ernestodelisi
Members-
Posts
16 -
Joined
-
Last visited
About ernestodelisi
-
Rank
Newbie
Profile Information
-
Location
Argentina
Recent Profile Visitors
593 profile views
-
ERA Agent (last replication error)
ernestodelisi replied to ernestodelisi's topic in ESET PROTECT On-prem (Remote Management)
The ERA Proxy gives us the following error (attached). The databases are on another virtual server. The database server has 8 sockets @2.00 GHz and 14gb of RAM. We have 12000 clients in ESET version 6. The servers are in the same vlan, do not go through the firewall, Era proxy, Era Server and Database Server. Thaks! -
Good afternoon, we have a problem with the agents. Agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116
-
ERA Agent (last replication error)
ernestodelisi replied to ernestodelisi's topic in ESET PROTECT On-prem (Remote Management)
Thanks for the reply, we currently have another error, agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116 -
ERA Proxy Certificate Problem
ernestodelisi replied to ernestodelisi's topic in ESET PROTECT On-prem (Remote Management)
-
ERA Proxy Certificate Problem
ernestodelisi replied to ernestodelisi's topic in ESET PROTECT On-prem (Remote Management)
It is a new facility, with a new trust certificate. The CA used is the one that was created during the installation. Regards! -
Good afternoon, We have a problem with one of our ERA Proxy, we have an ERA Server on another server. Scope Time Text Last replication 2017-Apr-05 14:11:03 Error: CReplicationManager: Replication (network) connection to 'host: "10.100.8.65" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format. Replication security 2017-Apr-05 14:11:03 Error: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain Remote host: 10.100.8.65 Remote machine certificate is not trusted because signing certificates (CAs) are not trusted or found in system/proxy database Check if signing certificate authority was used during installation of proxy or installed in system I leave a screenshot of the error and the trace.log attached. Era Server 10.100.8.65 Era Server 10.100.8.67 Regards! trace.log
-
Thank you for reply. We have a HTTP Apache Proxy in the ERA Server and edited these lines (httpd.conf): We also have a ERA Proxy in other server. ProxyRequests On ProxyVia On <Proxy *> Deny from all </Proxy> #*.eset.com: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.eu: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Antispam module (ESET Mail Security only): <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Services (activation) <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #ESET servers accessed directly via IP address: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Proxy padre ProxyRemote * hxxp://10.75.100.100:3128 #Configuration written ServerRoot "C:\Program Files\Apache HTTP Proxy" DocumentRoot "C:\Program Files\Apache HTTP Proxy/htdocs" <Directory "C:\Program Files\Apache HTTP Proxy/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> CacheRoot "C:\ProgramData\Apache HTTP Proxy\cache"