ernestodelisi

The ERA Proxy gives us the following error (attached). The databases are on another virtual server. The database server has 8 sockets @2.00 GHz and 14gb of RAM. We have 12000 clients in ESET version 6. The servers are in the same vlan, do not go through the firewall, Era proxy, Era Server and Database Server. Thaks!

Good afternoon, we have a problem with the agents. Agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116

Thanks for the reply, we currently have another error, agents do not replicate to the web console. The ERA Proxy has IP 10.100.8.67 The ERA Server has IP 10.100.8.65 The Agent endpoint pc has IP 10.0.4.166 If I point the agent to 10.100.8.65 (it was server) they replicate correctly and they appear to me perfect on the web console, but those who replicate against 10.100.8.67 (were proxy) lose the connection for some reason. In the case of the equipment that attaches the captures (10.0.4.166), the agent must connect to the proxy era, 10.100.8.67, in the tracelog of the proxy era we see that it was connected today: 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Socket accepted. Remote ip address: 10.0.4.166 remote port: 39530 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Resolving ip address: 10.0.4.166 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Receiving ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread cbc]: Successfully received ip address: 10.0.4.166 from cache 2017-04-25 17:43:37 Information: NetworkModule [Thread 1c0c]: Socket connection (isClientConnection: 0) established for id 7395636 -------------------------------------------------- ----------------------------- Here I leave a part of the tracelog of the team 10.0.4.166 that has drawbacks to appear in the console: 2017-04-25 17:03:38 Error: CReplicationModule [Thread 1bd8]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:04:38 Error: CReplicationModule [Thread b68]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:05:38 Error: CReplicationModule [Thread 12ec]: CReplicationManager: Failed to start replication, replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (REGULAR)) is already in use 2017-04-25 17:06:16 Warning: NetworkModule [Thread a78]: The connection will be closed due to timeout. SessionId: 116 Ip address: 10.100.8.67 Port: 2222 Resolved name: 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Stopping replication scenario due to network connection close (scenario type: Regular, scenario status: Running) 2017-04-25 17:06:16 Error: CReplicationModule [Thread 1160]: CReplicationManager: Failure of scenario (type = Regular, task_id = '00000000-0000-0000-7005-000000000001', link = 'Automatic replication (REGULAR) '(00000000-0000-0000-0000-0000-0000-0000-0000-000000000001), current_step = Transmitting [DataLogsImportant], current_step_phase = Transmitting, remote_peer = host: "10.100.8.67" port: 2222, remote_peer_type = 2, remote_peer_id = 0c53eb7c-016b-483a-8964 -be9853cb2052, remote_realm_id = 6f00364c-91d8-4993-bbac-354fa1d455f2) 2017-04-25 17:06:16 Error: NetworkModule [Thread 13cc]: User context does not exist for id 116

Good afternoon, we have a problem with this agent, it is an endpoint client. Any idea what it could be? Attached log files. Thank you very much. RemoteAdministratorAgentDiagnostic20170411T172921.zip NCPAR509225.rar

The agent's proxy was replicating itself. It was proxy = 10.100.8.67. Where should I replicate the ERA Agent? Thanks,

Thanks you, the problem is solved!

It is a new facility, with a new trust certificate. The CA used is the one that was created during the installation. Regards!

Good afternoon, We have a problem with one of our ERA Proxy, we have an ERA Server on another server. Scope Time Text Last replication 2017-Apr-05 14:11:03 Error: CReplicationManager: Replication (network) connection to 'host: "10.100.8.65" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format. Replication security 2017-Apr-05 14:11:03 Error: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain Remote host: 10.100.8.65 Remote machine certificate is not trusted because signing certificates (CAs) are not trusted or found in system/proxy database Check if signing certificate authority was used during installation of proxy or installed in system I leave a screenshot of the error and the trace.log attached. Era Server 10.100.8.65 Era Server 10.100.8.67 Regards! trace.log

From what I could see in the tracelog, the proxy was working fine, but still with the loopback problem. Thank you!!

We have ERA Server on one server and on another ERA Proxy server, in "Servers to connect to" (ERA Proxy policy) we put the ERA Server address. Is this correct? Regards!

It is correct, in "servers to connect to" this localhost. Should I enter the ip address of the ERA server or the proxy ERA ?, the field can not be empty.

After creating the policy gives us the following error. regards

Thank you very much for the response, we have approximately 5 thousand clients connected to the server. How can we modify the connection time from the proxy era to the server era to test if that works? Regards!

Good afternoon, we have an intermittent problem with the ERA Proxy, it connects and disconnects all the time. Check Firewall, micro-cuts and everything seems fine. We do not know how to solve it. Thank you very much. trace.rar

Thank you for reply. We have a HTTP Apache Proxy in the ERA Server and edited these lines (httpd.conf): We also have a ERA Proxy in other server. ProxyRequests On ProxyVia On <Proxy *> Deny from all </Proxy> #*.eset.com: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #*.eset.eu: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Antispam module (ESET Mail Security only): <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Services (activation) <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #ESET servers accessed directly via IP address: <ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$> Allow from all </ProxyMatch> #Proxy padre ProxyRemote * hxxp://10.75.100.100:3128 #Configuration written ServerRoot "C:\Program Files\Apache HTTP Proxy" DocumentRoot "C:\Program Files\Apache HTTP Proxy/htdocs" <Directory "C:\Program Files\Apache HTTP Proxy/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> CacheRoot "C:\ProgramData\Apache HTTP Proxy\cache"