Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mitja-S3NEXT
Collaborator
Jump to solution

Harmony Endpoint (87.30) hangs on deployment - always on "Waiting for software deployment" stage.

 
 
 

OS  : Windows 8.1 PRO (Update 1)

Endpoint : 87.30  (tryed also other version, but ended with the same result)

0 Kudos
1 Solution

Accepted Solutions
Mitja-S3NEXT
Collaborator

After contacting TAC, the endpoint has started communicating and was successfully deployed.

View solution in original post

0 Kudos
36 Replies
Mitja-S3NEXT
Collaborator

 

Added screenshot:
w81-3.jpg

0 Kudos
ICSI
Collaborator

I happened to me as well but in a Windows Server 2019.

Main problem was solved by deactivating.

  • Microsoft Defender
  • Disabling the Firewall (scary)
  • Removing any other antivirus.

Your Windows version is pretty old so they might be some incompatibility issues. I would say try disabling stuff first before placing an SR.

 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
Mitja-S3NEXT
Collaborator

Thank you ICSS, but it did NOT solve the problem.
Windows 8.1 Pro is still supported. This is not the issue.

0 Kudos
the_rock
Legend
Legend

Does same happen if you try different computer?

Andy

0 Kudos
Mitja-S3NEXT
Collaborator

No, on others computers in the company the deployment works normally.  (so it is not an network issue)

0 Kudos
the_rock
Legend
Legend

So its 100% that computer thats the problem. You need to check further to confirm there is no other 3rd party software blocking this.

Andy

0 Kudos
Mitja-S3NEXT
Collaborator

100% no other 3rd party software is blocking it. I have triple checked it.

0 Kudos
the_rock
Legend
Legend

K, I dont have access to check myself, but logically speaking, I cant see anything else be the issue. If other computers work and you tried same harmony endpoint software, it cant be endpoint thats the issue, it has to be that specific computer.

I would go through programs under control panel one by one if you wanted to uninstall something to make sure there is nothing there left behind that could be the issue. Not saying this is the reason, but its possible there might be some files on the comp that could be causing this...just an idea.

Andy

0 Kudos
Mitja-S3NEXT
Collaborator

Is there any way to check connectivity between the computer and the CheckPoint servers?

0 Kudos
RS_Daniel
Advisor
Mitja-S3NEXT
Collaborator
 

check-connect.png

0 Kudos
ICSI
Collaborator

Hi @Mitja-S3NEXT those akami & amazonaws sites, have you open those ports and IPs? 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
Mitja-S3NEXT
Collaborator

Yes, nothing is blocked.

0 Kudos
the_rock
Legend
Legend

Ok, I know this might be too much to ask for, but is there any way you could send us list of EVERY program listed in control panel on that comp? If so, would help us ensure 100% there is absolutely nothing that could interfere with this...if you can, please blur out any sensitive info.

Cheers,

Andy

0 Kudos
Mitja-S3NEXT
Collaborator
 

No problem. Here is a complete list.

programs.png

0 Kudos
the_rock
Legend
Legend

I dont know every single program listed there, but here is one question I have...just wanted to make sure we are on the same page here. I see first in the list it says endpoint security...which to me indicates its actual harmony endpoint software, which would tell me it "thinks" its installed already. Are you able to click on it and uninstall it and try again or you had done that already?

0 Kudos
Mitja-S3NEXT
Collaborator

The only difference between the other computers is the Windows 8.1 (udpate1) Professional OS, but I got an answer that it is still supported.

0 Kudos
the_rock
Legend
Legend

Not sure if windows 8 is supported based on below:

https://support.checkpoint.com/results/sk/sk115192

You may want to verify with TAC. To check connectivity, just make sure you can do nslookup and ping to updates.checkpoint.com and cws.checkpoint.com

Andy

0 Kudos
ICSI
Collaborator

As far as I remember when I had that problem it was about having another antivirus activated, including MS Defender. Have you disable Microsoft Defender? it could help. 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
Mitja-S3NEXT
Collaborator

100% no defender, 100% no other antivirus software

ICSI
Collaborator

Open the Client, then MENU, aDVANCED, Collect. 

Client, Menu, Advanced, View Policies and see it is connected. is it in the same network as others? 

When you see the logs, what do you see? any error available?

 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
Mitja-S3NEXT
Collaborator

Since the client is not deployed I can not go to any menus, or did you mean something on the portal.checkpoint.com?

0 Kudos
ICSI
Collaborator

Great point! 

could you create a policy only for that computer and disable EVERYTHING and then AFTER (if you see the client deployed, start activating one thing at the time. It could help you to "figure out" where the problem stands. In my case, I did disable the firewall protection, USB port protection, etc. 

 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
(1)
the_rock
Legend
Legend

That also makes sense to me @ICSI 

0 Kudos
the_rock
Legend
Legend

But then, as you said before, disabling firewall blade, sort of defeats the purpose lol

0 Kudos
ICSI
Collaborator

Tell me! I had to disable the MS Defender Firewall in a production environment!! horrible. But is part of the risk management! 😄 -

Basically, the idea is to test it and figure out the problem, but of course you want it enabled at the end. if you cannot make it work, better place a Service Request. (and keep your firewall on).

 

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!
0 Kudos
the_rock
Legend
Legend

Well, my friend, like most things in life...process of elimination ; - )

0 Kudos
Mitja-S3NEXT
Collaborator

Are you sure? Please see this link. Regarding to this link Windows 8.1 Pro (Update 1) is supported.

Client Requirements (checkpoint.com)

0 Kudos
_Val_
Admin
Admin

You are right. Please open a TAC request for your issue: https://support.checkpoint.com

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events