Jump to content

8bit

Members
  • Content count

    14
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. 8bit

    ERA Error Log

    I may have spoke too soon. My peer certs along with installers that contain a wildcard of * work but the certs and installers that use an IP address do not and all of the PC's that I've tested have access to the ERA server via IP address.
  2. 8bit

    ERA Error Log

    Martin, It's now working! I went back and created a new CA then went to settings and changed the default certificate to the newly created cert. That allowed me to created the install .bat file and so far, agents are connecting to my ERA. Thank you for your help!
  3. 8bit

    ERA Error Log

    Id like to start from scratch in regards to my CA and Peer Certs. What's the best course of action to do this? I plan to push out a new Agent installer for all devices once I have this working. Thanks for any help you can provide.
  4. 8bit

    ERA Error Log

    Thank you again Martin for your help. I'm about to pull my hair out at this point trying to create a basic Peer Cert using server name or IP. I keep getting the following error message: "Failed to get installers: Specified certification authority certificate was not found" I've tried the CA that was setup during installation and a new CA I created to no avail. I have another installer using a Peer cert with * for hosts and it works - 7 clients using it right now. I'd like to use a more secure certificate than using a wildcard but for some reason I'm hitting a wall. I've searched this forum and the ESET knowleagebase and found some helpful info but nothing I do allows me to create an installer bat file successfully when I use anything but a wildcard of * Any ideas?
  5. 8bit

    ERA Error Log

    Our setup is ~200 devices that all exist on our LAN on multiple subnets. If I understand you correctly, if I'm only connecting agents to our ERA on our LAN, then using a certificate may be overkill? Servers should use them regardless. Am I understanding you correctly? Also, When creating a cert I've tried entering the ERA server's IP (static) and server name to no avail. How do I properly setup the cert? I found a guide in the ESET knowleadgebase but it was scarce on details. Thank you again for the excellent support!
  6. 8bit

