Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Endpoint Protection => Topic started by: avadas.de on August 02, 2011, 02:25:05 PM

Title: Windows 7 contact to the server not possible
Post by: avadas.de on August 02, 2011, 02:25:05 PM: Hi,

what does it mean, when a Windows 7 Computer (Windows XP working fine) is rejected by the SBC after a successful rollout and the reason listed is "Computer banned"?
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 02, 2011, 06:59:20 PM: Any idea what "banned" means in this case?
Title: Re: Windows 7 contact to the server not possible
Post by: wpn on August 02, 2011, 07:37:46 PM: aint it in the administrator manual?
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 02, 2011, 07:47:40 PM: Hi,

Quote from: wpn on August 02, 2011, 07:37:46 PM
aint it in the administrator manual?

I couldnt find it there. In the overview "Admin" -> "Computer login audit trail" only the Windows 7 Computer are listed with the "Rejection reason" "Computer banned".
Title: Re: Windows 7 contact to the server not possible
Post by: wpn on August 02, 2011, 10:36:47 PM: did you read the ADNM admin guide or the SBC admin guide?
in the last, can you post the link, i cnat seem to find it anymore

further more this will be a question then only be answered by avast team
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 02, 2011, 11:07:08 PM: Hi wpn,

since you are from NL, I guess it you can understand this one: http://forum.avadas.de/threads/3344-avast!-Business-Protection-(Plus)-1.0.41750 (http://forum.avadas.de/threads/3344-avast!-Business-Protection-(Plus)-1.0.41750) :)

It has the latest links as well as the documentation it it. I used the SBC documentation of course.
Title: Re: Windows 7 contact to the server not possible
Post by: wpn on August 02, 2011, 11:16:34 PM: LOL thnx avast.de its not hard to understand the links
i do indeed understand some german tho ;)

thnx, ill update my FAQ i just posted with some of the links
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 03, 2011, 12:20:18 PM: Hi,

it seems to be a problem with the LDAP/DNS infrastructure in the customers domain, because he reported back the following to me:

On first deployment from the console (to both Win7/WinXP mixed), the WinXP stations registered with <computername> to the SBC, the Win7 stations registered with <computername>.<domainname> and were listed as "banned" in the "Computer login audit trail".

However when he deletes all those Windows 7 PCs and re-creates them manually using the DNS host name <computername>.<domainname> they are connected successfully.

The customer is using an Linux domain controller, not Microsoft AD.

Any idea where the problem could be? Maybe a solution for an easier handling? Re-creating all computer objects (Win7) manually takes some time of course.
Title: Re: Windows 7 contact to the server not possible
Post by: lukas.hasik on August 03, 2011, 12:42:47 PM: Quote from: avast.de on August 03, 2011, 12:20:18 PM
Hi,

it seems to be a problem with the LDAP/DNS infrastructure in the customers domain, because he reported back the following to me:

On first deployment from the console (to both Win7/WinXP mixed), the WinXP stations registered with <computername> to the SBC, the Win7 stations registered with <computername>.<domainname> and were listed as "banned" in the "Computer login audit trail".

However when he deletes all those Windows 7 PCs and re-creates them manually using the DNS host name <computername>.<domainname> they are connected successfully.

The customer is using an Linux domain controller, not Microsoft AD.

Any idea where the problem could be? Maybe a solution for an easier handling? Re-creating all computer objects (Win7) manually takes some time of course.

The name in console and the name that uses the client have to match. If they don't the computer isn't recognized as the "managed" one.
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 03, 2011, 02:03:24 PM: Hi Lukas,

is there any reason, why the XP clients contact the server with FQDN and the Win7 clients do not. As far as I understood they share the same domain in the same network. Any idea how I could force a client to always return his FQDN to the SBC?
Title: Re: Windows 7 contact to the server not possible
Post by: wpn on August 03, 2011, 07:58:16 PM: @avast.de

dont you mean the Win7 do register with their FQDN (with domainname) and XP registers with their NETBIOS (without domainname) name?
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 04, 2011, 02:59:15 PM: XP Clients will be detected with the NETBIOS name and access the console server with the NETBIOS name
7 Clients will be detected with the NETBIOS name and access the console server with the FQDN

Question is...why do the Windows 7 clients send a different logon name? Where does the avast! Managend Client read this information from and how does it get transported to the server.
Title: Re: Windows 7 contact to the server not possible
Post by: lukas.hasik on August 04, 2011, 10:37:45 PM: all the informations about your computers comes from Active Directory. Check the records of the XP and Win7 computers in AD.
We tested it in our environment with XP, Win7 without a problem...
Title: Re: Windows 7 contact to the server not possible
Post by: avadas.de on August 05, 2011, 06:32:06 AM: Hi Lukas,

thanks for your reply. They are using a Linux PDC, not AD. I guess that is the source of the problem. Unfortunatly I never set up a Linux DC, therefore I don't know what they could have configured wrong.
Title: Re: Windows 7 contact to the server not possible
Post by: Infratech Solutions on August 05, 2011, 08:53:21 AM: Quote
all the informations about your computers comes from Active Directory

And, where is the information in a WORKGROUP?