Hi,
I've deployed ERA6 Linux appliance, it's hostname is BUSRV-ESET1.
It's connected to our domain, I can login as a domain user, and browse domain groups (though only in LDAP mode for some reason, AD mode gives error).
If I deploy the agent, it works fine. Users computers report in. However they are looking to connect to busrv-eset1.domain.lan, which only works from inside the building.
I'd prefer they connect to antivirus.domain.org. I've got internal DNS setup to point to the IP of the appliance, and external DNS setup to an external IP which is then NAT'd to that internal IP.
When I first tried to deploy an agent with this new server name, I put the antivirus.domain.org in as the server name. However while the deploy task showed as complete, the workstations never report in. I ran the diagnostics.exe app in the agent folder on the client, and in the log I can see it doesn't like that the server hostname (BUSRV-ESET1) is different than what the agent is asking for (antivirus.domain.org).
So I created new server and agent certificates, and added both BUSRV-ESET1 and antivirus.domain.org into the server name field on each. I made that new server certificate the active one, and then made a new deploy task using the new agent certificate.
However I am still having the same issue, the log file says that the name doesn't match.
Here is how the certificate looks:
DESCRIPTION
ISSUER
CN=Server Certification Authority;C=US;
PRODUCT
server
SUBJECT
CN=Server certificate for host BUSRV-ESET1,antivirus.domain.org;OU=IT;O=MYORG;L=MyCity;S=ON;C=CA;
HOST
BUSRV-ESET1,antivirus.domain.org
And the log file from the agent shows:
2015-02-19 04:46:42 Error: CAgentSecurityModule [Thread b74]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1)
2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222
2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-02-19 04:46:42 Error: CReplicationModule [Thread be8]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-02-19 04:47:36 Error: CAgentSecurityModule [Thread e10]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1)
2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222
2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-02-19 04:47:36 Error: CReplicationModule [Thread e08]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
Any thoughts on what is going on?