GreenEnvy22

Thats good, except now we need to keep 2 admin servers, ERA6 has issues managing Endpoint 5.x clients.

I'm adding my voice in here. We will not be renewing our ESET license unless a way to create a single package is brought back. We have missionaries scattered all over the planet, many of which have horrible internet, and are in timezones 6-12 hours away from us. We've always made a single install package for them so they can download it when they have internet and install onto the various computers they have in their offices. I suppose we could write some batch file that would install the agent and then install endpoint security, but they'd have to deal with license errors until we got them activated on our end. Someone at ESET needs to think long and hard about their decisions.

Hi, I've deployed ERA6 Linux appliance, it's hostname is BUSRV-ESET1. It's connected to our domain, I can login as a domain user, and browse domain groups (though only in LDAP mode for some reason, AD mode gives error). If I deploy the agent, it works fine. Users computers report in. However they are looking to connect to busrv-eset1.domain.lan, which only works from inside the building. I'd prefer they connect to antivirus.domain.org. I've got internal DNS setup to point to the IP of the appliance, and external DNS setup to an external IP which is then NAT'd to that internal IP. When I first tried to deploy an agent with this new server name, I put the antivirus.domain.org in as the server name. However while the deploy task showed as complete, the workstations never report in. I ran the diagnostics.exe app in the agent folder on the client, and in the log I can see it doesn't like that the server hostname (BUSRV-ESET1) is different than what the agent is asking for (antivirus.domain.org). So I created new server and agent certificates, and added both BUSRV-ESET1 and antivirus.domain.org into the server name field on each. I made that new server certificate the active one, and then made a new deploy task using the new agent certificate. However I am still having the same issue, the log file says that the name doesn't match. Here is how the certificate looks: DESCRIPTION ISSUER CN=Server Certification Authority;C=US; PRODUCT server SUBJECT CN=Server certificate for host BUSRV-ESET1,antivirus.domain.org;OU=IT;O=MYORG;L=MyCity;S=ON;C=CA; HOST BUSRV-ESET1,antivirus.domain.org And the log file from the agent shows: 2015-02-19 04:46:42 Error: CAgentSecurityModule [Thread b74]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1) 2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222 2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-02-19 04:46:42 Error: CReplicationModule [Thread be8]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-02-19 04:47:36 Error: CAgentSecurityModule [Thread e10]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1) 2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222 2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-02-19 04:47:36 Error: CReplicationModule [Thread e08]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. Any thoughts on what is going on?

Hi all, I believe it's possible for ERA 6 to manage ESET 5.x users, judging by the documentation for ERA6. I'd like to know if this is possible without having to make any changes on the 5.x clients. On a test machine running ERA5, I uninstalled ERA5 and installed ERA6. None of the ESET endpoint 5.x clients are reporting into the ERA6 server. If I deploy the management agent to the 5.x machines I can manage them, but for our production side this will be a problem, as we have clients in a bunch of sites around the world with dodgy internet, and communicating with them to get them to deploy the management agent will be an issue. Any way of getting the 5.x clients to report in? Otherwise I'll need to run two servers in parallel until we can get everyone swapped over.