Jump to content

helis

Members
  • Posts

    16
  • Joined

  • Last visited

About helis

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Russia
  1. Ok, nevermind, I installed the agent and upgraded the server with the "Security management center components upgrade" ta, it completed successfully. But now I have server v 7.1 and web console v 7.0. I get this warning and I do indeed experience errors and unexpected behaviour. Mainly, this (this is on the "Threats" screen). Rebooting the system didn't help.
  2. Ah, looks like it's a misunderstanding on my part. I have to install the agent on the server with ESMC as well? That's pretty strange, if it's a necessary component, then why isn't it installed out of the box along with ESMC straight away? Oh well, ok. So, as soon as I install it, the notification should pop up? Anyway, how should I go about it, deploy the agent from the server onto itself? As for the agent communication problems, I'll figure this issue out after I've updated the server. Maybe it'll go away on its own after that.
  3. This manual https://help.eset.com/esmc_admin/70/en-US/update_product.html says I need to click the "Update product" button in the "Help" menu, but there's no such button there. I have So there should be an update available, right? Is there some other way to update the server? I've updated the client agents to the latest version and now they seem not to be working communicating with the server correctly. I'm having the same problem as here: httpsg://forum.eset.com/topic/21520-new-agent-does-not-work/ It's said I should update the server, so that's what I'm trying to do. The OS is Debian 9.
  4. Hi, I'm trying to fetch static groups from AD, can't get it to work. I create a server task, put in the credentials but when trying to browse for the needed subtree (the "Browse" button in the "Distinguished name" input field) I get this error: Using ESMC on a Debian 9 server. Anybody could point me in the right direction? UPD Nevermind, I figured it out, needed to install the libsasl2-modules-gssapi-mit package.
  5. Okay, this is not getting less weird at all. I tried deploying the agent with Deployment tool to four machines, all in the domain. For the first two it worked, but for the second two it reported "Success" but looks like the installation was incomplete? The folder is there in "Program Files", but there's no entry in installed software list and the machines don't appear in the ERA. What does that mean?
  6. I did try to install the agent locally with the bat file, and yes it is installed just fine. The only issue is, it didn't want to install until I rebooted the target machine. I assume it has something to do with the previous failed deployment attempt? Anyway, how does this information help me? Meanwhile, I tried deploying the agent on another Win10 machine, with the same result as in the first post. All-in-one installer, deployed or no, isn't the best way in my case because quite a few machines in the network have old versions of AV software (Endpoint 5 or 6 or even Nod 32 in some cases). Practice showed that the only ways to reliably remove those are either using the ESET removal tool (or whatever it's called, the name escapes me) but it requires booting in safe mode which is NOT an option for me, or by installing just the agent and removing the old AV via ERA. If you just manually uninstall it via standard Windows way, the new all-in-one installer almost invariably fails (saying "this might be caused by malware activity"). If you remove the old AV through the agent, everything works fine. This is a whole another matter and I honestly have no desire to investigate and fix it, unless I absolutely have to. I'd rather just go ahead and install the agent manually on every single machine (a couple hundred of those), it probably would take less time. I would consider the remote deployment tool is there was a way to deploy the agent alone. UPD Wait, I've only now figured out that all-in-one installer can be agent-only. Strange to all it "all-in-one" in such case if you ask me, but ok. I'll test the Deployment Tool then and let you know of the results.
