• Content count

  • Joined

  • Last visited

About puff

  • Rank
  1. Got it. The new agent certificate, new server certificate, and new CA were all created during installation of the virtual appliance. That was a couple of months ago so I'd imagine all agents should have the required CA, but I'll start with a small group to test it and roll it out in sections until all the agents are updated, then change the server certificate last. Thanks for your help!
  2. I recently migrated Remote Administrator to a virtual appliance and during the migration I changed the server certificate to match the old server's certificate (following this guide). Now I would like to update all of my agents to use the new client certificate that was created during the virtual appliance install. I know I can change the agent's certificate by applying a new policy. My question is do I update all the agent's certificates first and then change the server certificate or the other way around? I don't want to break the communication between my agents and the server by changing the certificates in the wrong order. Thanks!
  3. Is there an official release date planned for ESA 2.6 yet? Support wasn't able to give me an exact date but since it's close to the end of March I'd imagine it's any day now.
  4. Fixed by pulling the config from a test appliance as you suggested. For anyone in the future who may run into this problem I edited the /etc/krb5.conf file as such: [libdefaults] default_realm = MYDOMAIN.LOCAL ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.LOCAL = { kdc = myserver.mydomain.local } [domain_realm] .mydomain.local = mydomain.local Apparently you should NOT use the CentOS Webmin to edit kerberos settings as it adds a bunch of formatting that will break your active directory sync. Edit only from the terminal using vi or the "Configure domain" wizard in management mode. Also, my default gateway was removed at some point. I ran a bunch of CentOS updates from the Webmin. Do you think that could have broken it? Lastly my network interface is showing this : and this: The network seems to be running normally though, but I do not have this error on the test appliance I configured. Could this be the result of anohter CentOS update? Does ESET recommend not updating CentOS as a best practice? Thanks!
  5. Also, when I run through "Configure domain" from the server console, after the "Check Kerberos configuration in /etc/krb5.conf" I get: Clearing Kerberos cache... kdestroy: Improper format of Kerberos configuration file while initializing krb5
  6. Tried adding the admin_server line. Also tried deleting the old domain controller out of /etc/hosts. Wouldn't deploying a new one do the exact same thing as rejoining the domain? The ERA is successfully joined, and I can rejoin it with no problem and verify that it shows up in active directory. Maybe something is broken from the original configuration though. Might try a new one like you said just to see what that file says.
  7. I'm using an ERA virtual appliance. Active Directory sync was successful when initially configuring ERA, and ERA is joined to the domain. I recently upgraded domain controllers and changed domain controller names. Now when trying to sync from ERA I get "Improper format of Kerberos configuration file while initializing Kerberos 5 library": I've rejoined the virtual appliance to the domain and verified that it's showing up in active directory I updated the KDC from the Webadmin as such: I updated ERA sync settings as such: I've browsed through my /etc/krb5.conf file but without knowing much about it I'm not sure what it should look like. It looks like this: [logging] default = FILE: kdc = FILE: admin_server = FILE: [libdefaults] default_realm = MYDOMAIN.local [realms] MYDOMAIN.local = { default_domain = kdc = myserver.mydomain.local: admin_server = : } [domain_realm] .mydomain.local = MYDOMAIN.local Any help is appreciated.
  8. Thank you for all of that information. I'm configuring Remote Web Access though, not Remote Desktop Web Access. They're similar but two different web applications. I even accidentally selected RD Web Access during ESA configuration the first time and it returned an error that no such web application was installed. I'll try contacting support and see if they have an easy fix for me, or if I should just wait for the next release.
  9. I've installed ESA and selected the RWA Application Protection. The ESA OTP page is not displayed when logging into RWA. In the ESA Management Console nothing appears under "Web Application Protection". I've restarted IIS, and uninstalled/reinstalled RWA protection in the ESA configuration. Is this just an incompatibility with Server 2016? The manual I have ends at 11.2.2 and goes to Chapter 12 "API". It's pretty short on information concerning configuring ESA with RWA.
  10. I'm planning to begin using ESA for RWA two factor authentication (Anywhere Access on Svr16). I have three questions: Can ESA be installed on Server 2016 standard with the Essentials role? I don't see it in the list of supported OS but I'm wondering if there are known issues, or if the documentation just hasn't been updated. Can ESA be installed on a domain controller? I have a redundant backup DC that isn't doing much that I'd like to install it on. During the installation of ESA do I need to select both "Remote Desktop" and "Remote Web Access" or just "Remote Web Access"? I want two factor authentication on the initial RWA login page, so I'm guessing I only need the latter but I want to make sure.
  11. Yep. Looks like it. I tried searching through all the forums for that error and somehow missed that thread. Thanks!
  12. I'm receiving this notification every time a WS2016 with IIS installed starts up: "During execution of Server protection on the computer SERVERNAME, the following event occurred: An error occurred while loading Microsoft Internet Information Server file paths (0)." Digging through my File Server policy hasn't yielded much as I have to assume this is a bug in the default File Security policy regarding IIS configuration on WS2016.