Community
Host showing as offline even though the host computer is running
Links used in this discussion
Links used in this discussion
- https://threatfox.abuse.ch/ioc/259582/
- https://www.virustotal.com/gui/ip-address/64.20.61.146/detection
- https://talosintelligence.com/reputation_center/lookup?search=64.20.61.146
- https://otx.alienvault.com/indicator/ip/64.20.61.146
- https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/704/original/IOCs_20211221.txt?1640122134
- https://talosintelligence.com/reputation_center/support#reputation_center_support_ticket
- https://www.remoteutilities.com/support/docs/about-ru-server/
- https://www.remoteutilities.com/support/docs/setting-up-relay-server/
peter liao,
User (Posts: 2)
Dec 22, 2021 4:40:12 am EST
Support level: Free or trial
Both viewer and host are at 7.1.0.0, issue came up this morning when I tried to access the host pc via viewer on my laptop but it couldnt establish a connection and the host shows offline, when I try to connect it shows initialising connection then failed to connect. I have turned off my firewall, reinstalled viewer a few times and restarted my laptop a few times too. I don't know what else to try and I already referred to the troubleshooting guide
Dept IT,
User (Posts: 3)
Dec 22, 2021 5:52:23 am EST
Support level: Free or trial
Hi Peter,
Same over here; our firewall throws a blocking event for IP and port 64.20.61.146:443 causing the same behaviour as you describe.
Same IP is listed on this website: https://threatfox.abuse.ch/ioc/259582/
May be a listing that needs to be disputed, @remoteutilities?
Same over here; our firewall throws a blocking event for IP and port 64.20.61.146:443 causing the same behaviour as you describe.
Same IP is listed on this website: https://threatfox.abuse.ch/ioc/259582/
May be a listing that needs to be disputed, @remoteutilities?
Alain Paradis,
User (Posts: 10)
Dec 22, 2021 8:58:37 am EST
Support level: Pro
Have the same problem with all Internet-ID connection, even if my RU server is local on my network. If I change the properties of the computer in the address book and use Direct Connection instead of Internet-ID it works. Good if computer are locally on the same network, but for my off-site clients I can't log in their computer. I've checked and our IP address is not blocked anywhere. Rolled back to 7.0.2 and same problem now. Everything was working fine yesterday, problem appeared when installing 7.1.0.0
Pauline,
Support (Posts: 2863)
Dec 22, 2021 11:34:14 am EST
Hello Everyone
Alain, please note that we've responded to your message in another thread to avoid duplication.
Peter and Dept IT, could you please let us know if you're still experiencing the issue? We've received some similar reports and have restarted our severs just in case (even though there was no recent downtimes), so in most cases the access to the remote Hosts is now working.
As for the firewall block - please try adding the DNS name id.remoteutilities.com to the exceptions/allow list, so that the access to our intermediary servers is not blocked.
Please let us know if you have more questions.
Alain, please note that we've responded to your message in another thread to avoid duplication.
Peter and Dept IT, could you please let us know if you're still experiencing the issue? We've received some similar reports and have restarted our severs just in case (even though there was no recent downtimes), so in most cases the access to the remote Hosts is now working.
Thank you for letting us know. We will definitely report this as a False Positive, so, hopefully, this entry will be removed soon.Same IP is listed on this website: https://threatfox.abuse.ch/ioc/259582/
May be a listing that needs to be disputed, @remoteutilities?
As for the firewall block - please try adding the DNS name id.remoteutilities.com to the exceptions/allow list, so that the access to our intermediary servers is not blocked.
Please let us know if you have more questions.
peter liao,
User (Posts: 2)
Dec 22, 2021 8:30:57 pm EST
Support level: Free or trial
Hi, yes I still can't connect to host through internet ID. Anything I can do to fix it?
Dept IT,
User (Posts: 3)
Dec 23, 2021 2:44:55 am EST
Support level: Free or trial
@Pauline: IP 64.20.61.146 is still blocked.
