Blink: How to change Blink and REM communication port for Central Policy.

Last Updated: 01/22/09

Summary:
Sometimes after troubleshooting or from pre-existing knowledge, it becomes necessary to change the Central Policy (CP) port that Blink and the Application Bus
use for communication to the REM Console. The default CP port is 2000. The instructions below indicate how to modify REM and REM deployment packages to
communicate via an alternate port. This is commonly used in environments that use the CISCO VOIP Solutions that generally run on port 2000, or on any network
that is already using port 2000 for other software.

Procedure:

1. Change the registry keys below. These are an example for using port 2001.

    [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\AnonClient]
    "Port"=dword:000007d1

    [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\AnonServer]
    "Port"=dword:000007d1

    [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Client]
    "port"=dword:000007d1

    [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Deployment]
    "port"=dword:000007d1

    [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Server]
    "port"=dword:000007d1

    Note: Please ensure when adding your values use the decimal radial.

2. Edit the 'eeyeremoteinstall.ini' file in 'C:\Program Files\Common Files\eEye Digital Security\Shared Services Host\data\remoteservice'

3. Search for the portion that says 'port=2000' and change the numbered section to the port you wish to use. e.g. 'port=2001'

4. Edit the Package File for the Blink installation manually this file is located by default in 'C:\Program Files\Common Files\eEye Digital Security\Shared Services
Host\data\Packages' and will have the name of the package within the XML files. Please make sure you change the one you're attempting to deploy. You will want
to add the 'APPBUSPORT=XXXX' portion to the command parameter XML tag within this file.

Example:
     Here is an example of an unmodified 'eeyeremoteinstall.ini'

<process order="2" method="run" name="Blink" exename="BlinkSetup.exe" version="4.0.0" versionSerial="4194304" crc32="D136414B">

<installScript />
<updaterSettings>
<url>https://sec.eeye.com/UpdateServer/</url>
</updaterSettings>
<installDir>C:\Program Files\eEye Digital Security\Blink</installDir>
<installLog>C:\Program Files\eEye Digital Security\Blink\bsetup.Log</installLog>
<commandparams>INSTALLDIR="C:\Program Files\eEye Digital Security\Blink" /qn REBOOT=ReallySuppress CONSOLEDEPLOY=1 /Liom "C:\Program Files\eEye
Digital Security\Blink\bsetup.Log"</commandparams>
<logRegEx>
<success>completed successfully.</success>
<failure />
</logRegEx>
<RunOnce>

     Here is an example of a modified 'eeyeremoteinstall.ini'

<process order="2" method="run" name="Blink" exename="BlinkSetup.exe" version="4.0.0" versionSerial="4194304" crc32="D136414B">

<installScript />
<updaterSettings>
<url>https://sec.eeye.com/UpdateServer/</url>
</updaterSettings>
<installDir>C:\Program Files\eEye Digital Security\Blink</installDir>
<installLog>C:\Program Files\eEye Digital Security\Blink\bsetup.Log</installLog>
<commandparams>INSTALLDIR="C:\Program Files\eEye Digital Security\Blink" /qn REBOOT=ReallySuppress APPBUSPORT=2001 CONSOLEDEPLOY=1 /Liom
"C:\Program Files\eEye Digital Security\Blink\bsetup.Log"</commandparams>
<logRegEx>
<success>completed successfully.</success>
<failure />
</logRegEx>
<RunOnce>

Keywords: Blink, Remote Deployment, Remote, Deployment, Port Change, Cisco Skinny

Deployment Troubleshooting Checklist

Last updated: 6/26/2009

Summary: The below steps are technical steps to assist in identifying reasons for an unsuccessful Blink deployment from the REM Management Console or 3rd

Party Package utility. Unsuccessful deployments from REM typically relate to environmental specific security settings like firewall settings, Windows GPO settings,

proxy settings, and more.

Step 1: Identify the deployment method and symptoms that you are seeing.

Step 2: Perform the suggestions made below according to the deployment method and the symptom.

Step 3: If symptom cannot be remedied by the given suggestions, perform the tests indicated (see TESTS section below).

Step 4: Depending on outcome of Tests, collect logs by following the Collecting Logs section.

