Jump to content

Christian Stück

  • Content Count

  • Joined

  • Last visited

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Christian Stück

    MDM APNS Certificate validation

    Hello Forum, after some work i got my first iPhone registered at mdm 😄 But it only connects once and i get the error "APNS service certificate validation failed" I allready checked kb for mdm troubleshooting and investigated root certs: grep Entrust /etc/pki/tls/certs/ca-bundle.crt # Entrust Root Certification Authority # Entrust Root Certification Authority - G3 # Entrust.net Certification Authority (2048) # Entrust Root Certification Authority - EC1 # Entrust Root Certification Authority - G2 i tried openssl: openssl s_client -connect gateway.push.apple.com:2195 [...] SSL handshake has read 4066 bytes and written 338 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: 3CE83A11424D2666E442824A8DE22C3576CB941119068687B2DD39BF337980B5F4D795D179454AC9F669437536654E7B Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1544112439 Timeout : 300 (sec) Verify return code: 0 (ok) --- i'm after this for a few hours now - maybe someone has some ideas for me? i was thinking about my firewall but no outgoing traffic is blocked at all. Thanks in advance! Christian
  2. Christian Stück

    MDM Peer Certificate Problem

    i think i figured it out. i changed multiple things, so i don't know which one did it: - set server to advanced security (for ios12) - generated a new proxy-cert without a passphrase and with * as servername - works.
  3. Christian Stück

    MDM Peer Certificate Problem

    Hello ESET, i have an issue with MDM and peer certificates (not https): Agent on MDM (based on VA) is replicating to ESMC-Server. MDMCore is not replicating, gets "SSL Error" MDMCore is using a proxy certificate provided by ESMC-Server. At first i should say that i created a new CA and server/agent-certificates after installation of ESMC and configured the new server-cert in server-settings. Everything is running fine except MDM. While installing MDM with webconsole-connection it got a proxy-certificate from old CA. I tried to change this (unneccessarily while hunting other errors) and in the end revoked all certificates by old CA and deleted the old CA (maybe not clever). I reinstalled MDM-VA with base64-certificates exported from ESMC. Is there any component in the ESMC that may still use a certificate provided by the old CA? How can i deploy a valid certificate to MDM? Thanks in advance! Christian
  4. Christian Stück

    ER 6.5 VA to ESMC 7.0 in-place-upgrade

    Hi Marcos, hi Michalj, do you have any news on this? Thanks! Christian
  5. Christian Stück

    Let's talk about coverage

    Any Agent not reporting to ESMC any more could be defeated by some malware .... but maybe thats paranoid ? Actually i am thinking of events and triggers to tell it-support if any action is required (besides any outbreaks): 0% red Computers less than 10% yellow computers no Computers that were seen > 4 weeks ago (you can not just delete them, you have to investigate.) 0% of computers that where never seen
  6. Christian Stück

    Let's talk about coverage

    Hi Kieran, wow, good work! My most common Problems are: computer replaced but not deactivated, user on vacation, laptop offline. We have multiple admin-teams on multiple locations and not all are devoted to ESET the same amount ? Good to hear, that it IS possible to get 100% Regards, Christian
  7. Christian Stück

    ER 6.5 VA to ESMC 7.0 in-place-upgrade

    That sounds great, thanks!
  8. Christian Stück

    Let's talk about coverage

    Hello Forum, when managing some of our clients (and talking to new ones) i'm thinking a lot about coverage: How many of the PCs in a domain are actually green in your ERA an how close did you ever get to a 100% coverage of all Clients and Servers with up-to-date AV? Okay, the first interesting question is: How many is 100%? Are all in the AD, are all old accounts deactiviated and so on. I would like to exchange real-life-experience about managing clients - if anyone's up to that i would be happy. Greetz from Germany, Christian
  9. Hello Forum, the manual says, there should be a client task to upgrade ERA to ESMC. In my VA i can't select a reference server other than 6.5. Will there be in-place-upgrades for ERA-VAs and, if yes, does anybody know about a timetable? A read somwhere, there is a testing-repository? At another post i read, it might be impossible to upgrade the VA because of outdated CentOS-base? Thanks in advance, i need something to tell my customers ? Christian