Jump to content

GreenEnvy22

Members
  • Posts

    25
  • Joined

  • Last visited

  • Days Won

    1

GreenEnvy22 last won the day on March 20 2015

GreenEnvy22 had the most liked content!

About GreenEnvy22

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Canada

Recent Profile Visitors

781 profile views
  1. That didn't work with the cert that specified the server name, but it did work with the wildcard cert (just *) I've since gone back and edited the policy to use the wildcard, and it seems to be working now. Is there a known issue with using the hostname in the cert?
  2. We've been getting notices that our peer certificates were going to expire soon (next week), so today I created a new server cert, and a new agent cert, in ESMC. The server cert I assigned in server settings, rebooted the VM (windows PC), and that looks like it's working fine. Both used the built in ESET Cert authority, which is still valid for 5 years. The certs are setup for hostname eset.mydomain.com, I also tried just leaving them as *, but neither worked. For agent cert, duplicated our existing agent policy, and setup the change of certificate there. The existing agent policy did not have a certificate specified at all, as clients got this info from the config.ini during installation, or it was just pushed to them from ESMC. I then assigned this new policy to a couple of test machines. Each of them reports in one more time, and I can see they now are assigned the new cert in ESMC, however they are no longer reporting into ESMC. I also tried creating an agent live installer, and installed agent from the batch file, but the agent is never able to connect. In their agent logs, I see messages like: 2020-07-15 14:33:12 Error: AuthenticationModule [Thread 2ee8]: DeviceEnrollmentCommand execution failed with: Request: Era.Common.Services.Authentication.RPCEnrollmentRequest on connection: host: "eset.mydomain.com" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: 2020-07-15 14:33:12 Warning: CReplicationModule [Thread 23bc]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet) 2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: InitializeConnection: Initiating replication connection to 'host: "eset.mydomain.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time 2020-07-15 14:33:12 Warning: CReplicationModule [Thread 23bc]: InitializeConnection: Not possible to establish any connection (Attempts: 1) 2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current) 2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "eset.mydomain.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in timeReplication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (OUT_OF_ORDER), Connection: eset.mydomain.com:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 356af7a2-24c8-42d7-ac8e-061bb6fe9e5c, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] I've tried rebooting the client machines, but it didn't help. Any thoughts on what is going wrong?
  3. Description: Support LDAP or RADIUS login for ESMC Administrators Detail: We'd love to see ESMC support the ability to login via LDAP or RADIUS, instead of just active directory and local users. We want to enable 2FA/MFA to protect ESMC, but trying to avoid the sprawl of apps needed on our phones, with every vendor pushing their own app for MFA. If LDAP or Radius were supported for logging into ESMC, it would open up the option for lots of other MFA services to work, like DUO.
  4. We recently renewed out ESET subscription for 2 more years (Endpoint Security 7). We pushed out the new license via ESMC. Of our roughly 600 computers, we have about 30 who are having an issue. On the clients, they get warnings their license is expired. Investigating further on the server, I see the same license ID listed twice, once with the old expiry date, once with the new one, see screenshot. Other clients who don't have the expiry warning don't show the old license, just the current one. How can I fix this? I tried just making a new task to assign the current license, but while it runs to completion, it doesn't affect the computers. I believe I somehow need to remove that old one.
  5. Interesting Martin. I can't test this as the command I used above got all our computers fixed up. It was something odd as ESMC didn't see these clients as being unactivated (that dynamic group didn't show all these clients), but it also didn't show an assigned license for them.
  6. It's not a name resolution issue causing activation, the agents are reporting into ESMC fine. We're having issues both with clients internal to our office (on internal DNS) and remote clients (on public DNS). I just tried activating one of our problem machines again through ESMC, this one is a server running file security. Activation failed again. I see the attached error in the 'events' log on the client. If I manually activate on client using the key, it works. I also found a workaround, I found the ermm utility, and enabled that by policy. I then used it to push out our key to all the affected users, and the majority of them have now activated. There are a bunch of remaining ones but they are computers that haven't checked in for several hours so are offline. I expect almost all of them to be fixed up by next week. If anyone else runs into this, once you enable ERMM, the command line is: eRmm.exe start activation --key abc-123-def-456-ghi Replace with your key. I liked this option as it didn't require the user do anything, and didn't require us giving out our key. Remember to disable ermm again afterwards if you don't use it for 3rd party integration to prevent a security risk.
  7. We have a handful of computers that refuse to activate, not sure why. The vast majority of our machines are activated fine, but we haven't found any pattern to the ones that won't. These were all machines activated on EES 6.5-6.6, and we upgraded them to v7. After upgrading, they report they are not activated on the client end. In ESMC, they do not show up in "non-activated security product" filter in computers. If I open the details of a computer that is affected, ESMC shows green checkmark and "everything is fine", however there is no license key attached to the client, see screenshot 1. If we create an activation job, pick our license, and target the machine, the job tried to run next time the client checks in, but it fails, see screenshot 2. I've setup some brand new computers and they all activate fine, so it's not a general activation issue, just affecting a handful of machines. I can't find any more detailed logs on the ESMC end to see why it's failing. We have plenty of seats available on our