----------------------------------------------------

REM Events Manager Symptoms (REM GUI)

----------------------------------------------------

1. Files are not copied over to the remote machine and Blink is not installed.

-Verify if Administrators can access shares on the remote agent system

-Verify if the Network Access: Sharing and Security model is set to Classic mode (not on Guest Mode )

-Verify if is not the Windows Firewall or some other firewall stopping the file copy.

-If nothing works or if problem is not fixed, collect SSH logs while deploying (see Collecting Logs below)

2. Files are copied and the eeyeremoteinstall service is running on the agent

-Perform Tests: Step A, Step B, and Step C.

-If nothing works or if problem is not fixed, collect SSH Logs, RdLogs and Application Bus Logs

3. Blink starts unlicensed / asks for Registration / Doesnt take the policy
-Perform Tests: Step A, Step B, Step C, and Step D

-If nothing works or if problem is not fixed, collect SSH Logs, RdLogs and Application Bus Logs.

----------------------------------------------------

3rd Party Deployment Symptoms

----------------------------------------------------

1. Blink is not installed on the remote system.

-Verify Windows Scripting Host 5.0 installed and running properly by opening a command prompt and typing "cscript".

-If 5.0 or higher is not installed, download and install it from Microsoft.com. Next retry the installer.

-If 5.0 or higher is already installed, collect all .log files from c:\Windows\Temp and any subdirectories in c:\Windows\Temp.

2. Blink starts unlicensed or asks for registration or doesn't obtain the policy.

-Perform Tests: Step A, Step B, Step C, and Step D

-After performing the above tests, recreate the deployment package with the same settings as before and deploy (install) this new package.

-If problem is not fixed, collect SSH Logs, RdLogs and Application Bus Logs

----------------------------------------------------

TESTS

----------------------------------------------------

Step A: Telnet Test

Summary - Connect from the Blink machine to REM on port 2000

HOW TO -

1.) Start > Run > cmd.exe

2.) Enter the command (without quotes): "telnet [insert REM SERVER hostname] 2000" and press enter.

3.) You should be at a blank screen with a blinking cursor.

4.) Press Enter three times.

5.) If it does not disconnect, something along the route is stopping data packets on port 2000 (VPN, firewalls, etc.) The appropriate network personel will need to
investigate the issue.

Step B: Check for another application using port 2000 on both the Blink machine and REM machine

HOW TO -

1.) Start > Run > services.msc

2.) Locate eEye Application Bus, right click, chose Stop.

3.) Start > Run > cmd.exe

4.) Enter the command (without quotes): "netstat -ano".

5.) If there is anything listening on port TCP 2000, it needs to be stopped for deployment and Blink to function properly.

Sample netstat -ano:

TCP 0.0.0.0:2000 0.0.0.0:0 LISTENING 2896

Step C: Verify that NTLM settings match on REM and the Blink machine. See Microsoft's explanation here for the appropriate setting and ensure all machines have

the same setting.

HOW TO -

1.) Go to the REM machine

2.) Start > Run > secpol.msc

3.) Expand Local Policies

4.) Click on Security Options

5.) View the setting for "Network Security: LAN Manager Authentication Level"

6.) Go to the Blink machine

7.) Repeat steps 2-5 and ensure the setting is the same.

Step D: Check Proxy settings on REM server

HOW TO -

1.) In REM go to: Setup > Options > Proxy Settings and verify if the correct HTTP proxy settings are entered.

----------------------------------------------------

Collecting Logs

----------------------------------------------------
Summary: In order to collect logs (as asked for above), you must follow all sections A-C below to turn on log collection, then reproduce the problem (ie redeploy),

then go back and obtain the logs from the result of the reproduced issue. Once the logs have been obtained, you may undo the actions asked as to not degrade

your system performance. Once you obtain the logs, upload to your ticket on the Clients Portal.

A. SSH (Shared Services Host) Logs

1.) Go to the REM Machine

2.) Start > Run > services.msc

3.) Locate eEye Shared Services Host, right click, and Stop

4.) Open Notepad and File - Open to C:\Program Files\Common Files\eEye Digital Security\Shared Services Host\eeyessh.exe.config

5.) Replace the line: <add name="TraceLevelSwitch" value="0" /> With: <add name="TraceLevelSwitch" value="4" />

6.) Start the eEye Shared Services Host service.

