Mirror Updating not Working

Re: Mirro Updating not Working

Incorrect digital signature? I have never seen that message. That may be part of your problem. Look in your NOD32 Event Log on the server to see if you have any successful update messages, or if it is filled with error messages.

Comparing my updfiles with my mirror folder, I have 24 files in updfiles, 23 files in mirror. All the .upd files are the same, but they have different names. Instead of comparing them by the names, compare them by the dates, and you will see what I mean.

The only files that are different are the .ver files. These are used to describe what the different .upd files are for (in mirror) and whether any updated files need to be downloaded (in updfiles).

I never remember seeing a problem with incorrect digital signatures, though.

 

Re: Mirro Updating not Working

I'm gonna delete my mirror folder and my updfiles folder to start everything from scratch, again. After that I'm gonna compare the files in both folders and report back on what I find

EDIT: After updating using 4 different servers all of them give me the incorrect digital signature thing. But only when downloading program component upgrades. Also, every now and then I get a download interrupted message

PS: Admins, can you please rename the thread to say Mirror instead of Mirro?? Its really bugging me now...

 

Hello WackoTacko,

Using the registry editor, can you locate HKEY_LOCAL_MACHINE -> SOFTWARE -> Eset and export this registry branch in Win9x/NT4 Registration Files format from one client machine and from the server.

We also need to see the contents of C:\Program Files\Eset\updfiles\ from one client machine and from the server. Archive each folder, and then modify the names so we know which one came from the client and which from the server.

If you could then send the 4 files to me, we'll examine the contents and get back to you ASAP.

Bandicoot.

PS: I've emailed Wacko the same message as he emailed support, hence I asked him to 'send the 4 files to me'.

 

Im uploading those files right now, however the registry keys are not being sent with a .reg extension, since gmail doesn't let me send "executable files" I had to change the extension from .reg to .txt. Im sorry for the inconvenience... I must say I feel much better after having recieved that mail from you, all the "support" i recieved when i called tech support here in mexico were comments like "well, it should be working" or "oh... now thats weird"

well, i hope we can work together to solve this problem,
Wacko

PS: thanks admins for changing the thread name

 

Re: Mirro Updating not Working

Hi WackoTacko:

This is reminiscent of a proxy server corrupting the update files. Does the internet connection used have a proxy server internal or external?

 

Re: Mirro Updating not Working

no, we do not use a proxy server (internal nor external) however, we do have a hardware firewall but my network administrator tells me it is not blocking anything..... I recieved an email message from ESET support telling me the same thing, that it is most probably due to the usage of a proxy server but we do not have a proxy server (am i just repeating myself??)

well, anyway seems like im finally getting somewhere with troubleshooting the problem, im gonna try connecting to the udpate server and getting the definitions from outside to see if i get the same incorrect digital signatures message (which i doubt will happen). however i dont know how the **** i wouold go around fixing this if i want to be able to run the mirror in the corporate network.....

 

Re: Mirro Updating not Working

OK, so after downloading all the updates using a dial up connection with no firewall or proxy or anything that could block or modify the flow of data. I updated the mirror and from the client workstation updated using the mirror address. BTW, I didn't get any incorrect digital signatures or file has not been digitally signed messages.

As I expected, it worked perfectly, it got its new definitions in the blink of an eye. Now.... we have to configure our network to work correctly with the downloading of the updates. That's going to be hell.....

 

Re: Mirro Updating not Working

BUMP

One quick question, which ports does NOD32 use for updating?
I ran a few netstats but found that each time the port changes but it all stays in a certain range.

 

Re: Mirro Updating not Working

Well, in a standard setup, it should be using 2222 and 2223 for the two channels of communication between the Remote Admin server and the clients, 8081 for the mirror updates, and (probably) 80 for the download from Eset.

HTH,

Jack

 

Re: Mirro Updating not Working

nope, those arent the ports i know they are somewhere around 1250 or soemthign like that but each time it updates it changes. I just want to know what the range of used ports is to be able to forward only those from the firewall running here.

Until now we have not been able to get it to work but only made it worse, now, eveytime i update i get a "downloaded file is damaged" message..... Right now everyone is out for lunch but ill see what can be done when they get back.

So, if someone could tell me which ports are used to access ESET's update servers I would be truly thankful.

 

Re: Mirro Updating not Working

NOD32 only uses port 80 for updates from Eset's servers.