    ERA Error Log

    We can mark this post as solved. I did as you suggested MartinK and checked the server logs and the problem appears to have been caused by the certificate I created for the Agent Installation. If I used the IP of the ERA server or FQDN the client's connect to ERA was closed but if I used an * it worked like a charm. I found a similar thread today where a few people had the exact same issue but no resolution was provided. As long as I can use the cert where I inserted the * and it works, I would say this thread should be marked Solved. Thank you for your help!
  7. I've pushed out the new agent installation .bat file to several PC's in our organization and they are able to update their virus definitions but I'm unable to 'see' them from my ERA. DNS, firewall, etc does not appear to be the issue. Any help would be greatly appreciated. I've modified the server.city for security reasons. SchedulerModule 2018-Jul-06 19:09:28 Received message: RegisterSleepEvent AutomationModule 2018-Jul-06 19:10:03 Trigger: Tick ALLOWED [UUID=00000000-0000-0000-7006-000000000001, TYPE=REPLICATION]. AutomationModule 2018-Jul-06 19:10:03 Task: Executing task [UUID=00000000-0000-0000-7005-000000000001, TYPE=Replication, CONFIG=scenarioType: REGULAR linkData { dataLimit: 1024 isDisabled: false connections { host: "server.domain" port: 2222 } }]. CReplicationModule 2018-Jul-06 19:10:03 CReplicationManager: Processing client replication task message CReplicationModule 2018-Jul-06 19:10:03 CReplicationManager: Initiating replication connection to 'host: "server.domain" port: 2222' (scenario: Regular, data limit: 1024KB) SchedulerModule 2018-Jul-06 19:10:03 Received message: GetRemainingTimeByUserDataRequest NetworkModule 2018-Jul-06 19:10:03 Received message: CreateConnectionRequest NetworkModule 2018-Jul-06 19:10:03 Attempting to connect to endpoint: 192.168.1.22 NetworkModule 2018-Jul-06 19:10:03 Socket connected. NetworkModule 2018-Jul-06 19:10:03 Socket connection (isClientConnection:1) established for id 9971 NetworkModule 2018-Jul-06 19:10:03 Sending: VerifyUserRequest CAgentSecurityModule 2018-Jul-06 19:10:03 Verifying certificated user from host server.domain CAgentSecurityModule 2018-Jul-06 19:10:03 Creating replication server user NetworkModule 2018-Jul-06 19:10:03 Receiving: VerifyUserResponse NetworkModule 2018-Jul-06 19:10:03 Connection closed by remote peer for session id 9971 NetworkModule 2018-Jul-06 19:10:03 Forcibly closing sessionId:9971, isClosing:0 NetworkModule 2018-Jul-06 19:10:03 Removing session 9971 NetworkModule 2018-Jul-06 19:10:03 Closing connection , session id:9971 CReplicationModule 2018-Jul-06 19:10:03 CReplicationManager: Replication (network) connection to 'host: "server.domain" port: 2222' failed with: Connection closed by remote peer for session id 9971 CReplicationModule 2018-Jul-06 19:10:03 CReplicationManager: Skipping fail-over scenario (missing last success replication link data) CSystemConnectorModule 2018-Jul-06 19:10:28 StatusLog_PERFORMANCE_USER_STATUS: "Rows":[{"symbols":[{"symbol_type":453,"symbol_data":{"val_int":[1]}},{"symbol_type":447,"symbol_data":{"val_uuid":[{"uuid":"82970732-dd7e-4ea5-a99a-124016afdc88"}]}},{"symbol_type":454,"symbol_data":{"val_time_date":[{"year":2018,"month":7,"day":6,"hour":19,"minute":10,"second":28}]}},{"symbol_type":456,"symbol_data":{"val_res_id":[508906757892866568]}}]}] SchedulerModule 2018-Jul-06 19:10:28 Received message: RegisterSleepEvent AutomationModule 2018-Jul-06 19:11:03 Trigger: Tick ALLOWED [UUID=00000000-0000-0000-7006-000000000001, TYPE=REPLICATION]. AutomationModule 2018-Jul-06 19:11:03 Task: Executing task [UUID=00000000-0000-0000-7005-000000000001, TYPE=Replication, CONFIG=scenarioType: REGULAR linkData { dataLimit: 1024 isDisabled: false connections { host: "server.domain.com" port: 2222 } }]. CReplicationModule 2018-Jul-06 19:11:03 CReplicationManager: Processing client replication task message SchedulerModule 2018-Jul-06 19:11:03 Received message: GetRemainingTimeByUserDataRequest CReplicationModule 2018-Jul-06 19:11:03 CReplicationManager: Initiating replication connection to 'host: "server.domain.com" port: 2222' (scenario: Regular, data limit: 1024KB) NetworkModule 2018-Jul-06 19:11:03 Received message: CreateConnectionRequest NetworkModule 2018-Jul-06 19:11:03 Attempting to connect to endpoint: 192.168.1.22 NetworkModule 2018-Jul-06 19:11:03 Socket connected. NetworkModule 2018-Jul-06 19:11:03 Socket connection (isClientConnection:1) established for id 9972 NetworkModule 2018-Jul-06 19:11:03 Sending: VerifyUserRequest CAgentSecurityModule 2018-Jul-06 19:11:03 Verifying certificated user from host server.domain CAgentSecurityModule 2018-Jul-06 19:11:03 Creating replication server user NetworkModule 2018-Jul-06 19:11:03 Receiving: VerifyUserResponse NetworkModule 2018-Jul-06 19:11:03 Connection closed by remote peer for session id 9972 NetworkModule 2018-Jul-06 19:11:03 Forcibly closing sessionId:9972, isClosing:0 NetworkModule 2018-Jul-06 19:11:03 Removing session 9972 NetworkModule 2018-Jul-06 19:11:03 Closing connection , session id:9972 CReplicationModule 2018-Jul-06 19:11:03 CReplicationManager: Replication (network) connection to 'host: "server.domain" port: 2222' failed with: Connection closed by remote peer for session id 9972
  8. 8bit

    Reinstalled Remote Admin

    Ah! Per the logs the connection failed due to incorrect/unknown certificate or key format Remote machine is not trusted. I have a CA on my ERA. Clearly I've missed a step Many thanks again for your help!
  9. 8bit

    Reinstalled Remote Admin

    My Agents still aren't reporting in or being seen by ERA. See the steps below that were taken: Generated a new Certificate for Agents with a new passphrase Setup a new Agent Installer selecting the new cert I just created Downloaded the BAT file Pushed out the BAT file successfully to two PC's and also ran it on a third manually to ensure installation (using PDQ deploy instead of GPO) BAT file uninstalls the previous agent install and installs the new one Network ports are not being blocked between PC's and ERA server and DNS is working properly It's been almost 24 hours and still no sign of my agent PC's and the only machine showing up is the ERA itself. In the past I had been able to push out the Agent installer I downloaded from the ERA console and push them out with PDQ without issue. Any help you can provide would be greatly appreciated!
  10. 8bit

    Reinstalled Remote Admin

    Thank you for your quick response Michal. I'll have to generate a new cert and push out those agents. Regards,
  11. We recently had a catastrophic failure of a server and couldn't restore it so we had to reinstall ESET Remote Admin. The agents are of course still installed on all of our PC's and servers and once the installation was complete I see all of them in the Rogue section. To keep things organized, I synced our AD to a group folder within Computers but those show no information. Unknown modules for all AD accounts. What is the best way to move forward to get my ESET agents pulled back in properly? Will I have to manually move all of my rogue devices? Thanks!
×