  7. Greetings. I have ESET Management Center and recently I've been trying to deploy the agent. It keeps failing and I can't figure out why. Let's say I just need to install it onto a single machine. I manually add it to the computer list. Then I create a server task "Agent deployment" and input all the credentials. The target machine is in a domain, so I use the recommended domain\user format for login (the user has domain administrator privileges). After running for some brief time, the task fails, the report shows error 22. The target machine is Win10 Pro, the server is Debian 9. The server is also a domain member. The trace.log file is as follows (credentials replaced with dummy names): SSH remote deployment failed because CONNECTION CAN NOT BE ESTABLISHED to the target LINUX or MAC machine. *** Error details: connect: Connection refused - Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'. - Verify that SSH daemon is enabled on the target machine and is running on the port 22. - Verify that firewall is not blocking SSH communication between server and the target machine. Agent deployment failed. Please go through the checklist above for specific platform (WINDOWS, LINUX or MAC) that is on the target machine. 2020-05-20 10:44:10 Error: CRemoteInstallModule [Thread 7fd1f7faf700]: Remote deployment failed on 1 targets 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: UnixWindowsNetworkRemoteInstall: remote deployment to 'MACHINE_NAME.DOMAIN_NAME' terminated with 22 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: UnixWindowsNetworkRemoteInstall: output of '"/var/opt/eset/RemoteAdministrator/Server/Scripts/UnixWindowsNetworkRemoteInstall.sh" 2>&1': * Created temporary directory /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ * Creating command input/ouput redirection pipes + mkfifo /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.in.pipe + mkfifo /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.out.pipe -------------------------------------------------------------------------- * Mounting remote share '//MACHINE_NAME.DOMAIN_NAME/ADMIN$' to '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs' + mkdir /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs + LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) + retcode=32 + sleep 0.1 + test 0 -eq 32 + LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME,sec=ntlmv2 //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) + retcode=32 + sleep 0.1 + test 0 -eq 32 + LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME,vers=3.02 //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs + retcode=0 + sleep 0.1 + test 0 -eq 0 + return 0 * [Exit code = 0] -------------------------------------------------------------------------- * Creating remote directory '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6' + LANG= mkdir /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] -------------------------------------------------------------------------- * Copying files to remote dir '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6' + cp /tmp/1c55-e2f1-fe8d-b7f7/ESMCAgentInstaller.bat /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] + cp /opt/eset/RemoteAdministrator/Server/RemoteInstallService.exe /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] -------------------------------------------------------------------------- * Removing previous instance of remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service delete eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password:Failed to open service. [WERR_NO_SUCH_SERVICE] -------------------------------------------------------------------------- * Creating remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service create eset-remote-installer ESET Security Management Center Remote Installation Service %SYSTEMROOT%\era_rd_cAwuRbr6\RemoteInstallService.exe -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: Successfully created Service: eset-remote-installer * [Exit code = 0] -------------------------------------------------------------------------- * Creating remote installer arguments file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args' + echo %SYSTEMROOT%\era_rd_cAwuRbr6\ESMCAgentInstaller.bat + echo %SYSTEMROOT%\era_rd_cAwuRbr6\ESMCAgentInstaller.bat * [Exit code = 0] -------------------------------------------------------------------------- * Starting remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service start eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: . Successfully started service: eset-remote-installer * [Exit code = 0] -------------------------------------------------------------------------- * Querying remote installer service 'ESET Security Management Center Remote Installation Service' until stopped + LANG= net -i -k rpc service status eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: eset-remote-installer service is stopped. Configuration details: Controls Accepted = 0x0 Service Type = 0x10 Start Type = 0x3 Error Control = 0x1 Tag ID = 0x0 Executable Path = C:\WINDOWS\era_rd_cAwuRbr6\RemoteInstallService.exe Load Order Group = Dependencies = / Start Name = LocalSystem Display Name = ESET Security Management Center Remote Installation Service * [Exit code = 0] -------------------------------------------------------------------------- * Reading remote installer exit status file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit' + cat /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit 22 * [Exit code = 0] -------------------------------------------------------------------------- * Remote installation on 'MACHINE_NAME.DOMAIN_NAME' failed with exit status '22' -------------------------------------------------------------------------- * Stopping remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service stop eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password:Control service request failed. [WERR_SERVICE_NOT_ACTIVE] * [Exit code = 