ewong
-
Posts
297 -
Joined
-
Last visited
-
Days Won
2
Posts posted by ewong
-
-
On 9/13/2019 at 2:50 AM, MartinK said:
Unfortunately AGENT is currently not reporting NIC that is actually used for connection to ESMC -> it reports list of all interfaces with list of all assigned IP addresses. What you see in main client's view in console is selected IP address that is considered as the one with highest priority. In most cases it means it is IP address of NIC that has highest priority on client machine. In case of multiple IP addresses assigned to this NIC, it should be primary IP address of it.
Thanks for the explanation. Is it possible to get the agent to compare the IP of the nic with the IP of the ESMC server so that it can use the same network IP? (Just asking..)
It's strange and a bit scary (had I not asked here) that there could be a chance that agents can scan other connected networks.
Edmund
-
I've noticed with ESET Agent, it takes the first NIC's IP it finds without checking with the configuration. With multi-nic systems, this is a bit of a pain since on the ESMC system list, it'd show other network IPs.
Shouldn't the Agent report to the ESMC the same IP in the network as the ESMC server?
For instance, as shown in the attached screenshot,
The first item is the ESMC server (so in the 192.168.8.0 network), the 2nd one is my system (it's chosen the NPCAP interface), the third is another system that has two nics, and finally the last one is another system in the same 192.168.8.0 network.
Have I screwed up the AGent deployment (via GPO) setting?
Any clarifications appreciated.
Thanks.
:ewong
-
Dunno why it didn't hit me, but I went to the logs and came across the following:
2019-08-26 09:39:32 Error: CServerSecurityModule [Thread 8c4]: ParseDerCertificate: CertCreateCertificateContext failed with ASN1 bad tag value met. Error code: 0x8009310b
2019-08-26 09:39:32 Error: ConsoleApiModule [Thread b58]: 868 Error while processing AddCertificationAuthority request: ParseDerCertificate: CertCreateCertificateContext failed with ASN1 bad tag value met. Error code: 0x8009310b
Looking at the output of the certificate, I noticed that the Issuer field has spaces in between the field name and field value. i.e S = HK instead of S=HKCould this be the problem?
Thanks
Edmund
-
Further addendum is that the first link wasn't really what I should've been reading; but the actual link that I should read(and did) was Custom Certificates: Importing but it didn't help since after doing the procedure, it gave me the error.
What am I missing? I'm thinking it's the format of the PEM file (but I've changed it from PEM to pfx). What is the "Import public key" function expecting from the user?
Thanks!
Edmund
-
Hi,
I've read
and am having some difficulty with importing a CA certificate I created in openssl for the internal CA.
When I go to "Certification Authorities", -> (Actions button) -> "Import Public Key" and then browse to the public key, Click on Import.
I get the following error: "Import has failed: Creating certification authority failed. Check input parameters for invalid or reserved characters."
The public key I'm uploading is a PEM formatted file. Also, reading Custom Certificates I get the feeling that ESMC doesn't support openssl; but I could be wrong.
Are there other documentations that can help me?
Thanks
Edmund
-
Description:
Remotely reset Agents' information using a 'secret key' that will reset where the Agents report to.
Details:
At the moment, using the GPO method of deploying agents is 'simple' enough; but if the ESMC server suffers a hiccup/goes away(for some reason), the ESMC must be installed/reinstalled; thusly the old agents won't be able to communicate with the new ESMC server. Having the ability to set up a 'secret' on the EMSC that can be used to connect to all old-agents and have them reapply the new server information would make life easier. (At this moment, I'm still recovering from a server failure and can't seem to be able to get all of the agents installed properly via gpo, even with the new 'install_config.ini' file set up.) So having this kinda trouble, I've had to go into each system, run esetuninstaller and then have they run gpupdate to get themselves updated) and even then that's not working all the time. [note: I do admit that it is possibly a PEBCAK problem.]
