Upgraded MAG 4610s from 7.1r7 to 7.2r1. Since then we are having constant host checker problems. Clients are Windows 7 Sp1 64bit.
The only host check policies that fail seems to be the ones dealing with AV. These policies functioned correctly right up until we upgraded. We are using ESAP 2.1.2.
In the Admin UI, Active Users shows "Partially Compliant" and the logs on the appliances show "Host Checker policy 'All_Allowed_AV_Check' failed on host xxx.xxx.xxx.xxx . Reason: ''."
Have uninstaller host checker and removed %username%\AppData\Roaming\Juniper Networks\Host Checker folder. The reinstall did not solve the problem.
Opened a support case as well. Anyone else seeing the issue?
So far WIndows 7 64 bit clients running Trendmicro Officescan and Mac OS X 10.7 clients running Trendmicro as well.
Other host check policies work fine, only the AV policies are having issues. We built two new AV policies, one containing everything and another only trendmicro and both still fail.
We've tried a policy with just Trend and we've tried a policy with all AV both fail. We've tried logging in via web portal and via NC. We've tried this on WinXP, Win7 and OS X.
Support had us upgrade ESAP to a newer, unpublished release. That was this past Saturday. We still do not have a solution, so we've had to modify our host checks in order to allow people to connect.
Yes, if you have tried the latest ESAP and if you are still encountering the problem, I feel - the client versions / client engines may have been upgraded silent which we are not aware off?
If the host checker was able to detect these AV before the IVE OS upgrade, could you please check the AV logs and see if there was any automatic upgrade on the application? - If the engine has been upgraded on the AV automatically, then it could be a co-incidence that the IVE OS upgrade was also done at the same time and this is misleading us to believe that the upgrade broke the host check?
Please ask the JTAC to file a BUG at the earliest on this regard. Normally, the logs required by JTAC are:
1) debuglog.log file from the client computer.
2) Oesisdaginose tool needs to be executed from the host checker folder and you need to get the output to the JTAC.
3) Take a screenshot of the application which is failing.
(Important: Take the exact version detail and also the engine version if available)
This must be related to Trend Micro, possibly even the specific version of Trend Micro you use, and ESAP's test for that.
I just tried checking for Kaspersky on 7.2r1 ESAP 2.1.2 and 2.1.3, and that works.
If you'd like to test your system against 2.1.3, send me a PM, and I'll give you the link to our lab device.
I'm having the same issue... 7.2r1 / Win7 64 bit. Host checker does not seem to detect AV properly. Won't let users in... rolling back to 7.1 until fixed.