255] -------------------------------------------------------------------------- * Removing remote installer arguments file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args' + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args * [Exit code = 0] -------------------------------------------------------------------------- * Removing remote installer exit status file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit' + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit * [Exit code = 0] -------------------------------------------------------------------------- * Removing remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service delete eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: Successfully deleted Service: eset-remote-installer * [Exit code = 0] -------------------------------------------------------------------------- * Removing remote directory '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6' + LANG= rm -r /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] -------------------------------------------------------------------------- * Umounting remote share '//MACHINE_NAME.DOMAIN_NAME/ADMIN$' from '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs' + LANG= umount /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs * [Exit code = 0] -------------------------------------------------------------------------- * Removing command input/ouput redirection pipes + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.in.pipe + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.out.pipe -------------------------------------------------------------------------- * Removed temporary directory /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: Executing remote deployment of agent a86b5c76-903e-4024-a0ab-4a92a51dac1f on 'MACHINE_NAME.DOMAIN_NAME' Windows network remote deployment failed. *** Error details: UnixWindowsNetworkRemoteInstall: remote deployment to 'MACHINE_NAME.DOMAIN_NAME' terminated with 22 - Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'. - Verify that 'MACHINE_NAME.DOMAIN_NAME' can be resolved with 'nslookup' if it is a DNS name. - Verify that firewall is not blocking communication and file sharing between server and the target machine. - Verify that "File and Print Sharing for Microsoft Networks" is enabled on the target machine. - Verify that "Remote Procedure Call (RPC)" service is running on the target machine. - Make sure that simple file sharing is turned off on the target machine. - Activate sharing resource ADMIN$ on the target machine. - Verify that remote UAC filtering is disabled on the target machine (https://support.microsoft.com/en-us/kb/951016). - Verify that 'DOMAIN_NAME\USER_NAME' has administrator rights or use local 'Administrator' account that is enabled on the target machine. - Verify that 'DOMAIN_NAME\USER_NAME' password is not blank. - Verify that you can remotely log on to the workstation from the server. - Verify that from server machine you can access 'net use \\MACHINE_NAME.DOMAIN_NAME\IPC$' from the Command Prompt. - Change 'ESET Security Management Center Server' service credentials from 'Network Service' to user with domain administrator permissions temporarily for deployment. SSH remote deployment failed because CONNECTION CAN NOT BE ESTABLISHED to the target LINUX or MAC machine. *** Error details: connect: Connection refused - Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'. - Verify that SSH daemon is enabled on the target machine and is running on the port 22. - Verify that firewall is not blocking SSH communication between server and the target machine. Agent deployment failed. Please go through the checklist above for specific platform (WINDOWS, LINUX or MAC) that is on the target machine. 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f7faf700]: Remote deployment failed on 1 targets I'm not sure what to make of it. Does it or does it not fail to create the installer service? If the service is created, does it fail to start it? UPD ESET Security Management Center (Server), Version 7.0 (7.0.471.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)
  8. One would think it's pretty basic stuff, but I can't get it right. So, I have a computer with an IP address of 10.X.Y.Z and mask 24. I've tried templates "IP subnet is equal to 10.X.Y.0" and "IP address is greater than 10.X.Y.1 AND IP address is less than 10.X.Y.254". I assume the computer should automatically fall into the group, right? Yet it doesn't. I don't understand.
  9. I see, gonna try doing that tomorrow. Thank you!
  10. Ahhh, I think I finally get it. Instead of making settings on individual clients, I should create individual policies which would contain only this specific setting overriding that of the main policy. Is this how it's supposed to be done?
  11. Yes, I got that, but I need the rules to be editable on clients, so what do I do then? PS Sorry for the mess with the links, I was editing that out, but you've replied already, so there's no point I guess.
  12. Thank you for your reply, Marcos, but as I said, what you're suggesting doesn't work either. I'll just illustrate what I'm doing: 1. Before I do anything: hxxp://puu.sh/E8f9v/594d86f669.png 2. After I click "Edit": hxxp://puu.sh/E8fcG/52cfbdde72.png 3. I add a rule hxxp://puu.sh/E8fdi/28a413cbf1.png hxxp://puu.sh/E8fdw/891ddd384a.png 4. I click "Save". Voila, the rules are not editable on clients hxxp://puu.sh/E8fe3/f7408cc858.png 5. I click the icon you've marked as "2" hxxp://puu.sh/E8ff3/ea3b2bc041.png 6. And then "OK" in the warning window hxxp://puu.sh/E8fg4/eb1412ed21.png 7. The rule is still there if I press edit hxxp://puu.sh/E8fjb/8cb2fdf26a.png Ok, so I'm happy, I press "Finish", get "Policy saved" message, horray. However, if I try to edit it again, guess what, here's the rules window: 8. hxxp://puu.sh/E8fkw/eb3db2d2e3.png And no, if I apply the policy for some client machine, even before step 8, the rules are not editable. That's why I'm kinda confused.
