Jump to content

GreenEnvy22

Members
  • Content Count

    25
  • Joined

  • Last visited

  • Days Won

    1

GreenEnvy22 last won the day on March 20 2015

GreenEnvy22 had the most liked content!

Profile Information

  • Location
    Canada

Recent Profile Visitors

683 profile views
  1. That didn't work with the cert that specified the server name, but it did work with the wildcard cert (just *) I've since gone back and edited the policy to use the wildcard, and it seems to be working now. Is there a known issue with using the hostname in the cert?
  2. We've been getting notices that our peer certificates were going to expire soon (next week), so today I created a new server cert, and a new agent cert, in ESMC. The server cert I assigned in server settings, rebooted the VM (windows PC), and that looks like it's working fine. Both used the built in ESET Cert authority, which is still valid for 5 years. The certs are setup for hostname eset.mydomain.com, I also tried just leaving them as *, but neither worked. For agent cert, duplicated our existing agent policy, and setup the change of certificate there. The existing agent policy did not have a certificate specified at all, as clients got this info from the config.ini during installation, or it was just pushed to them from ESMC. I then assigned this new policy to a couple of test machines. Each of them reports in one more time, and I can see they now are assigned the new cert in ESMC, however they are no longer reporting into ESMC. I also tried creating an agent live installer, and installed agent from the batch file, but the agent is never able to connect. In their agent logs, I see messages like: 2020-07-15 14:33:12 Error: AuthenticationModule [Thread 2ee8]: DeviceEnrollmentCommand execution failed with: Request: Era.Common.Services.Authentication.RPCEnrollmentRequest on connection: host: "eset.mydomain.com" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: 2020-07-15 14:33:12 Warning: CReplicationModule [Thread 23bc]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet) 2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: InitializeConnection: Initiating replication connection to 'host: "eset.mydomain.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time 2020-07-15 14:33:12 Warning: CReplicationModule [Thread 23bc]: InitializeConnection: Not possible to establish any connection (Attempts: 1) 2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current) 2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "eset.mydomain.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in timeReplication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (OUT_OF_ORDER), Connection: eset.mydomain.com:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 356af7a2-24c8-42d7-ac8e-061bb6fe9e5c, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] I've tried rebooting the client machines, but it didn't help. Any thoughts on what is going wrong?
  3. Description: Support LDAP or RADIUS login for ESMC Administrators Detail: We'd love to see ESMC support the ability to login via LDAP or RADIUS, instead of just active directory and local users. We want to enable 2FA/MFA to protect ESMC, but trying to avoid the sprawl of apps needed on our phones, with every vendor pushing their own app for MFA. If LDAP or Radius were supported for logging into ESMC, it would open up the option for lots of other MFA services to work, like DUO.
×
×
  • Create New...