key. Found these lines in clients trace logs: 2018-09-17 11:48:49 Error: CReplicationModule [Thread 1ab4]: InitializeConnection: Initiating replication connection to 'host: "eset.xxxxxxx.xxx" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "eset.xxxxxxx.xxx" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: OS Error, and error details: 2018-09-17 11:48:49 Warning: CReplicationModule [Thread 1ab4]: InitializeConnection: Not possible to establish any connection (Attempts: 1) 2018-09-17 11:48:49 Error: CReplicationModule [Thread 1ab4]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current) 2018-09-17 11:48:49 Error: CReplicationModule [Thread 1ab4]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "eset.xxxxxxx.xxx" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "eset.xxxxxxx.xxx" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: OS Error, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: eset.xxxxxxx.xxx:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 356af7a2-24c8-42d7-ac8e-061bb6fe9e5c, Sent logs: 0, Cached static objects: 71, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] 2018-09-17 14:58:49 Error: CReplicationModule [Thread 1ab4]: SendRequestAndHandleResponse: Rpc message response AUTHENTICATION_FAILURE (Token status: TOKEN_INVALID) -> Request new session token and resend replication request 2018-09-17 14:58:50 Warning: CReplicationModule [Thread 1ab4]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet) Thoughts?
  8. I did a bit more testing on my end. Tried restarting apache, did not help. Restarted ESMC service, agents reporting back in again. Will talk to support on Monday, should be broken again by then.
  9. Talked to ESET support today, they made a new agent check-in policy for every 20 minutes (we had it at 10), will see if it helps. Also earlier today when I generated the logs, I got the same "Deadline Exceeded", message jimmy reported for last synchronization.
  10. This issue has re-occured for us, many of our machines not reporting in Since Aug 30, but a bunch are still reporting in. Tried installing on a brand new computer and it's not reported in so far. Will open a case with ESET.
  11. I think I am having the same issue. About a week ago, I upgraded the ESET ERA 6 server to the new ESMC 7, that went fine, clients continued to check in. It was an in place upgrade on Windows server 2016. On Aug 24, I upgraded the agents on all my Windows servers and most of the workstations (both in office and remote), using the ESMC component upgrade tool. Didn't push any endpoint upgrades as of yet, just agent. Today I looked in ESMC, and I see only 1 of my servers is still reporting to ESMC, and less than half of my workstations reporting.. All the others stopped on Aug27, around 9:20pm local time. I looked at task execution histories and don't see anything happening on the 27th. No windows patches were pushed out that day, and this is in 2 different sites. I ran agent diagnostic logs on one of the windows servers, and no errors reported there. It shows a last authentication with todays date, but in ESMC it shows Aug27 for this machine. Last authentication 2018-Aug-30 12:13:14 Enrollment OK Peer certificate 2018-Aug-30 12:13:08 OK Agent peer certificate with subject 'CN=Agent certificate for host *,---removed---' issued by 'CN=Server Certification Authority, C=US' with serial number '---removed---' is and will be valid in 30 days Product 2018-Aug-30 12:13:03 Product install configuration: Product type: Agent Product version: 7.0.553.0 Product locale: en_US Replication security 2018-Aug-30 12:13:15 OK Remote host: ---eset.removed--- Remote product: Server I tried uninstalling agent on one of the windows servers, and it got stuck at stopping the service. Windows services console showed it as "stopping", and still was 10 minutes later. Killed it by PID, and it restarted but still didn't report in. At this point, I decided to reboot the ESMC server, and now it appears I have all my servers and clients starting to report in. So not sure what would cause ESMC to glitch in such a way that some clients still were recorded at reporting in, but others weren't. I'll monitor and see if the issue re-occurs.
  12. I want to make a report to show me computer names, with device model# and serial#. I'm on ERA 6.5 (same issue was in 6.4). I create a new report template, select the serial#, model#, and computer name fields, and generate the report. No filters are specified. Each time I've tried this, I get no results. I've looked at individual computers, and they have serial# and model# fields populated. Anything obvious I can check that I may be missing?
  13. I'll add in we had the exact same errors on our system (different IP's obviously). Client machines were intermittently getting through to the Admin server (6.3.136). My own workstation for example last connected at 8:25am today, and it's now 3pm. The logs on my machine were full of the "Error: CReplicationManager: Replication (network) connection to 'host: "eset.mydomain.com" port: 2222' failed with: The connection will be closed due to timeout" The IP was resolving properly too. On the server side there were lots of errors like: Error: NetworkModule [Thread 9f4]: Container not found. Socket connection was probably closed., ResolvedIpAddress:10.2.14.239, ResolvedHostname:10.2.14.239, ResolvedPort:62303 and Warning: NetworkModule [Thread c68]: The connection will be closed due to timeout. Resolved endpoint is NULL Did a repair install using the newest MSI and now it seems to be fixed.
  14. Hi all, It seems on the newest Windows 10 official build (10586) with the current build of EES (6.2.2033), there is an issue with the network connection not working on the computer after installing EES, until a reboot. EES install completes ok, and network disconnects as normal when the firewall driver is installed, but it never comes back unless you reboot. EES also lists an error initializing the firewall. Once we reboot, all is well, but we can't push out this update if it's going to break everyones internet connection until reboot. We don't have many computers on Win10 or this build specifically yet, but it will be more common soon. Is this a known issue? If so, any ETA on a fix? The machines I am testing this on have never had EES on them, they are fresh installs on a "clean" Windows to install.
  15. OK thanks. Is there any way to get the server to accept that alternate certificate as well? Like if I import it into trusted root on the server? Or will I also have to switch the server certificate in server settings (which would then block all the other users?)
×
×
  • Create New...