Jump to content

Mirek S.

ESET Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Mirek S.

  1. Hello, Please create customer care ticket from mentioned device - it should include device logs to help android developers to determine what is wrong. Devices should connect every ~half an hour to check with MDM. HTH, M.
  2. Hello, I would not recommend using ODBC driver newer than 5.3.11. Other than incompatibilities later MySQL ODBC drivers/client library also switched to unconditional use of openssl instead of internal TLS implementation they used to have and in some cases this triggers startup clashes of openssl initialization where MDM requires some setup and MySQL actually uses different one causing runtime issues. HTH, M.
  3. Hello, We are aware of this issue. Apple switched to virtual servers (which require TLS SNI) and this caused malfunction in all currently released versions of MDM. Please contact support for hotfix version HTH, M.
  4. Hello, You can install MDM HTTPS certificate via MDM policy. https://help.eset.com/esmc_admin/70/en-US/admin_pol_for_mdc_apns.html HTH
  5. Hello, MDM should register with EPNS on behalf of devices (devices themselves use FCM or APNS). The reason for this error is EPNS tokens did not make it onto ESMC server for some reason. Please verify MDM proxy can replicate to ESMC server and can connect to EPNS (epns.eset.com:8883/443), otherwise we will need high verbosity logs from MDM and MultiAgents - please create customer care ticket. As a sidenote this issue is "cosmetical" as communication between devices and MDM is triggered by new work for device (task) or by EESA when it has logs, we added EPSN only for "single paint of glass" feeling. HTH
  6. Hello, Attached logs does not contain installation log - those are collected only during "component upgrade" task. Please use this method instead. https://help.eset.com/esmc_install/70/en-US/msi_logging.html HTH
  7. Hello, As @Perry noted 3rd party certification authorities typically provide pem or pkcs#12 web certificate which does not contain root CA as that is not required for common webservers - this certificate is typically preinstalled on devices so that chain of trust can be established. MDM does a "bit more" than typical webserver - during enrollment we also install root CA to enrolled device to establish trust (we can't guess whether certificate is selfsigned or signed by CA already trusted by device) so we have extra requirement. I'll look into improving documentation wrt to 3rd party certificates as openssl command line how to convert between formats and appending root CA to existing certificates should help some users. HTH
  8. To have "secure" as in trusted by browser, You need to purchase 3rd party certificate from common internet certification authority. One of such certificate authorities is let's encrypt who provide certificates for free. ESMC creates self-signed certificates which are not trusted unless their root CA is imported into device certificate store. @Command IT What You probably mean was certificate chain installation which was required till 6.5 due to TLS layer we used. In 7.0+ we use different TLS layer on windows (openssl) and PKCS#12 is newly required to contain entire certificate chain including root CA - system certificate store is not used anymore.
  • Create New...