Jump to content


Most Valued Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by ewong

  1. I think it's under %PROGRAMFILES%\Apache Software Foundation\apache-tomcat-<version>\conf.
  2. ewong

    GPO policies

    I had major headaches doing the "GPO install Agent + AV" route. YMMV, of course; but, IMO, if you're going to just use GPO, it would make life easier if you'd just setup a policy that installs the Agent, and then use the ESMC 'Software Install' client task to install the necessary AV. again.. ymmv. Edmund
  3. Hi, Here are a few ideas that I have: Check if the Tomcat logs say anything. Check if the Tomcat service is running. Were there any firewall changes? You mentioned that you tried to connect to the MC and that it's not available. What exact error did you get? A 404? Cannot connect (i.e. not listening to any connections)? On the ESMC server, if you do a "netstat -na", is the port available and listening? Edmund
  4. Well, ended up the problem was twofold: 1) Java path was there, except not complete. Was missing some files. 2) Required a reboot. Edmund
  5. Hi @pctech1380, Yes, I also have encountered this though I haven't quite gotten to figuring out why it's happening. I think the logs might have something to say about it though. Edmund
  6. Hi, After suffering a system failure which took out the ESMC server, I had to install ESMC on a different server and after getting the appropriate things squared, I installed the all in one on a Windows 2012R2 system. Clicked on Ok by mistake and completely missed the URL for the webconsole. Anyway, after much searching I found it; but, upon logging in, and skimming through the welcome screens, the dashboard tries to load; but I eventually get the error "Error during dashboard has occurred". I click on OK, and am back on the screen but I've noticed that all the icons are missing. ;/ Just the text is available. I then try to go into the Server settings, but that managed to kill the ESMC instance as I'm booted out and can no longer go to the webconsole. I'm scanning the Server logs (those in the EraServerApplicationData), but I'm seeing some 'forcibly closed' messages. Tomcat has no logs stating why it's crashing. At least, not in the apache-tomcat-<??>/logs dir or in the Tomcat/logs dir. However, in the Event Viewer, I'm seeing "The Apache Tomcat 9.0 service terminated unexpectedly. It has done this 1 time(s)." Later on, I see another entry. That said, I'm suspecting I need to do a reboot as in the Event Viewer, I'm seeing a bunch of "Apache Tomcat terminating unexpectedly interspersed with some GPO warnings. Thanks Edmund
  7. Agent installation ending prematurely (which I also have encountered before... though what follows is a fuzzy recollection of what I did) tends to mean something (either in the registry, or in the eset directories) are preventing it from running. Firstly, make sure you're installing it with Admin privs. Secondly, check if the Agent is *already* installed (though if you check in the Add Programs (or Programs and Features..depending on the Windows version)), if the ESET Agent exists but with no installation date or whatever, it probably means something in the system has screwed up. The *best* thing to do is to grab the EsetUninstaller and go into Safe Mode and run it. It'll detect old installations. Just remove the installed versions with the EsetUninstaller. (can be downloaded from the ESet website). HTH Edmund
  8. Hi, I'm guessing that the DC002 is the system that the agents are trying to connect to? Do you have any agent policies set up and associated with the agents? Perhaps the agent policy setting has it on (i.e., you selected the Agent with proxy policy while creating the agent deployment packages? But IIRC, that is the default response. Have you checked that the ports on DC002 are allowing 2222? Edmund
  9. @Rami nope. I don't have a full disk; though not sure how I can find out if it is blocked. I mean, it downloads to 63% so it is downloading (*I think*); and if it was blocked (for some reason), wouldn't it have complained about it at the beginning? Going to try to do a packet tracing and see what's going on. Thanks Edmund
  10. It shouldn't be a problem since eventually, the computer's agent will reconnect with the ESMC. :ewong
  11. Well, I feel a bit dense, even with the information provided. It's my understanding that the command you ran was on the AWS instance and not your workstation (or whereever you access this AWS instance). Is the ESMC server behind a firewall? If so, do you happen to have the correct port-forwarding rules? If it's a system directly connected to the Internet requiring no firewall, then check the ESMC system's firewall. If it's a windows system, check the incoming port allowances. If it's a linux ESMC system, check for selinux and iptables rules. Edmund
  12. Just updated the MirrorTool and while the repo creation worked, the updates still fail as shown below: ============= UPDATES MODE ========== Mirror Tool, Copyright (c) ESET, spol. s r.o. 1992-2019. All rights reserved. Creating mirror for product: ep6. Mirror type changed to regular Initialization Initialization finished Perform full mirror started Update status for product 'ep6' changed to: Preparing structures and analyzing Downloading file: update.ver.signed. Downloaded: 100 % Downloading file: update.ver. Downloaded: 100 % Update status for product 'ep6' changed to: Downloading files Downloading file: em023_32_r0.dll.nup. Downloaded: 92 % Update status for product 'ep6' changed to: Updating Downloaded: 100 % Update status for product 'ep6' changed to: Finished Perform full mirror finished Uninitialization Uninitialization finished Creating mirror for product: era6. Mirror type changed to regular Initialization Initialization finished Perform full mirror started Update status for product 'era6' changed to: Preparing structures and analyzing Downloading file: update.ver.signed. Downloaded: 100 % Update status for product 'era6' changed to: Downloading files Downloading file: em045_64_n15.nup. Downloaded: 100 % Update status for product 'era6' changed to: Updating Downloaded: 38 % Update status for product 'era6' changed to: Finished Perform full mirror finished Uninitialization Uninitialization finished Error: Perform full mirror failed with error: Undocumented serious error. Error code is: 4122 Error occured.
