ewong

In theory, once the PCs have gone through the GPO software install, I believe they keep track of the agent 'version' and won't install it again unless you updated the GPO policy. Installing software from ESET's repository requires access to the internet. But since you've already gotten them deployed, I guess all's well. Edmund

Related to basically, it's the following query: delete from dbl_tags_zig; I'm assuming that's the same issue; if so, then yeah the above query should work (assuming that you don't have any existing tags). I didn't, so I was able to delete all the entries. Edmund

As I only have that log line to go by the following is just a guess. Since it's an eset.com system, it's external and therefore, the first suspect would be the firewall rules (either the windows firewall, or your corporate firewall). Edmund

If I understand this correctly, the offsite IT team changed the names of the systems and I would further assume they modified the DNS to reflect the changes? First and foremost, take a gander at the logs for the agents to see why they can't connect to the server. (I'm assuming the IPs stayed the same). My guess is it's a certificate issue. I think the simplest way (as far as I can understand, though I'm sure ESET admins have a better idea) Add a CNAME (old name of esmc server) to the dns to have the agents connect to the new name. Generate a new set of certificates (CA, Server and Client) and create a new set of policies to apply the new certs to the agents. What this does is have the agents find the 'new-name' server via the 'old-name', connect to it (since they are using the old-system certificates). (Here's the part where I'm not sure if things are going to work well). Once connected, the new policies will ensure the new certificates get applied to the new agents/servers. I guess, worse comes to worst, you'd re-do the whole shebang (but that's a very tedious way). Edmund

Thanks @MichalJ, will wait for the next version.

Most likely those policies that affect the firewalls (either ESET Security or Windows). Methinks you'll need to check whether or not any of the ports are blocked as mentioned in here. Edmund

Hi, While trying to figure out the "Anti-phishing protection is not function" issue for a client workstation, I was checking its configuration via "Request Configuration" and found out that if I selected the Agent's configuration, I have no way of going back to check the AV configuration. Steps to reproduce: Select a client's Configuration tab Click on "Request Configuration" and wait a bit There are two configurations listed, the agent and the AV. Select Agent and click Open Configuration. Now there's no way to select the AV configuration. It's literally stuck in the Agent's configuration even if I click on Request Configuration again. I'd have to go back to the Computers list, click refresh, then go back into the client's entry and click on configuration. Then it'll show the list of configurations. Am I missing something? Thanks Edmund

I would assume that since the authentication is via AD, I'm assuming you've set the permissions to specific AD users and you've somehow changed the permissions for the currently logged in user. Check the permissions for the currently logged on user to see if you've disabled/removed any permissions. (Just a suggestion) Edmund

Hi MartinK, It's not that the updates are missing and I do apologize for not explaining properly. I meant that you send an update operating system task to the client, and it would ignore it and would say it succeeded. That said, I've been playing around with this task on some systems and have noticed that it isn't even obvious that the system is updating until it reboots itself. Not even in the Control Panel -> Windows Update does it show it is updating. It just shows that there are x amount of updates not yet installed. Which sparked my confusion. What is seemingly happening is it's updating behind the scenes without even notifying the Windows Update dialog. I'm still wondering if that's a good thing or a bad thing. But just as long as they're updating.. I should be a happy camper. Sorry for the false report. Edmund

Hi, There are a few things that could garner that error; but, as I'm not familiar with the Virtual appliance installation, I'm just guessing the following items could be the solution: - Log into that appliance and restart the Tomcat http server, or the ESMC server or even the database instance (whatever it may be). The issue could be either it can't access the database server or the database itself, or something is fudged and the Tomcat http server is hung and require a restart. Edmund

Then there's some sort of issue with ESMC sending OpsysUpdates task to the clients. Basic steps to reproduce (ESMC ver. 7.1 on a Windows Server 2012R2 system) Client is a Windows 8.0 system: 1) Create an Operating System Update task w/ No Reboot and No Optional installs. 2) Send it to one system which has the 'missing o/s updates'. 3) Wait. Nothing happens, as far as I can see. Nothing in the Server ERAServerApplicationData\Logs\trace.log (at least this is where I think it should've been shown if there were issues.). Any help appreciated. Thanks. Edmund

HI Marcos, I understand the point about the notifications; but what I don't understand is why the "Operating System Update" task don't actually tell the Operating system to install the updates even if I clearly said to install them? Edit: Actually, just to clarify, does this notification + operating system update task combination mean that if I set the Notification to "Critical Updates", it'll only update critical updates and ignore the rest? (I would've assumed that it'd just update the operating system with the critical and recommended patches and ignoring the optional ones (if I have optional ones ignored)? Thanks Edmund

Hi Marcos, Thanks for the info. In the end, I ended up repairing the installation with a new set of certificates, exported the agent and CA certs and am currently repairing all the other clients manually. I am, however, wondering if a GPO can be used instead? I.e. Is it possible to do a repair via GPO? Thanks Edmund

