Troubleshooting - Agent deployment
You may encounter problems with ESET Management Agent deployment. If deployment fails, there are a number of things that might be the cause. This section will help you:
oFind out what caused ESET Management Agent deployment to fail
oCheck for possible causes according to the table below
oResolve the issue and perform a successful deployment
Windows
1. To find out why Agent deployment failed, navigate to Reports > Automation > click Agent Deployment task information in last 30 days.
A table will displayed deployment information. The Progress column displays error messages about why Agent deployment failed.
If you need even more details, you can change the verbosity of the ESET PROTECT Server trace log. Navigate to More > Settings > Advanced Settings > Logging and select Error from the drop-down menu. Run the Agent deployment again and when it fails check the ESET PROTECT Server trace log file for the latest log entries at the bottom of the file. The report will include suggestions about how to resolve the issue.
The latest file can be found here:
ESET PROTECT Server log |
C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs\trace.log |
---|---|
ESET Management Agent log |
C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs |
To enable full ESET Management Agent logging in the trace.log file, create a dummy file named traceAll without an extension in the same folder as a trace.log and then restart the computer (to restart the ESET Management Agent service). In case of ESET Management Agent connection problems, see Troubleshooting - Agent connection for more information. |
2. The table below contains several reasons Agent deployment can fail:
Error message |
Possible cause(s) |
---|---|
Could not connect |
•Client is not reachable on the network, firewall blocks communication •Inbound ports 135, 137, 138, 139 and 445 are not open in firewall on the client or Windows Firewall: Allow inbound file and printer sharing exception is not used •Client's hostname could not be resolved, use valid FQDN computer names |
Access denied |
•When deploying from a server joined to a domain, to a client joined to the domain, use the credentials of a user that is member of Domain Admins group in format: Domain\DomainAdmin •When deploying from a server joined to a domain, to a client joined to the domain, you can temporarily elevate ESET PROTECT Server service from network service to run under domain administrator account. •When deploying from a server to a client that are not in a same domain, disable remote UAC filtering on target computer. •When deploying from a server to a client in a different domain, use the credentials of a local user that is member of the Administrators group in format: Admin. Target computer name will be automatically prepended to the login. •No password set for administrator account •Insufficient access rights •ADMIN$ administrative share is not available •IPC$ administrative share is not available •Simple file sharing is enabled |
Package not found in repository |
•Link to the repository is incorrect •Repository is unavailable •Repository does not contain required package |
Error 1603 |
•Check ra-agent-install.log file. It can be found here: C:\Users\%user%\AppData\Local\Temp\ra-agent-install.log on the target computer. •If the error persists, follow our Knowledgebase article. |
3. Follow the appropriate troubleshooting steps according to the possible cause:
•Client is not reachable on the network - ping the client from the ESET PROTECT Server, if you get a response, try to log on to the client machine remotely (for example, via remote desktop).
•Firewall blocks communication - check the firewall settings on both the server and the client, as well as any other firewall that exists between these two machines (if applicable).
•Client's hostname could not be resolved - possible solutions to DNS issues can include but are not limited to:
oUsing the nslookup command of the IP address and hostname of the server and/or the clients having Agent deployment issues. The results should match the information from the machine. For instance, an nslookup of a hostname should resolve to the IP address an ipconfig command shows on the host in question. The nslookup command will need to be run on the clients and the server.
oManually examining DNS records for duplicates.
•Ports 2222 and 2223 are not open in firewall - same as above, ensure that these ports are open on all firewalls between the two machines (client and server).
•No password set for administrator account - set a proper password for the administrator account (do not use a blank password)
•Insufficient access rights - try using the Domain Administrator's credentials when creating an Agent deployment task. If the client machine is in a Workgroup, use the local Administrator account on that specific machine.
After successful deployment, ports 2222 and 2223 are not open in firewall. Ensure that these ports are open on all firewalls between the two machines (client and server). |
•To activate the Administrator user account:
1.Open an administrative command prompt
2.Type the following command:
net user administrator /active:yes
•ADMIN$ administrative share is not available - The client machine must have the shared resource ADMIN$ activated, ensure it is present among the other shares (Start > Control Panel > Administrative Tools > Computer Management > Shared Folders > Shares).
•IPC$ administrative share is not available - verify that the server can access IPC$ by issuing the following from a command prompt on the server:
net use \\clientname\IPC$ where clientname is the name of the target computer
•Simple file sharing is enabled - if you are getting the Access denied error message and your environment is mixed (contains both a Domain and Workgroup), disable Use simple file sharing or Use Sharing Wizard on all machines that are having problems with Agent deployment. For example, in Windows 11 do the following:
oClick Start, type File Explorer into the Search box, and then click File Explorer Options. Click the View tab and in the Advanced settings box, scroll down the list and deselect the check box next to Use Sharing Wizard.
•Link to the repository is incorrect - In ESET PROTECT Web Console, navigate to More > Settings, click Advanced settings > Repository and ensure the URL of the repository is correct.
•Package not found in repository - this error message usually appears when there is no connection to the ESET PROTECT On-Prem repository. Check your internet connection.
Linux and macOS
If Agent deployment does not work on Linux or macOS, the issue is usually related to SSH. Check the client computer and ensure SSH daemon is running. When fixed, run Agent deployment again.