  13. The first thing to check to see if the server's firewall has that port blocked. :ewong
  14. Hi, Where is this being shown in? The agent installation log or somewhere else? What operating system does this AWS instance run on? :ewong
  15. In theory, once the PCs have gone through the GPO software install, I believe they keep track of the agent 'version' and won't install it again unless you updated the GPO policy. Installing software from ESET's repository requires access to the internet. But since you've already gotten them deployed, I guess all's well. Edmund
  16. Related to basically, it's the following query: delete from dbl_tags_zig; I'm assuming that's the same issue; if so, then yeah the above query should work (assuming that you don't have any existing tags). I didn't, so I was able to delete all the entries. Edmund
  17. As I only have that log line to go by the following is just a guess. Since it's an eset.com system, it's external and therefore, the first suspect would be the firewall rules (either the windows firewall, or your corporate firewall). Edmund
  18. If I understand this correctly, the offsite IT team changed the names of the systems and I would further assume they modified the DNS to reflect the changes? First and foremost, take a gander at the logs for the agents to see why they can't connect to the server. (I'm assuming the IPs stayed the same). My guess is it's a certificate issue. I think the simplest way (as far as I can understand, though I'm sure ESET admins have a better idea) Add a CNAME (old name of esmc server) to the dns to have the agents connect to the new name. Generate a new set of certificates (CA, Server and Client) and create a new set of policies to apply the new certs to the agents. What this does is have the agents find the 'new-name' server via the 'old-name', connect to it (since they are using the old-system certificates). (Here's the part where I'm not sure if things are going to work well). Once connected, the new policies will ensure the new certificates get applied to the new agents/servers. I guess, worse comes to worst, you'd re-do the whole shebang (but that's a very tedious way). Edmund
  19. Description: - Include a REST API in ESMC so that the administrator can gather information without needing to log on to the ESMC. Detail: - The ability to run customized data-gathering scripts against the ESMC gives the administrator better ability to grab the information he/she wishes without needing to fiddle with the Report generator or in fact any aspect. (Though, tbh, I'm not sure which would be a burden.. supplying REST information or having the user generate reports..etc). Thanks!
  20. Yes, this system doesn't have support for SSE4. Edmund
  21. Addendum: I looked at the database tables that I think are related to tags (namely, tbl_tags_*) and found that while the test tag I created got entered into tbl_tags_zig, none of the other 'related' tables were ever modified in that they were all empty. So I what I think happens is if you create an ad hoc tag, it adds it to the tbl_tags_zig, with the blockdata; but not actually update/add anything else to the other tables (as I speculate that the tbl_tags_data should also have something added to it as referenced to it). Edmund
  22. Managed to unhork the database by the following (luckily I had only one tag): go into mysql select the era database delete from tbl_tags_zig; Restarted the ESMC server service, and now I can log in. Steps to reproduce this issue: Create new peer certificate Enter the necessary information as required, particularly for the first screen where it allows you to specify a tag, you click on "select tag" and then enter a value that isn't in your tag list. finish up the certificate signing and click Finish It will then state that the Certificate has been created; but would then follow up with a Failed to load data and then it'll log you off and the ESMC service will crash. Edmund
  23. Hi, I'm just encountering a very weird error. I was just trying to create a new peer certificate when after clicking on create, the webconsole spins for a bit and then it displays "Failure to load data" and then it promptly logs me out. Now when I try to log back in, it shows a small message above the login part " Login failed: Connection has failed with state 'Not connected'. After a bit, it'll allow me to log in; but when I do, it then shows an error "Failed to load tags" and then it boots me out. Now it won't let me log in. I go onto the server's event viewer and noticed this error: The ESET Security Management Center Server service terminated unexpectedly. It has done this 3 times. So I go and restart the ESMC server and try to log in. Unfortunately, it immediately gives me a "Failed to load all tags." error and then after clicking the OK, it gives me a 2nd error: Failed to load data report resolving failed: null. I click on ok and it boots me out again. So I restart the ESMC server again... I'm feeling it might have something to do with me creating an ad hoc tag during the certificate creation stage. Not entirely sure; but I feel the database has been horked. Right now, I'm going into the database (which thankfully is MySQL based) and figure out which table his horked and hopefully fix it; otherwise, I'll need to do a complete reinstall (unless someone else has a good idea). Edmund
  24. Hi @MartinK, I managed to get some of the metadata3 files from ESET servers, but apparently we also need these manifest.erm files as well. I'm guessing they are required for the eula folders? Edmund
  25. @Marcos, any chance there's a possibility that I can get the format of the metadata3 file from ESET so I can generate it myself? Thanks Edmund
  • Create New...