Jump to content

sanlucas

Members
  • Content Count

    25
  • Joined

  • Last visited

Posts posted by sanlucas

  1. Hi I have about 40 pcs that shows me this error

    Peer certificate is invalid

    What should I check?

    Server:

    ESET Security Management Center (Server), Version 7.1 (7.1.503.0)
    ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)

     

    Clients:

    Agente 6.5.522.0

    ERA 7.1.2053.0

    ------

    I made that update in July last year and had to update all the clients win7 and XP manually

    At the time create a completely new server from 0.

    this is the status.html3

    Scope Time Text
    Last authentication 2020-Mar-11 11:26:49 Enrollment OK
    Last replication 2020-Mar-11 11:26:50 ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.0.100" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.0.100" port: 2222 with proxy set as: Proxy: Connection: 192.168.0.54:3128, Credentials: Name: gaston, Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details:
    • Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.168.0.100:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: c9571c4d-bc84-11e9-9313-1a4868efc0ac, Sent logs: 0, Cached static objects: 53, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
    • All replication attempts: 33123
    Last successful replication 2020-Mar-09 11:02:49 OK
    • Successful replications: 30217
    • All replication attempts: 30219
    • Connection: 192.168.0.100:2222
    • Scenario: REGULAR
    Peer certificate 2020-Mar-11 10:59:49 Error
    • Agent peer certificate with subject 'CN=Agent at *, C=US' issued by 'CN=Server Certification Authority, C=US' with serial number '018437f343bd744248ba7128a7e21ba08501' is invalid now (NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain)
    • Peer certificate may be valid but can not be verified on this machine
    • Check time validity and presence of issuing certification authority
    Product 2020-Feb-17 11:29:38 Product install configuration:
    • Product type: Agent
    • Product version: 7.0.577.0
    • Product locale: en_US
    Replication security 2020-Mar-11 11:26:50 OK
    • Remote host: 192.168.0.100
    • Remote product: Server

     

    I have not changed any certificate not in clients or servers, I have only run updates for the server through the console

     

     

  2. Marcos: this is the status.html3

    Scope Time Text
    Last authentication 2020-Mar-11 11:26:49 Enrollment OK
    Last replication 2020-Mar-11 11:26:50 ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.0.100" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.0.100" port: 2222 with proxy set as: Proxy: Connection: 192.168.0.54:3128, Credentials: Name: gaston, Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details:
    • Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.168.0.100:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: c9571c4d-bc84-11e9-9313-1a4868efc0ac, Sent logs: 0, Cached static objects: 53, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]
    • All replication attempts: 33123
    Last successful replication 2020-Mar-09 11:02:49 OK
    • Successful replications: 30217
    • All replication attempts: 30219
    • Connection: 192.168.0.100:2222
    • Scenario: REGULAR
    Peer certificate 2020-Mar-11 10:59:49 Error
    • Agent peer certificate with subject 'CN=Agent at *, C=US' issued by 'CN=Server Certification Authority, C=US' with serial number '018437f343bd744248ba7128a7e21ba08501' is invalid now (NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain)
    • Peer certificate may be valid but can not be verified on this machine
    • Check time validity and presence of issuing certification authority
    Product 2020-Feb-17 11:29:38 Product install configuration:
    • Product type: Agent
    • Product version: 7.0.577.0
    • Product locale: en_US
    Replication security 2020-Mar-11 11:26:50 OK
    • Remote host: 192.168.0.100
    • Remote product: Server
  3. Hi I have about 40 pcs that shows me this error

    Peer certificate is invalid

    What should I check?

    Server:

    ESET Security Management Center (Server), Version 7.1 (7.1.503.0)
    ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)

     

    Clients:

    Agente 6.5.522.0

    ERA 7.1.2053.0

  4. Hello, agent version 6.5.522.0 is able to communicate with the new ESMC version 7 server (the agent can update virus lists, can also activate licenses).

    My question is: can the agent update eset endpoint 6.5.2107.1 to the latest version ??????
    I use the native ESMC proxy.

    The new agent does update my eset endpoint but version 6.5.522.0 does not, it gives me a repository error.
    Thank you

  5. My connection would be like this:  

    PC                            > Agent PC                               >    Server ESMC (free internet)            
    Without Internet    > Proxy 192.168.0.100:3128    >    192.168.0.100
                                       pass: blank    
                                       user: blank    

  6. Marcos, there are several scenarios on my LAN.

    The only scenario I want what functions is:
    Pc on the LAN, without internet connection, connecting to the ESMC server using the native ESMC proxy.

    From the ESMC console I send an update to the PC without internet to update the client or the Endpoint and this task fails.

    Error synchronizing package repository. Read the follow-up message for more details.

  7. Hi marcos:
    1- I can't install anything from the ESMC, if for example I can activate licenses.
    2- if the products are completed in the repository when creating the task
    3 -if everyone uses the ESMC proxy to update the virus base because the terminals have no free internet output.
    4- There is another proxy but in another IP address and only accessed with username and password
    5- does the client firewall also have to allow the exit to the eset servers? Is the ESMC native proxy not used? or are you asking me about the server? (the server has free connection)

    6- the error to epns.eset.com do I have to do something myself or is it part of the problem?

