Mirror, Mirror (and other questions)

Hi there,

I’m starting to move things over from Endpoint protection to Avast For Business. Seem to be stuck on Mirror settings. I’m using the on-prem Management Console.

  • I installed the AfB Management Console on the same server (we’ll call it SERV01) currently running the Endpoint Protection console. Check.
  • The first machine I installed the Client on was my own workstation (we’ll call it PC01). I uninstalled Endpoint Protection on PC01, then installed AfB Agent using the offline installer generated through the AfB console. PC01 is in the correct client group and shows as online in the AfB console. Check.
  • PC01 is unable to get definition updates. This is expected because my Fortinet firewall blocks Avast activity through AppSensor on my clients because I will have about 100 client PCs and want them to use an internal Mirror.
  • I RTFM about mirrors. On SERV01 I uninstall the Endpoint Protection client and install AfB Agent. SERV01 shows online in the AfB console in the proper client group. On SERV01 I turn on the option for Local Update Server. I designate all of the other groups to use this mirror. Verify that none of the device settings are pending my clicking “apply.” Check
  • I wait some time, then on PC01 I try to update definitions through AfB agent. Still can’t reach server.
  • I review C:\Program Files (x86)\AVAST Software\Business Agent\log.txt on PC01 and SERV01 both. I see nothing indicating that PC01 was going out to SERV01 in it’s attempt to get updates.
  • For giggles, I open a web browser on PC01 and enter http://[SERV01_IP]:4158/. Of course nothing loads. But, when I review log.txt on SERV01 I can see the attempted connection from PC01. This tells me that it’s not my network, rather PC01 doesn’t seem to know yet that it is supposed to use the mirror

I have some questions around all this

? First, when I change device settings through the on-prem AfB Mgmt Console, how do the changes get to the Clients? Is it pushed from the console or pulled by the client? How often? Does the client talk directly to the local console?

? Second, if I add the mirror option to my environment after I’ve deployed the agent, does that mean my clients have to re-install the agent to utilize the mirror? If so, that’s pretty inefficient.

? Third, How do I tell on the local client that it is using a mirror, is there an ini file or something somewhere on the client machine that points to the ip of the mirror?

? Fourth, the manual doesn’t talk much about the mechanics of the mirror. Where on my server are the files for the mirror stored? It didn’t prompt me for the location. I have an OS partition and a Data partition. Naturally I would want the mirror files on the Data partition.

? Fifth, with an on-prem AfB Console, and an on-prem mirror–do I need to allow my clients to communicate with avast.com in my firewall? Or in this scenario is all communication to Avast through the server running the AfB console?

? Lastly, email notifications–even if I make the SMTP settings in the AfB console exactly match the SMTP settings in the Endpoint Protection console (which function correctly), for some reason AfB says the SMTP test fails with no other helpful text. Is this failure logged somewhere so I can see what failed?

Contact business support: https://www.avast.com/business-support-contact-form.php

From one of the client devices try loading [i]http://ipofmirrorhere:4158/iabs/servers.def.vpx[/i] in a browser and see if it pulls the servers.def.vpx file (make sure to replace ipofmirrorhere with the actual IP of the mirror/masteragent device).

Also, make sure the client’s are running the latest (18.5) version of the client as older versions may have issues with recent changes to the mirror/masteragent service.

On the client side, there should be an indication in the update.log located C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs as to what server is used for updates.

Thanks Asyn, I’ve opened a case, yet to hear back.

Infratech:

  1. http://ipofmirrorhere:4158/iabs/servers.def.vpx works, vpx file downloads. Do you know where on the server this file resides? Is it c:\ProgramData\CloudCare\AvastCloudCareInstall\updates\iabs? If so, servers.def.vpx is the only object in that folder… Wondering where all definitions etc are stored on the mirror

  2. Clients are runnin 18.5

  3. Looking at update.log, I see the following which leads me to think the client is still going out to avast’s servers.
    [2018-07-23 13:29:17.277] [info ] [servers ] [10308:10608] ‘http://v7.stats.avast.com/cgi-bin/iavs4stats.cgi’ with [77.234.42.252] chosen for ‘stats2’

When I set up the mirror, I had ticked the option that if my local server is unavailable, do nothing. So I would think if settings had correctly trickled down to the client it would call my server, and if my server isn’t available, do nothing

We are seeing the same results in some cases with the updates from the mirror as well in our test lab. Unfortunately, at this point there’s not much more that I can offer to help until the release of the 6.0 version of the console which is set for a late August early September release. This release is suppose to complete the master agent/mirror changes and we should have a more definite path of trouble shooting.

The only other thing I could suggest would be to try using the Avast clear tool and doing a clean install on a client device if you haven’t tried already. The cloud version has had a few updates since the last release of the onpremise console. The devs are working to get everything on the cloud version working prior to releasing another version of the onpremise as it’s easier for them to trouble shoot the cloud version in a real world environment rather than a test lab with the stock windows installs.

I hate to be so vague and not have much further to offer to help, but at the stage of the product with the updates to come and current changes happening to the mirror/masteragent service there’s just not much else to be done other than a clean install with the 18.5 client version which seems to help in our test lab here. The 18.5 client is where most of the final adjustments to the client end was implemented so clients that previously had a prior version installed could present issues.

One other thing that comes to mind to use as a workaround in the meantime would be to download the definition updates manually (or there are scripts out there that can be used to automate the download) https://install.avcdn.net/vpsnitro/vpsupd.exe and place the file on a network share the devices have access to then use something like windows task scheduler to run the .exe at whatever interval you want to update the clients.
I know that’s not an ideal solution but maybe something to consider until the 6.0 update is released to hopefully solve this issue.