On the flip side, this could lead to security issues (particularly since this is somewhat akin to adding a 'backdoor'), so I'm not sure if this is a good idea.
-
On 7/23/2019 at 6:37 PM, Marcos said:
This is very important information that hasn't been mentioned until now. Without ESMC server being able to communicate with ESET's EDF servers, you can only add an offline license file and use it for activating the appropriate ESET security product on offline machines that report to ESMC.
Hi Marcos,
I actually mentioned it in another thread titled "ESMC requiring internet access to activate" and as I understand it, it didn't need internet access. But to be fair, I probably made a feeble attempt at asking the right question.
My apologies.
Edmund
-
Hi Michalj,
I gave up and allowed that server to access the Internet just this once. Added the license and it worked.
Thanks.
Edmund
-
1 hour ago, Marcos said:
Perhaps you could post some screen shots of the EBA license manager with sensitive data blurred for clarification.
Attached is a screenshot with only 3 offline licenses and no 'main license'. As for importing the license... I'll need to dig for that. It's been a long time since i've touched any nod.lic file.
-
As I understand it, you basically go into the More->Peer Certificates and then create a new one and make sure the "Server" product is selected.
Then go into the Server Settings->Connections, and then change the Certificate.
:ewong
-
Hi,
Is there a way to get back the license if I've removed it from the license panel? I tried retrieving it from the Business Account site, but I couldn't figure it out.
The reason why I'm asking is that when I try to do a product activation on an AV installed system, the license panel only has the offline entries and no online ones.
Any help appreciated.
Thanks
ewong
-
1 minute ago, Marcos said:
ESMC doesn't use any special license file. Use a license file for Endpoint or whatever ESET security product.
Thanks Marcos. I got confused when I created the offline license files and didn't know where to get the main license file. Ends up selecting the main license during product activation was sufficient into to install and product activate online.
-
Hi MichalJ,
I'm not entirely sure how to export the product licenses from the BA account to the ESMC license part. I know how to do the offline license part; but the "Product" list in the generate offline keys doesn't list "ESMC server" so I'm not able to export it to a license file. Also, I only see the option to convert to legacy license file.
Any clarifications appreciated,
:ewong
-
Ah, Thanks Marcos.
One other thing is that apparently with GPO deployments, I need to remove the deployed agent, then I deploy again; but the thing is I need to manually run esetuninstaller.exe as there'll always be some leftovers from the uninstall.
Edmund
-
Hi,
I'm in the process of fixing a fubar'd ESMC migration from one server to a newer one. The old agents are still 'pointing' to the old ESMC server. Since I used GPO to install the agents, I figured I'd use the GPO to redeploy the agents with the updated install_config.ini. Before I do that, the new ESMC does notice the old-esmc-pointing systems (as Rogue computers), so is it possible to get ESMC to change the rogue computers' agents' report-to server? That way, I wouldn't need to get users to reboot their systems.
Thanks
Edmund
-
Hi,
I've moved my ESMC server to another system (which doesn't have internet access). I tried to activate it via the License Key, but it requires contacting the Internet (and naturally, ditto with the ESET Business Account). So I figured the offline license file was the right choice.
However, I couldn't find the option to generate an offline license file for the main ESMC server license. I already generated the offline keys for the AV and FS systems (and am still waiting for the gpos to take hold of other systems(that have access to the Internet).
So my question is is it possible to activate the main ESMC server without needing to open it to the Internet?
Thanks
ewong
-
5 hours ago, MartinK said:
@Marcos: My understanding is that problem is with manual download of ESMC all-in-one installer from ESET download pages, i.e. it is not related to ESMC,
Could you please provide IP address of download.eset.com from you location? Also it is possible to capture download using wireshark or similar tool that could possibly help to diagnose?
Hi,
I'm getting the IP 91.228.167.110.
The attached dump shows the last ~100 lines of entry.