Hi, Kinda feel like I'm digging an even bigger hole. The certificate issue hasn't even been fixed, and now I'm getting a DB error: 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: Loading of tags starting. 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: #rows in blobs: 0 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: #column-attrs: 2 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: #rows: 0 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: Compaction from Load() 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: CExecutor.CCompactionState: Changing error from NoError to GeneralError. 2019-12-14 04:38:44 Information: CDatabaseModule [Thread 1a40]: CExecutor.CCompactionState: Request to change error from GeneralError to GeneralError ignored. Another error allready set. 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CDynamicGroupsModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CSymbolsModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CCleanupModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: NetworkModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CNetworkGrpcModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CServerSecurityModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: SchedulerModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CDataMinersModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CDatabaseModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CUpdatesModule 2019-12-14 04:38:44 Information: Kernel [Thread 1a40]: Unloading module: CTranslatorModule 2019-12-14 04:38:44 Error: Service [Thread 1a40]: [MySQL][ODBC 5.3(w) Driver][mysqld-5.7.27]Got a packet bigger than 'max_allowed_packet' bytes (1153) I'm not entirely sure which setting made the service crash every time I start it. (I'm beginning to feel it's better if I just killed the whole setup and re-install everything... worst case scenario, of course.) Thanks Edmund

It's kinda funny how easy I can dig myself into jams. I had just replaced an Agent certificate (thinking that I can fix it if it goes up the creek); but once I deleted the old one, the agents obviously complained. I had created a new policy just for this purpose and applied it to the set of complaining agents. What I'm curious is how long does it take for the agent to connect to the server and update its certificate? Thanks Edmund

Hi, I'm finding the task executions results confusing. Note the time. 12:09. Time is 12:38. I logged onto the server and it indeed shows that there are 138 updates yet to be installed. Perhaps my understanding of how the Operating System update task works is limited (though I figured it's self-explanatory, which is to say that it tells the system in question to apply the updates). While it works on desktop systems, does it not work on servers? Have I missed something fundamental? Thanks Edmund

Server tracelog is at: c:\Programdata\eset\RemoteAdministrator\Server\EraServerApplicationData\Logs Edmund

Description: - Include a REST API in ESMC so that the administrator can gather information without needing to log on to the ESMC. Detail: - The ability to run customized data-gathering scripts against the ESMC gives the administrator better ability to grab the information he/she wishes without needing to fiddle with the Report generator or in fact any aspect. (Though, tbh, I'm not sure which would be a burden.. supplying REST information or having the user generate reports..etc). Thanks!

@KPCDKyle, could it possibly be either the dns is on the fritz (no DNS set up or no DNS answering) or no gateway set up for that particular vm? (just guesses)

I think what you're trying to say is that while you've installed ERA successfully, the clients were getting updates directly from ESET's server instead of the server you specified? As far as I understand, what you need to do is to deploy a policy to the clients that changes the repository url path. If I remember correctly, it'd be under Policies->New Policy-><select the ESET product> -> change the updates repository to whatever you have setup. That said, I think another way of understanding your query is that while I believe you've set up ERA properly, the updates are set up from the MirrorTool. The ERA server doesn't store any of the updates at all. Edmund

Yes, I used the ESMC component upgrade task. Anyway, I've removed all systems from the list of computers, and managed to have a few systems update their GPO and thusly get the agent re-installed/setup on these systems; however, there are some which I haven't done that (mainly due to them being in use). That said, is there a way (now or in the future) that I can run on the ESMC webconsole, such that all systems still in the lost+found will have their agent's info overwritten by the new certificates. (As in, having just manually added the missing systems, is it possible to get their agents to drop whatever certificate they use and use the new one?) Sorry if I'm not explaining myself well. What I've done is created a new policy that contains the new certificates, and then assigned the policy to the lost & found group. Is this sufficient to get the systems to reset themselves? Thanks Edmund

Yes, this system doesn't have support for SSE4. Edmund

Addendum: I looked at the database tables that I think are related to tags (namely, tbl_tags_*) and found that while the test tag I created got entered into tbl_tags_zig, none of the other 'related' tables were ever modified in that they were all empty. So I what I think happens is if you create an ad hoc tag, it adds it to the tbl_tags_zig, with the blockdata; but not actually update/add anything else to the other tables (as I speculate that the tbl_tags_data should also have something added to it as referenced to it). Edmund

Managed to unhork the database by the following (luckily I had only one tag): go into mysql select the era database delete from tbl_tags_zig; Restarted the ESMC server service, and now I can log in. Steps to reproduce this issue: Create new peer certificate Enter the necessary information as required, particularly for the first screen where it allows you to specify a tag, you click on "select tag" and then enter a value that isn't in your tag list. finish up the certificate signing and click Finish It will then state that the Certificate has been created; but would then follow up with a Failed to load data and then it'll log you off and the ESMC service will crash. Edmund

Hi, I'm just encountering a very weird error. I was just trying to create a new peer certificate when after clicking on create, the webconsole spins for a bit and then it displays "Failure to load data" and then it promptly logs me out. Now when I try to log back in, it shows a small message above the login part " Login failed: Connection has failed with state 'Not connected'. After a bit, it'll allow me to log in; but when I do, it then shows an error "Failed to load tags" and then it boots me out. Now it won't let me log in. I go onto the server's event viewer and noticed this error: The ESET Security Management Center Server service terminated unexpectedly. It has done this 3 times. So I go and restart the ESMC server and try to log in. Unfortunately, it immediately gives me a "Failed to load all tags." error and then after clicking the OK, it gives me a 2nd error: Failed to load data report resolving failed: null. I click on ok and it boots me out again. So I restart the ESMC server again... I'm feeling it might have something to do with me creating an ad hoc tag during the certificate creation stage. Not entirely sure; but I feel the database has been horked. Right now, I'm going into the database (which thankfully is MySQL based) and figure out which table his horked and hopefully fix it; otherwise, I'll need to do a complete reinstall (unless someone else has a good idea). Edmund