via remote desktop).

Firewall blocks communication - check the firewall settings on both the server and the client, as well as any other firewall that exists between these two machines (if applicable).

Client's hostname could not be resolved - possible solutions to DNS issues can include but are not limited to:

oUsing the nslookup command of the IP address and hostname of the server and/or the clients having Agent deployment issues. The results should match the information from the machine. For instance, an nslookup of a hostname should resolve to the IP address an ipconfig command shows on the host in question. The nslookup command will need to be run on the clients and the server.

oManually examining DNS records for duplicates.

Ports 2222 and 2223 are not open in firewall - same as above, ensure that these ports are open on all firewalls between the two machines (client and server).

No password set for administrator account - set a proper password for the administrator account (do not use a blank password)

Insufficient access rights - try using the Domain Administrator's credentials when creating an Agent deployment task. If the client machine is in a Workgroup, use the local Administrator account on that specific machine.


note

After successful deployment, ports 2222 and 2223 are not open in firewall. Ensure that these ports are open on all firewalls between the two machines (client and server).

To activate the Administrator user account:

1.Open an administrative command prompt

2.Type the following command:

net user administrator /active:yes

ADMIN$ administrative share is not available - The client machine must have the shared resource ADMIN$ activated, ensure it is present among the other shares (Start > Control Panel > Administrative Tools > Computer Management > Shared Folders > Shares).

IPC$ administrative share is not available - verify that the server can access IPC$ by issuing the following from a command prompt on the server:

net use \\clientname\IPC$ where clientname is the name of the target computer

Simple file sharing is enabled - if you are getting the Access denied error message and your environment is mixed (contains both a Domain and Workgroup), disable Use simple file sharing or Use Sharing Wizard on all machines that are having problems with Agent deployment. For example, in Windows 11 do the following:

oClick Start, type File Explorer into the Search box, and then click File Explorer Options. Click the View tab and in the Advanced settings box, scroll down the list and deselect the check box next to Use Sharing Wizard.

Link to the repository is incorrect - In ESET PROTECT Web Console, navigate to More > Settings, click Advanced settings > Repository and ensure the URL of the repository is correct.

Package not found in repository - this error message usually appears when there is no connection to the ESET PROTECT On-Prem repository. Check your internet connection.

Linux and macOS

If Agent deployment does not work on Linux or macOS, the issue is usually related to SSH. Check the client computer and ensure SSH daemon is running. When fixed, run Agent deployment again.