The ESET Remote Administrator Console hasn’t caused me much grief over the years when it comes to pushing out installations. But recently I was helping a client upgrade the workstations to version 5 of NOD32, now called ESET Endpoint Antivirus, or ESET Smart Security. Things seemed to be going fine, but then I noticed that at least 2 computers were not in the Remote Install
tab’s computer list.
That seemed unlikely, since the primary method of finding computers for ERAC is Active Directory. I knew for sure that these computers were on, had valid IPs, were responding normally, joined to AD, etc. They were even already running an older version of NOD32 and reporting to ERAS!
Nonetheless, I tried doing some custom searches, tried IP scans, etc. During an IP scan from ERAC, I checked the progress. In the progress window they show you the computers that have been detected so far, and the missing ones were in there. Problem is, they disappeared again from the final list!
At this point I started my web searches, but I didn’t find a whole lot. Someone with a similar problem found their solution: the computers in question had IP conflicts. I had already ruled that out though, and there were definitely no IP conflicts. But it got me thinking, and I checked DNS.
Forward lookup returned just fine. The name resolved to the correct IP. But reverse DNS did not! It turns out the reverse DNS for the IPs of both computers were full of references to old machines that had those addresses.
I ended up finding several more like that once I investigated further. I also found a strange instance where reverse DNS was correct, but there was another forward record (long since invalid) pointing to the IP of a workstation that did exist.
To explain:
-
- WorkstationA
192.168.1.5
-
- WorkstationOld
192.168.1.5
-
- 192.168.1.5
WorkstationA
From most perspectives this should be harmless. WorkstationOld
doesn’t exist anymore, WorkstationA
has proper forward and reverse DNS. But it prevented WorkstationA
from showing up in ERAC.
So if you’re having issues with missing computers during push installs of NOD32 (I will forever call it that), take a look at DNS.
In my case, this client did not have Discard A and PTR records when lease is deleted
checked on their DHCP scopes, and they also didn’t have DNS scavenging enabled to get rid of outdated dynamic records. DNS scavenging can be confusing, and if done incorrectly can wipe out a lot of important records, so don’t rush it. Josh Jones does a great job explaining how to set up DNS scavenging and what all the settings mean.
Leave a comment if you’ve found other reasons why workstations go missing in the remote install list.