 

Re: Mirro Updating not Working

Are you looking at the "Local Address" or the "Foreign Address" for those ports? The "Foreign Address" will be the 80, 8081, 2222, 2223 values mentioned before, and those are the ones needed by the firewall for outbound connections.

It sounds like you are looking at the "Local Address". For client processes (like downloading from an HTTP server), the port number often changes. However, if you are running a server on your computer (like a webserver), then the "Local Address" will remain constant (like 80 for HTTP).

 

Re: Mirro Updating not Working

yes... i am looking for the local port..... and yes it does change but i am certain it stays in a certain range... i think...

thats all im looking for

Wacko

 

Re: Mirro Updating not Working

Hi WackoTacko:

There is some type of filter inspecting the packets and most likely corrupting the header(s) (some firewalls can cause this, but generally a proxy is the easiest to claim as the culprit if one exists).

Since the first update was probably > 1MB have the subsequent updates come down without corruption?

 

Re: Mirro Updating not Working

That cetrainly sounds like the cause of the problem, I will be contacting my network administrator tomorrow morning, just to clarify, the download of the updates takes place using the http protocol right?

Well, thanks for the insight I'll let you guys know if that fixes the problem

 

Re: Mirro Updating not Working

Yes, the updates use the http protocol on port 80. TCPView from Sysinternals is a nice tool since it does not install.

 

Re: Mirro Updating not Working

rumpstah, nice tool. can you please help me interpret what i see a bit more clearly?
there, check the screenshot and please tell me what each thing means... i just dont understand what each port means, there is a port next to the process name a port on the local address and a port on the remote address. so if you could please help me interpret the info i would be eternally thankful

 

For the client that connecting to the mirror, is it using the System Account to connect to the LAN server mirror? You may have to change this to current user or user ID and password to access the LAN PC. The remote deployment may have changed this setting. System account should work if connecting to the PC as a HTTP access.

jack

 

Re: Mirro Updating not Working

OK, this may take a while, but if you are ready...

process name with number (nod32krn.exe:420)
This number is not a port number. Instead, it is a Process Identifier (PID) that gets assigned to every process in Windows (not just networking). If you want to see for yourself, right-click on Windows taskbar --> Task Manager --> Processes tab. Go to View --> Select Columns --> check PID (Process Identifier) --> OK. Now next to each process name in the Task Manager, you should see a PID. These are the numbers you see in first column of TCPView.

UDP/TCP
There are two major connections used to transfer data, UDP and TCP. I won't go into the details, but UDP is simpler than TCP, so that is why you see less data for the UDP connections. UDP connections are faster, but they are also less reliable.

TCP is more complicated. It has some error checking. It also has information about whether a packet is a response to a previous request. This is important for firewalls. Here is an example:

Suppose you open up Internet Explorer and go to a website. The webserver is set to "listen" for TCP requests coming in on port 80, which is the HTTP port. Internet Explorer tells Windows to open up a TCP connection to the webserver.

When Windows opens up a TCP connection, it will take an unused port on the local end (proyectos.confetex.com). If Windows is not forced to use a specific port, it will just pick one on its own. It will avoid using ports that are already in use, and it will avoid using ports that are reserved for specific purposes. In practice, this usually means that the local address port will start somewhere in the low 1000's. As more connections are made, the local port number will gradually move up.

Try this yourself, and you will see. Open up a bunch of Internet Explorer windows and go to different sites. The foreign addresses will usually look like this: xxx.yyy.com:80 or xxx.yyy.com:http. The local addresses will look like proyectos.confetex.com:****. "****" will be a number that gradually increases as new connections are opened and then closed.

Once the TCP connection has been established, data can pass back and forth. Let us take the following example from your screenshot:

nod32krn.exe wants to look for an update on u7.eset.com . Windows opens up port 1725 on proyectos, and u7.eset.com receives the data on port 80 (http). u7.eset.com replies, and sends the data back from its port 80 to port 1725 on proyectos.

There is a bit more to it than just this, especially when it comes to firewalls, but this is the basic idea. Let me know if this makes any sense.

 

Re: Mirro Updating not Working

Hi WackoTacko:

Free is always nice.

You can also press CTRL+R to toggle between resolving addresses and seeing strictly IP addresses.

What you can not see are the packets as they are coming through the firewall and how they are being inspected.