  8. Hi, I have client database connections and updates correctly.
    But I can't update agents or Endpoint to new versions from ESMC
    I use the ESMC native proxy

     

    ESMC Server data:
    ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
    ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)
    CentOS (64-bit), Version 7.6.1810
    Update module 1072.1 (20190626)
    Translation support module 1751 (20190625)
    Configuration module 1740.3 (20190326)
    SysInspector 1274 module (20180918)
    SSL module 1031 (20190405)
    Push notification service module 1053 (20190321)

     

    LOGS CLIENTS:

    status.log:

    OK

     

    lasterror.html:

    CSystemConnectorModule: 2019-Aug-06 13:33:48 Software installation failed: GetFile: Failed to process HTTP request (error code: 20019, url: 'hxxp://repository.eset.com/v1//info.meta')

     

    trace.log:

    2019-08-06 13:00:51 Warning: CEssConnectorModule [Thread 328]: Set policy request to product was successfull
    2019-08-06 13:33:48 Error: CSystemConnectorModule [Thread 698]: Software installation failed: GetFile: Failed to process HTTP request (error code: 20019, url: 'hxxp://repository.eset.com/v1//info.meta')

    ------------

    LOGS PROXY:

    access_log |grep 4.62:

    192.168.4.62 - - [06/Aug/2019:10:48:20 -0300] "POST hxxp://i4.c.eset.com:80/ HTTP/1.1" 200 2094 "-" "-"
    192.168.4.62 - - [06/Aug/2019:10:54:09 -0300] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - "-" "ESS Update (Windows; U; 32bit; PVT F; BPC 6.5.2107.1; OS: 5.1.2600 SP 3.0 NT; TDB 42329; CL 1.1.0; LNG 13322; x32c; APP eea; ASP 0.0; PX 1; PUA 1; CD 1; RA 1; PEV 33710; UNS 0; SHA256 0; WU 2; HWF: 01008641-2222-2A48-EC6E-B3F30E66A475; PLOC es_cl; PCODE 107.0.0; PAR -1; ATH -1; DC 1; RET 0)"
    192.168.4.62 - - [06/Aug/2019:10:54:10 -0300] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 10803 "-" "ESS Update (Windows; U; 32bit; PVT F; BPC 6.5.2107.1; OS: 5.1.2600 SP 3.0 NT; TDB 42329; CL 1.1.0; LNG 13322; x32c; APP eea; ASP 0.0; PX 1; PUA 1; CD 1; RA 1; PEV 33710; UNS 0; SHA256 0; WU 2; HWF: 01008641-2222-2A48-EC6E-B3F30E66A475; PLOC es_cl; PCODE 107.0.0; PAR -1; ATH -1; DC 1; RET 0)"
    192.168.4.62 - - [06/Aug/2019:11:06:09 -0300] "POST hxxp://ts.eset.com:80/query/chsquery.php HTTP/1.1" 200 - "-" "-"
    192.168.4.62 - - [06/Aug/2019:11:06:10 -0300] "POST hxxp://ts.eset.com:80/query/chsquery.php HTTP/1.1" 200 55 "-" "-"
    192.168.4.62 - - [06/Aug/2019:11:06:11 -0300] "POST hxxp://ts.eset.com:80/query/chsquery.php HTTP/1.1" 200 - "-" "-"
    192.168.4.62 - - [06/Aug/2019:11:06:11 -0300] "POST hxxp://ts.eset.com:80/query/chsquery.php HTTP/1.1" 200 54 "-" "-"
    192.168.4.62 - - [06/Aug/2019:11:08:21 -0300] "POST hxxp://i4.c.eset.com:80/ HTTP/1.1" 200 1926 "-" "-"

     

    error.log:

    [Tue Aug 06 07:55:42.435900 2019] [proxy_http:error] [pid 14409] (70008)Partial results are valid but processing is incomplete: [client 192.168.4.131:49182] AH01110: error reading response
    [Tue Aug 06 08:22:46.006627 2019] [proxy:error] [pid 17018] [client 192.168.0.100:58244] AH00898: Connect to remote machine blocked returned by epns.eset.com:8883
    [Tue Aug 06 10:23:08.667745 2019] [proxy:error] [pid 26599] [client 192.168.0.100:43330] AH00898: Connect to remote machine blocked returned by epns.eset.com:8883
    [proxy:error] [pid 1185] [client 192.168.0.100:45838] AH00898: Connect to remote machine blocked returned by epns.eset.com:8883
     


     

     

  9. Ok Peter_J, but Michalj resume excelent!!! 😉

    Quote

    ESMC server itself does not serve as "update server" neither "licensing server" for your clients. They still need to contact ESET cloud infrastructure, to be activated, use LiveGrid, or get module updates.

    😊

     

    Thank You!

     

     

  10. Hi, I have a problem with the time in the logs and I don't know how to solve it.

    I am in Argentina (UTC-03: 00) and in the logs of the clients, it shows me the time with 3 more hours!

    The server time is correct.
    The client's operating system time is correct.

    What should I configure?

     

    ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
    ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)

     

  11.  

    Mmm see if I understand correctly.
    My PCs do not have internet access, but if they arrive locally at the ESMC7 server, that is, the Server sees the clients and vice versa.
    I understand that if clients have access to the server could I use it to update etc?
    If I use the installers generated from the server with your agent, will 3 things happen?

    1- I will not be able to activate the antivirus?
    2 - I will not be able to download updates?
    3 - I will not be able to update modules, versions, etc.?
    4-I will not be able to run from the Server Tasks on clients?

    Therefore, in order to have everything correctly, I must use the proxy that is configured on the ESMC7 Server and configure the clients, even though they are on the same LAN?

  12. Previously I used proxy for clients that were on the same lan within my company.
    I have updated my server to version 7 new SMC, and reading the help I see that they updated the communication protocol.
    The question I have is that my clients are within the same lan and same IP frame, but they have no internet connection.
    Should I use proxy to connect to the SMC and update signatures and modules? Or is it not necessary while they are on the same lan and same plot?

×
×
  • Create New...