With the following result:
ewong@lasso:/data2$ curl --output x64.zip https://download.eset.com/com/eset/apps/business/era/allinone/latest/x64.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
29 647M 29 192M 0 0 61461 0 3:04:06 0:54:41 2:09:25 95105
curl: (18) transfer closed with 477274427 bytes remaining to read
ewong@lasso:/data2$ -
Hi,
I'm trying to download x64.zip (ESMC all-in-one installer) from download.eset.com; but no matter which system I download from [Windows or Linux], the transfer is closed with 676Mb remaining.
I'm not sure why it's doing this. Might anyone have any idea?
Thanks
Ed
-
Hi,
I'm attempting to move the ESMC from one old server to a newer one and am following the instructions as stated in [1] I'm only on the first step, where I need to create a new peer server certificate. I've let the fields retain the default values (except description), and clicking on the Sign part of the process, I selected the "Certification Authority" and selected the main CA. (the one generated during ESMC installation though I have forgotten if I had a CA password set). I then click on continue and click on Finish. It then shows the following error:
Failed to create certificate: Creating and signing peer certificate failed. Check input parameters for invalid or reserved characters, check certification authority pfx/pkcs12 signing certificate and corresponding password.: Trace info: CreatePeerCertificate: PFXImportCertStore failed with The specified network password is not correct. Error code: 0x56
I'm somewhat wondering if there is a password set. If that's the case, should I just create a new CA certificate and then migrate the old server to use the new CA certificate and then do the migration of the ESMC to the new server?
Thanks
:ewong
[1] - https://help.eset.com/esmc_install/70/en-US/clean_installation_different_ip.html
-
Today, I seem to be running into some weird issue. I'm not sure if it's my system or the webconsole system; but when I logged on to the ESMC server's webconsole, and tried looking at the computer list, it takes an inordinate amount of time to display "Loading". Still waiting after three minutes. [Going to try and reboot the system]
Attached is a sample. In the server's log dir, the status.html shows nothing wrong and the trace.log does show some issues with a system connecting; but that shouldn't be affecting the webconsole loading... or should it?
Anyone seen this before?
Thanks
Edmund
-
I believe if only the Agent is installed and no AV product installed, then it'll be "Unknown". That's my experience at least.
-
On 6/20/2019 at 12:11 AM, zwylde said:
My installation tasks have stopped working. When deploying they say "Failed to run task: The referenced repository package is not available."
When I browse to update the package there is nothing listed. I'm running 7.0.471.0. I verified my sources are set to autoselect. Any ideas?
I believe the reason for that is the ESMC server cannot access the repository (default repo is at hxxp://repository.eset.com... assuming you haven't changed the update server.)
-
7 hours ago, smash007 said:
I want to set the facility code number when reporting log information from Eset Security Manager in SYSLOG
As far as I know and can see, you can't specify the facility to send to. That said, it doesn't mean you can't set up a sys log server which listens to that port and process the incoming info via a script (bash, python...whichever you fancy). Theoretically, you can even set up a syslog server script using a different port to 514, which reads incoming information and then resend it directly to the local syslog server (and to whichever facility you choose).
While it is an indirect way/workaround to the current issue of no facility-specifications in the syslog config, it's better than nothing.
Edmund
-
Out of curiosity, can your machine access the Internet? If not, then you've created a license from the EBA without including the necessary deployment token from ERA. IIRC, you need to specify the appropriate token and include that into the license (via EBA).
I think that's what it is. It's been some time since I've touched any ERA < 6.5.
Edmund
updating repo/updates with MirrorTool
in ESET PROTECT On-prem (Remote Management)
Posted
Hi,
Perhaps I'm missing something; but I'm getting errors while running the MirrorTool.
Here's the error:
Here's the command I use (which I placed in a script so I don't need to type so long a command everytime... )
Similar thing happens when I update the repo as well.
Can someone point out what's bugging the update?
Thanks
Edmund