-Follow Step 7 after reproducing issue

7.) Collect the file C:\Program Files\Common Files\eEye Digital Security\Shared Services Host\SharedServicesTraceLog.txt

B. RdLogs (Blink Remote deployment Logs)

Obtain the below files after reproducing your issue:

These files are in an RdLogs folder inside Blinks installation folder. Usually this is located at: c:\Program Files\eEye Digital Security\Blink\Rdlogs

If this folder does not exist, provide all .log files from C:\Windows\Temp (or C:\Windows\_Inst if it exists) and the file: "c:\Program Files\Common Files\eEye

Digital Security\SyncIt\debug_syncit.log"

If no file can be located, search the system for a debug_syncit.log file.

C. Application Bus debugging logs

1.) Go to the REM Machine

2.) Start > Run > services.msc

3.) Locate all eEye services, right click, and Stop them all

4.) Start > Run > regedit

5.) Browse to: HKEY_LOCAL_MACHINE\SOFTWARE\eEye

6.) Right click eEye and choose New > Key and name it "Diagnostics" (without quotes).

7.) Download the free DebugView utility from http://www.sysinternals.com

8.) Launch DebugView.exe

9.) Locate all eEye services, right click, and Start them all

10.) Leave debugview open and capturing.

-Follow Step 10 after reproducing issue

11.) Save output of Debugview to a .txt file for eEye Support.

Knowledge Base Article ID: KB000873

Blink & REM: How to Setup Blink and REM to communicate via the Internet using Fully Qualified Domain Name

REM & Blink: How to Setup Blink and REM to communicate via the Internet using FQDN

Last Updated: 12/16/2009

Summary:
Some customers because of their network environment, nature of doing business, or diverse network infrustructure, they require the ability for Blink and REM to
communicate over the internet using a fully qualified domain name (DNS name).

This article will discuss the steps for a software REM implementation to successfully communicate Blink policies and results to/from the REM Console (Central
Policy and REM Events). Some assumptions made in this article are basic networking knowledge and administrator rights on the machine.

Please read this article in its entirety prior to completing.

For any questions or unique environments, please open a support ticket via the Customer Portal to discuss with support.

Procedure: To configure REM and Blink communication via the internet using FQDN perform the following:

On the REM Events Manager machine:

1) Go to Start > Run > Regedit
2) Browse to: [KEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Deployment]
3) Add a String Value, "ServerName" under this key with the value being your DNS name (ie "rem.company.com") (w/o quotes).
4) Browse to: [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Deployment\seccomm]
5) Add a String Value, "ServerName" under this key with the value being your DNS name (ie "rem.company.com") (w/o quotes).
6) Browse to: [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\REM Events Manager\3.0\Config]
7) Add a String Value, "CentralPolicyURI" under this key with the value being your DNS name (ie "rem.company.com") (w/o quotes).
8) Next, ensure you have external DNS setup to route properly resolve to the external IP Address for the REM machine (ie "rem.company.com").
9) Make sure your firewall allows TCP 2000 and TCP 21690 inbound to the REM machine.
10) If your firewall is NAT'ing or Port Forwarding, please perform the following:

 Go to Start > Run > Regedit

 Browse to: [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\LocalList]

 Add 2 or more String Values using your external IP address and external DNS name under this key with the value being empty (ie
"rem.company.com" = "")

11) Go to Start > Run > Services.msc

12) Restart all eEye Services

If you have any existing Blink Policies:

13) Go to C:\Program Files\eEye Digital Security\REM Events Manager\Applications\Blink Manager\Central Policy\Groups\
14) Open _default.xml in Notepad
15) Search for rem:// and edit the default rem://machine_name to rem://rem.company.com (keep the full path as already specified there)

Note: You may have to repeat step 13-15 for each existing policy in your REM. New policies are addressed with Step 6-7 above.

On an existing external Blink machine:

1) Go to Blink GUI
2) Go to Options
3) Enable Central Policy
4) use REM protocol
5) input rem.company.com
6) enter the policy name
7) enter the central policy password (specified when you initially setup REM in REM Events Manager Configuration)
8) Click verify settings to validate Central Policy can update successfully.

Conclusion:
In the summary, the steps above will allow you to utilize a fully qualified domain name (DNS) to allow policy updates internally or externally.

For any questions or unique environments, please open a support ticket via the Customer Portal to discuss with support.
Keywords: FQDN, Central Policy, machine name, internet, external policy updates