Thanks, but i am not going to make exceptions to our firewall. (I'd rather wait until your server gets de-listed) We are still able to use the software on a laptop connected to our guest-wifi that breaks out through a seperate internet-connection.
@peter and @alain: changing versions are probably not the "culprit"; I guess there might also be some firewall blocking above IP-address in your enviroment. It could be coincedence.
Thanks, but i am not going to make exceptions to our firewall. (I'd rather wait until your server gets de-listed) We are still able to use the software on a laptop connected to our guest-wifi that breaks out through a seperate internet-connection.
@peter and @alain: changing versions are probably not the "culprit"; I guess there might also be some firewall blocking above IP-address in your enviroment. It could be coincedence.
Dept IT,
User (Posts: 3)
Dec 23, 2021 3:08:11 am EST
Support level: Free or trial
@Pauline: you could also check links below:
https://www.virustotal.com/gui/ip-address/64.20.61.146/detection
https://talosintelligence.com/reputation_center/lookup?search=64.20.61.146
https://otx.alienvault.com/indicator/ip/64.20.61.146
You might be able to gain some information on these websites.
I can see that the listing on the Talos-blocklist will expire 2022-01-20
https://www.virustotal.com/gui/ip-address/64.20.61.146/detection
https://talosintelligence.com/reputation_center/lookup?search=64.20.61.146
https://otx.alienvault.com/indicator/ip/64.20.61.146
You might be able to gain some information on these websites.
I can see that the listing on the Talos-blocklist will expire 2022-01-20
Pauline,
Support (Posts: 2863)
Dec 23, 2021 2:16:40 pm EST
Hello everyone,
Peter, could you please provide us the Host log files for examination? You can locate the log files in the following folder:
C:\Program Files (x86)\Remote Utilities - Host\Logs\ and send them to support@remoteutilities.com. Please do not publish the logs on the forum as they might contain personal information.
Dept IT, thank you for the provided links. We'll make sure to check them and submit the False Positives so that our servers address can be removed from the block lists.
Thank you.
Peter, could you please provide us the Host log files for examination? You can locate the log files in the following folder:
C:\Program Files (x86)\Remote Utilities - Host\Logs\ and send them to support@remoteutilities.com. Please do not publish the logs on the forum as they might contain personal information.
Dept IT, thank you for the provided links. We'll make sure to check them and submit the False Positives so that our servers address can be removed from the block lists.
Thank you.
Michael LING,
User (Posts: 2)
Mar 23, 2022 8:08:22 pm EDT
Support level: Free or trial
hi,
I have same issue here, our IT replied 64.20.61.146 is being dropped because it's potentially vulnerable to log4j
64.20.61.146 is included in the list of IOCs provided by Amazon
https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/704/original/IO Cs_20211221.txt?1640122134
any update here how we can fix this?
I have same issue here, our IT replied 64.20.61.146 is being dropped because it's potentially vulnerable to log4j
64.20.61.146 is included in the list of IOCs provided by Amazon
https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/704/original/IO
any update here how we can fix this?
Pauline,
Support (Posts: 2863)
Mar 24, 2022 11:40:06 am EDT
Hello Michael,
Thank you for your message.
Our development department have confirmed that all Remote Utilities modules are safe and are not affected by the Log4j vulnerability since Remote Utilities does not use the affected library.
We will try submitting a new reputation ticket to Talos once again, so that they can correct the IP address's reputation. You can additionally submit a ticket here as well as we believe that this might speed up the process.
Alternatively, you can also set up and use RU Server which allows using Remote Utilities without connecting to our public servers. For more information please see this page.
Hope that helps.
Thank you for your message.
Our development department have confirmed that all Remote Utilities modules are safe and are not affected by the Log4j vulnerability since Remote Utilities does not use the affected library.
We will try submitting a new reputation ticket to Talos once again, so that they can correct the IP address's reputation. You can additionally submit a ticket here as well as we believe that this might speed up the process.
Alternatively, you can also set up and use RU Server which allows using Remote Utilities without connecting to our public servers. For more information please see this page.
Hope that helps.
* Website time zone: America/New_York (UTC -5)