  13. I'm trying to create a device control policy that is as follows: 1. All usb storage devices are blocked by default on the clients. 2. On some individual clients some particular usb storage devices (specified by their serial numbers) are allowed either for read-only or for full access. 3. On some individual clients all usb storage devices are allowed for full access. When I tried doing it on a local machine with Endpoint 7 installed, I created multiple rules: one that blocks all usb storage devices and several others that allow certain devices. I placed the blocking rules at the bottom of the list and everything worked as intended. But now that I'm trying to create a policy in ESMC, I've run into strange issue. What I'm trying to do is block all devices via the policy and then allow certain devices on client machines individually. The settings on local machines are password-protected, so they won't be editable just by anyone. But as soon as I create a blocking rule, the setting becomes uneditable for clients. If I try to make it editable for clients, the rule vanishes and I get a warning: > Important: entered values will be saved only for settings that are applied. Any values entered in settings that are not applied will be lost when saving the policy. Duplicate the policy to keep a copy of entered data. < I for the life of me can't understand what it's trying to convey. What does it mean, "applied"? Isn't that what I'm doing, applying settings?.. I'm at a bit of a loss, what to do here. Would someone help me out?
  14. Nevermind, fell back to older MySQL and ODBC and installed fine.
  15. Hi. I've been trying to install ESET Security Management Center Server Installer (version: 7.0.471.0) on a Debian server and ran into something I can't quite figure out. The command is (passwords and IPs omitted) ./server-linux-x86_64.sh --skip-license --db-driver="MySQL ODBC 8.0 Driver" --db-hostname=127.0.0.1 --db-port=3306 --db-admin-username=root --db-admin-password=*** --server-root-password=*** --db-user-username=nod32 --db-user-password=*** --cert-hostname=*** --disable-imp-program --locale=ru-RU The output: ESET Security Management Center Server Installer (version: 7.0.471.0), Copyright © 1992-2018 ESET, spol. s r.o. - All rights reserved. Extracting archive, please wait... Archive extracted to /tmp/tmp.aKtR2efg2z. Checking OpenSSL ... done [OpenSSL 1.0.2s 28 May 2019] Reading previous installation settings ... failure Checking installed version... done Status of current installation is: NEW Checking database connection ... done Checking database user ... done Loading GUID ... done [GUID = 2a68352e-a321-4d1c-aad6-54d55fde35c8] Inserting root password ... done Generating certificates ... done Skipping static groups synchronization scheduling. Stopping service... Preparing database upgrade ... done Upgrading database ... failure The log of what I presume is the problem: 2019-08-19 11:50:11 Information: Entering function: void Era::Setup::Common::CustomActions::CDatabaseWrapper::ExecuteScriptsInDirectory(const string&, const string&) 2019-08-19 11:50:11 Information: ExecuteScriptsInDirectory: Processing file /tmp/tmp.aKtR2efg2z/setup/Database/MySQL/SetupScripts/Upgrade/2_do_upgrade.sql 2019-08-19 11:50:11 Information: StoreStaticObjectPresets: Initializing with locale 'en_US' 2019-08-19 11:50:11 Information: Entering function: void Era::Setup::Server::CustomActions::Database::CCodeTokenExecutorStaticObjectsBase::SetDefaultDashboard(const Era::Common::DataDefinition::Dashboard::DashboardsData&) 2019-08-19 11:50:11 Information: Leaving function: void Era::Setup::Server::CustomActions::Database::CCodeTokenExecutorStaticObjectsBase::SetDefaultDashboard(const Era::Common::DataDefinition::Dashboard::DashboardsData&) 2019-08-19 11:50:11 Information: Entering function: void Era::Setup::Server::CustomActions::Database::CCodeTokenExecutorStaticObjectsBase::CreateReportTemplateCategory(const string&, const string&, const string&) CustomActions: /export/home/pb2/build/sb_0-34672789-1560939153.14/mysql-connector-odbc-8.0.17-src/driver/my_prepared_stmt.cc:135: int ssps_get_out_params(STMT*): Assertion `values' failed. Aborted 2019-08-19 11:50:11 Information: Installer: Failed upgrading database. 2019-08-19 11:50:11 Information: Installer: Error: : Error occurred while upgrading database Googling hasn't gotten me anywhere. Any advice of what to do here?
×
×
  • Create New...