Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
king_slavcho
Participant

Checkpoint endpoint client stuck - trying to connect to server

Hello friends,

The checkpoint EMS was working fine until 3-4 days and now i can not install a new client which is very weird. It can not connect to server (attachment 1). I checked the previously installed clients on other PCs and they are connected to the server but the anti malware db is not updated and is shown in the Smart Console (attachment 2).

I checked ports 80 and 4434 if they are working with telnet and shows that the EMS is listening on those ports.. Also i checked if they are any logs on the endpoints where the client is stuck but could not find any..

The version is 81.10 and the client i try to install is 87.20 and 87.10

I also think that these errors are connected somehow and would be really grateful if you could direct me what to do

Thank you

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

Did you verify traffic is actually reaching the EMS with tcpdump from the affected clients?
I suspect a restart of the management server might be in order, if you haven’t done this already.
Otherwise, I suggest engaging with the TAC.

0 Kudos
king_slavcho
Participant

I have done all this that you wrote. But after 2 days trying i managed to fix it by upgrading the version from 81.10 to 81.20.. But i still do not know what was the problem.. No changes made, just by itself it stopped working..

0 Kudos
scenarist
Contributor

@king_slavcho You mean the Gaia upgrade to R81.20 ?

0 Kudos
the_rock
Legend
Legend

Does it happen with evert client or just some? I think what phoneboy suggested sounds logical.

0 Kudos
king_slavcho
Participant

On every client that i want to install... I managed to fix it by upgrading the version from 81.10 to 81.20..

king_slavcho
Participant

I managed to solve the installation problem by upgrading the checkpoint version to 81.20 but i still have the antimalware db not updating.. I mean some of the PCs are updated but some not.. I get error that server is not available.. The PCs that are up to date are updated via some website:

Successfuly updated from http://kav8.zonealarm.com/v6

What do i do about this.. No logs found also in this directory: C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common/Logs - I mean the folder Logs does not even exist..

0 Kudos
PhoneBoy
Admin
Admin

Recommend a TAC case here: https://help.checkpoint.com

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What hierarchy do you have configured for the update options (signature sources)?

https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/SignaturesUpdate...

Do your clients have access to the EPM when outside the organisation (via NAT) or a Policy Server deployed in the DMZ?

CCSM R77/R80/ELITE
0 Kudos
king_slavcho
Participant

I managed to solve the first problem with the connection by upgrading the server from 81.10 to 82 version and now that works. But i still have problems with anti malware update from server.. I changed to policy to get the malware signatures from external server as a second option but that is not good because it congests the Internet bandwidth..

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Did you open a ticket with our TAC support to investigate?

The Super Nodes (refer also: sk171703) function might be an option if there are bandwidth concerns. 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events