See182
-
Posts
14 -
Joined
-
Last visited
Posts posted by See182
-
-
Please provide more details - you have created nee CA certificate in ERA (= using ERA) or you imported it from somewhere else? In case you created CA using ERA, have you also used ti to create new peer certificates? If you, you created new SERVER's and AGENT's certificates?
Okay so I used the ERA WebGUI to create a new CA under Admin - Certificates - CA | Action - New.
There I fill in all the Gapps with a Passphrase and thats it actually.
-
So I just factory reseted my OVA and everything works as soon as I use the default CA and default peer certificates.
If I use an own CA it doens't work. So am I doing something wrong by creating a new CA?
-
Replication security 2016-Sep-21 07:51:16 Error: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
This means that AGENT does not trust SERVER's certificate because it is missing its CA certificate. You have most probably installed AGENT with wrong CA certificate - AGENT expects CA certificate that was used to sign SERVER's certificate. I guess you have multiple CA certificates and you have choose wrong one - is this the case?
Well I've got one CA and four peer certificates. I've created all of them and delete the ones that came from scratch.
-
Could you please check AGENT's status log on one of client's located at C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or C:\Documents and Settings\All Users\Application Data\Eset\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.hmtl? Log shows most significant error and whether AGENT is/was able to connect to SERVER.
In case mentioned log won't be available, please check whether ESET Remote Administrator Agent is actually installed on clients as we had a bug that caused installation failure, but success was reported to SERVER - this applies especially for deployment using remote installation task.
In case status of AGENT installation will be "green" and successful connections to ERA will be reported, please try to restart SERVER's service in OVA - it may be known bug from previous versions of ERA which we cannot exclude as you have not mentioned version of ERA or OVA.
Okay first the informations:
I've download the virtuall appliance of the ESET webpage and these are the versions fo the ERA Server:
ESET Remote Administrator (Server), Version 6.4.304.0ESET Remote Administrator (Webconsole), Version 6.4.280.0
CentOS (64-bit), Version 7.2.1511
I've installed the agent manually on one server and the log file contains three failures.
- Agent peer certificate with subject 'CN=Agent Zertifikat für Hosts, O="NAME HAS BEEN REMOVED"., L=Worms, S=Rheinland-Pfalz, C=DE' issued by 'CN="NAME HAS BEEN REMOVED", O="NAME HAS BEEN REMOVED", L=Worms, S=Rheinland-Pfalz, C=DE' with serial number '"HAS BEEN REMOVED"' is invalid now (NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain)
- Peer certificate may be valid but can not be verified on this machine
- Check time validity and presence of issuing certification authority
- Remote host: STVERA1
- Remote machine certificate is not trusted because signing certificates (CAs) are not trusted or found in system/agent database
- Check if signing certificate authority was used during installation of agent or installed in system
I think I've made something wrong with the certificate
-
Hello,
I'm currently using the Linux Appliance with ERA6 running on it. I can deploy the agents and install the software remotly, but the server will not show me any informations. The only machine that is shown at the dashboard, is the ERA machine itself, all others aren't on the list although the server with the agent installed on it, have the right settings.
Thank you.
-
Thank you very much. I will wait until the new appliance is released.
-
-
Yes, for ERA6 I recommend using the HTTP proxy. Put one on each site, and modify your policies in ERA so that clients on site1 go to proxy on site1. Site2 --> site2 proxy. Etc..
Apache HTTP Proxy (or Squid) can be installed on either Windows or Linux. You can refer to this article for instructions on installing HTTP Proxy on Windows: hxxp://support.eset.com/kb5950
And you can refer to this help guide for Linux: hxxp://help.eset.com/era_install/64/en-US/http_proxy_installation_linux.htm
Best,
Rook
Well I will try to create a Linux machine as a proxy, I think that would make more sense than setting up a Windows Server just to share the ESET updates. Thanka for your help Rook
-
I'm using ERA6. So with proxy option you mean using a HTTP proxy?
-
Well I've installed the version 6, I'll just try it out
Edit:
Okay I've installed everything. Now I've got a different problem. I can't get my ESLC running, it keeps saying that it failed to apply VM parameters.
Maybe it is because I'm running it on a Hyper-V Host?
-
Hello,
well we've got already ERA 6 running on a VM. I just thought I could simply add the Shared Local Cache to it. I will install it on a new machine, so the question is actually not necessary anymore.
But yesterday I configured our ESET policies and saw that the ESET Mail Security had the option to connect to a Shared Local Cache, I couldn't find the same option at the ESET File Security settings. Does this mean that ESET File Security isn't compatible to Shared Local Cache?
Greets.
-
Hello,
in my company we've got a lot of locations and currently all the client geht their Updates from our ERA Server, where the traffic goes over our VPN Tunnel. So in order to reduce the traffic I would like to install subservers in each location, where the server downloads the updates from our server or the ESET server and then deploys them onto the clients.
How can I do this the best way?
Thanks
-
Hello,
I'm just installing the Share Local Cache Server and was wondering if it's possible to install both applications ERA and Share Local Cache onto one Server?
Greets
Linux ERA6 won't show informations
in ESET PROTECT On-prem (Remote Management)
Posted
Okay I already thought that would be the problem. My pupose of the own CA was that I wanted to create for each of our servers. So I don't have everything in one CA and in one Server.